Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/BQPQCwjzBEuctmuFIjdf3WOHbfc.roa
File:                     BQPQCwjzBEuctmuFIjdf3WOHbfc.roa (raw, json)
Hash identifier:          kcijbCnm84Jmm/2r99tUc3oyKs3FG8MW9PnwKfOWqMM=
Subject key identifier:   05:03:D0:0B:08:F3:04:4B:9C:B6:6B:85:22:37:5F:DD:63:87:6D:F7
Certificate issuer:       /CN=a9a815be7547eb870eb5f641d30fe6963741c8e0
Certificate serial:       018CC3B69EFF5E5DC4E0C29424ED516A0045
Authority key identifier: A9:A8:15:BE:75:47:EB:87:0E:B5:F6:41:D3:0F:E6:96:37:41:C8:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qagVvnVH64cOtfZB0w_mljdByOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/BQPQCwjzBEuctmuFIjdf3WOHbfc.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44156
IP address blocks:        79.99.96.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/qagVvnVH64cOtfZB0w_mljdByOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/qagVvnVH64cOtfZB0w_mljdByOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qagVvnVH64cOtfZB0w_mljdByOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9e:ff:5e:5d:c4:e0:c2:94:24:ed:51:6a:00:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9a815be7547eb870eb5f641d30fe6963741c8e0
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0503d00b08f3044b9cb66b8522375fdd63876df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ac:48:3a:9d:5f:b7:37:6b:01:84:59:1f:1d:
                    e4:fe:6b:9f:51:e9:11:7d:9c:9c:86:68:af:2e:1c:
                    a3:af:9d:ef:13:30:34:76:51:a2:75:dc:6f:9f:3e:
                    2b:86:d2:12:5d:20:a0:24:e9:1a:ba:6d:4f:88:1e:
                    10:74:06:d8:5c:bd:a3:cc:6c:25:75:69:f8:39:dc:
                    5e:6c:75:4b:0c:0e:23:00:48:e2:2e:1f:1a:00:1f:
                    46:15:10:5b:e0:2e:30:6c:be:cb:3a:2c:99:92:c7:
                    fb:06:72:99:1a:d7:75:e4:57:f6:90:d6:0b:ab:a6:
                    c1:bd:e1:ce:8e:3b:0e:98:c0:34:9f:ae:63:25:1c:
                    14:e5:25:8d:e6:9b:96:73:ef:10:25:c7:fb:97:66:
                    7c:00:65:6f:f0:28:7e:4a:f3:20:aa:05:ee:59:6e:
                    dd:16:10:5d:b7:f1:a3:03:f6:e3:7a:3a:51:be:98:
                    74:2e:e5:b6:79:63:62:ae:c6:0c:65:1a:a0:55:b4:
                    86:11:37:f5:05:2e:4a:5c:c3:4b:03:ca:2e:01:4f:
                    cc:1e:16:e6:ab:9d:7e:ef:cf:5c:a5:f8:ea:41:5a:
                    b5:12:bc:6e:d1:90:ab:73:fe:7b:d5:a0:45:b6:62:
                    8f:4f:a8:96:8f:b2:20:aa:0d:ef:43:80:31:53:ee:
                    d1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:03:D0:0B:08:F3:04:4B:9C:B6:6B:85:22:37:5F:DD:63:87:6D:F7
            X509v3 Authority Key Identifier:
