Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/2UA0HjsmXhkjk6QHehUQpJo6mNI.roa
File:                     2UA0HjsmXhkjk6QHehUQpJo6mNI.roa (raw, json)
Hash identifier:          IYYNHouvbG0MB6dfMCaFn1U3+l5bEevfblx0a/YtTEk=
Subject key identifier:   D9:40:34:1E:3B:26:5E:19:23:93:A4:07:7A:15:10:A4:9A:3A:98:D2
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A4CF49B56B0ED1CECE71E206B5B0C
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/2UA0HjsmXhkjk6QHehUQpJo6mNI.roa
Signing time:             Tue 02 Jan 2024 12:33:38 +0000
ROA not before:           Tue 02 Jan 2024 12:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209002
IP address blocks:        146.120.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4c:f4:9b:56:b0:ed:1c:ec:e7:1e:20:6b:5b:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d940341e3b265e192393a4077a1510a49a3a98d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fd:17:55:59:ed:45:61:da:0d:ed:c5:a2:b4:
                    61:94:35:77:b8:63:71:10:77:f0:80:2f:74:84:29:
                    df:6f:20:e8:8d:fa:b8:6f:73:c7:f9:f4:5c:4d:7e:
                    5b:b4:32:6c:d9:4c:05:10:1d:bf:fc:02:04:00:21:
                    d5:4a:93:75:cd:1f:db:9a:4e:e0:20:84:7c:3e:6b:
                    33:31:a0:1b:82:20:de:78:fd:b9:bb:f0:a9:bf:92:
                    e7:d3:16:a9:a9:b5:69:60:34:d4:be:c3:15:5a:9f:
                    90:dc:aa:56:d5:11:46:49:9e:f3:81:82:f5:ed:f1:
                    38:a4:9d:61:f1:fd:de:e3:4f:81:e1:04:e9:1e:b2:
                    34:af:0d:ef:27:b9:aa:23:a7:f4:35:53:b0:f7:d2:
                    be:6d:b6:ba:86:98:10:12:6b:a9:d3:b7:32:a2:86:
                    6f:62:48:19:51:6e:9a:03:e9:e0:76:a7:68:1e:c6:
                    25:f6:40:10:0a:e1:f5:4d:50:5b:d0:c3:af:08:23:
                    d0:03:52:d9:46:21:39:9f:55:c0:45:c0:d5:f6:39:
                    55:c6:67:e0:1e:14:e8:f2:38:96:d3:11:b8:e2:f5:
                    01:18:1b:8e:f4:55:65:ad:2a:d9:ab:a3:57:a5:09:
                    92:f7:53:7a:aa:70:cc:64:98:10:d1:c8:8c:8f:ca:
                    fa:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:40:34:1E:3B:26:5E:19:23:93:A4:07:7A:15:10:A4:9A:3A:98:D2
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/2UA0HjsmXhkjk6QHehUQpJo6mNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d2:ae:f8:21:00:7a:73:d3:12:25:4a:17:b6:64:e5:95:72:
         d4:40:44:d5:10:22:21:50:ff:d8:64:7f:c1:12:f6:09:9b:23:
         f3:03:55:0d:03:4d:1b:c4:4c:07:b9:b4:5e:90:a2:b8:b2:dc:
         b9:3f:ae:45:92:b9:e6:34:0d:2c:33:b0:22:95:8c:d1:cd:33:
         de:5b:3a:bf:1c:06:06:de:92:9d:bf:4e:e3:e1:7c:f6:2a:73:
         60:67:7c:5c:b3:c1:36:8d:81:dc:e1:e0:63:44:51:35:bc:3a:
         e4:5d:42:7b:be:7b:a7:ab:4c:15:61:05:5b:d5:75:fe:d5:da:
         4a:aa:86:0a:ae:30:18:0f:3e:ea:80:ed:38:b0:d1:cf:8b:06:
         0e:05:c3:c7:f5:4f:39:16:ba:c1:34:47:81:98:ae:28:a5:ba:
         49:3c:ff:e3:ee:d7:4f:d8:01:ab:5c:03:5d:f4:73:68:f1:c3:
         28:c4:38:6b:45:b8:40:ed:da:9a:da:91:64:e5:df:56:2e:d6:
         da:c5:6d:86:f1:0c:0c:74:d4:d3:bf:c8:0e:57:30:56:b0:d3:
         12:ea:f0:89:ab:cb:f4:3d:43:b2:3a:b1:17:8b:99:7f:29:d9:
         d3:4a:a7:86:ec:eb:4d:d1:f9:5b:6f:d1:26:c2:26:f5:ba:44:
         28:b0:9c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkz0m1aw7Rzs5x4ga1sMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQwMzQxZTNiMjY1ZTE5MjM5M2E0MDc3YTE1MTBhNDlhM2E5OGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjP0XVVntRWHaDe3ForRhlDV3uGNx
EHfwgC90hCnfbyDojfq4b3PH+fRcTX5btDJs2UwFEB2//AIEACHVSpN1zR/bmk7g
IIR8PmszMaAbgiDeeP25u/Cpv5Ln0xapqbVpYDTUvsMVWp+Q3KpW1RFGSZ7zgYL1
7fE4pJ1h8f3e40+B4QTpHrI0rw3vJ7mqI6f0NVOw99K+bba6hpgQEmup07cyooZv
YkgZUW6aA+ngdqdoHsYl9kAQCuH1TVBb0MOvCCPQA1LZRiE5n1XARcDV9jlVxmfg
HhTo8jiW0xG44vUBGBuO9FVlrSrZq6NXpQmS91N6qnDMZJgQ0ciMj8r6JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlANB47Jl4ZI5OkB3oVEKSaOpjSMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvMlVBMEhqc21YaGtqazZRSGVoVVFwSm82bU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknhwMA0G
CSqGSIb3DQEBCwUAA4IBAQAK0q74IQB6c9MSJUoXtmTllXLUQETVECIhUP/YZH/B
EvYJmyPzA1UNA00bxEwHubRekKK4sty5P65FkrnmNA0sM7AilYzRzTPeWzq/HAYG
3pKdv07j4Xz2KnNgZ3xcs8E2jYHc4eBjRFE1vDrkXUJ7vnunq0wVYQVb1XX+1dpK
qoYKrjAYDz7qgO04sNHPiwYOBcPH9U85FrrBNEeBmK4opbpJPP/j7tdP2AGrXANd
9HNo8cMoxDhrRbhA7dqa2pFk5d9WLtbaxW2G8QwMdNTTv8gOVzBWsNMS6vCJq8v0
PUOyOrEXi5l/KdnTSqeG7OtN0flbb9Emwib1ukQosJzu
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:31:03 2024 by rpki-client on console-ams.rpki-client.org