                keyid:A9:A8:15:BE:75:47:EB:87:0E:B5:F6:41:D3:0F:E6:96:37:41:C8:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qagVvnVH64cOtfZB0w_mljdByOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/BQPQCwjzBEuctmuFIjdf3WOHbfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/qagVvnVH64cOtfZB0w_mljdByOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bd:ba:4f:92:e8:50:7e:30:73:6a:59:0e:9f:ce:38:92:9f:e2:
         21:6f:79:49:6a:bd:f2:ea:ea:09:4c:bf:1a:b5:60:f4:cf:ad:
         e7:85:1c:dd:63:9b:f8:22:87:6b:62:31:5c:53:e6:de:ae:ff:
         35:0c:d6:3f:8d:67:3b:30:7d:21:29:d2:6b:7d:cc:b1:14:a7:
         18:0f:2c:5b:cf:75:b0:57:a3:da:45:b6:a9:ff:c8:59:45:f3:
         1c:63:72:e9:ee:6b:5d:74:3a:ac:d3:41:91:18:60:9e:97:13:
         0e:8c:d6:45:f3:09:f1:dc:81:7b:a8:24:3d:ab:dd:ac:8d:11:
         db:30:ec:aa:e8:27:39:23:4e:a0:7b:05:fc:ba:25:11:60:dd:
         29:c3:e6:72:c5:26:45:07:7d:2b:f9:b6:8c:be:1c:b8:29:88:
         d6:4a:dd:ff:fc:47:72:fd:c7:6a:eb:ed:72:39:f4:b2:e0:18:
         78:a3:88:c6:b5:e6:44:d4:21:22:ac:94:8d:71:26:ed:c0:07:
         a9:51:55:4f:25:9f:13:f3:32:eb:fc:58:2d:56:d1:ef:4c:1b:
         c0:36:43:05:2d:e7:08:f0:24:c1:80:6a:1f:4d:dc:64:e0:60:
         71:60:06:0b:21:fd:f6:b2:90:47:3c:23:fa:14:39:e1:5e:02:
         6c:33:6e:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtp7/Xl3E4MKUJO1RagBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YTgxNWJlNzU0N2ViODcwZWI1ZjY0MWQzMGZlNjk2Mzc0
MWM4ZTAwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTAzZDAwYjA4ZjMwNDRiOWNiNjZiODUyMjM3NWZkZDYzODc2ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKxIOp1ftzdrAYRZHx3k/mufUekR
fZychmivLhyjr53vEzA0dlGiddxvnz4rhtISXSCgJOkaum1PiB4QdAbYXL2jzGwl
dWn4OdxebHVLDA4jAEjiLh8aAB9GFRBb4C4wbL7LOiyZksf7BnKZGtd15Ff2kNYL
q6bBveHOjjsOmMA0n65jJRwU5SWN5puWc+8QJcf7l2Z8AGVv8Ch+SvMgqgXuWW7d
FhBdt/GjA/bjejpRvph0LuW2eWNirsYMZRqgVbSGETf1BS5KXMNLA8ouAU/MHhbm
q51+789cpfjqQVq1Erxu0ZCrc/571aBFtmKPT6iWj7Igqg3vQ4AxU+7R4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUD0AsI8wRLnLZrhSI3X91jh233MB8GA1UdIwQY
MBaAFKmoFb51R+uHDrX2QdMP5pY3QcjgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFnVnZuVkg2NGNPdGZaQjB3X21samRCeU9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZTNmM2UtZTE4Ny00YTEyLWFhOWEt
MjQzYzVmNGUyZTQwLzEvQlFQUUN3anpCRXVjdG11RklqZGYzV09IYmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZTNmM2UtZTE4Ny00YTEyLWFhOWEtMjQzYzVmNGUyZTQw
LzEvcWFnVnZuVkg2NGNPdGZaQjB3X21samRCeU9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDT2NgMA0G
CSqGSIb3DQEBCwUAA4IBAQC9uk+S6FB+MHNqWQ6fzjiSn+Ihb3lJar3y6uoJTL8a
tWD0z63nhRzdY5v4IodrYjFcU+berv81DNY/jWc7MH0hKdJrfcyxFKcYDyxbz3Ww
V6PaRbap/8hZRfMcY3Lp7mtddDqs00GRGGCelxMOjNZF8wnx3IF7qCQ9q92sjRHb
MOyq6Cc5I06gewX8uiURYN0pw+ZyxSZFB30r+baMvhy4KYjWSt3//Edy/cdq6+1y
OfSy4Bh4o4jGteZE1CEirJSNcSbtwAepUVVPJZ8T8zLr/FgtVtHvTBvANkMFLecI
8CTBgGofTdxk4GBxYAYLIf32spBHPCP6FDnhXgJsM26z
-----END CERTIFICATE-----
Generated at Mon Jun 17 12:19:59 2024 by rpki-client on console-ams.rpki-client.org