Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/nichfFWXOE8MB5fu6NVdFi5teE0.roa
File:                     nichfFWXOE8MB5fu6NVdFi5teE0.roa (raw, json)
Hash identifier:          TUeW9WRPzCmVoslirFX2I6JmRWSoOGLm2XZu6925Ei0=
Subject key identifier:   9E:27:21:7C:55:97:38:4F:0C:07:97:EE:E8:D5:5D:16:2E:6D:78:4D
Certificate issuer:       /CN=a9a815be7547eb870eb5f641d30fe6963741c8e0
Certificate serial:       018CC3B69F302E0658EB67BA4335509AB999
Authority key identifier: A9:A8:15:BE:75:47:EB:87:0E:B5:F6:41:D3:0F:E6:96:37:41:C8:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qagVvnVH64cOtfZB0w_mljdByOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/nichfFWXOE8MB5fu6NVdFi5teE0.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44215
IP address blocks:        79.99.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/qagVvnVH64cOtfZB0w_mljdByOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/qagVvnVH64cOtfZB0w_mljdByOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qagVvnVH64cOtfZB0w_mljdByOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9f:30:2e:06:58:eb:67:ba:43:35:50:9a:b9:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9a815be7547eb870eb5f641d30fe6963741c8e0
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e27217c5597384f0c0797eee8d55d162e6d784d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1e:a1:df:29:86:c9:2b:3f:91:53:72:0f:5c:
                    64:39:7a:fe:da:3b:87:6d:79:3d:82:39:30:25:b0:
                    69:ee:92:2c:ea:f4:e4:4d:a4:1e:31:a9:90:e2:63:
                    b7:7a:e6:99:82:f2:ef:32:69:16:14:28:7e:4e:4d:
                    b2:36:07:f5:4f:df:52:35:a5:85:14:8b:0a:80:99:
                    db:26:9c:12:a5:00:5d:82:0b:3a:6c:7d:88:91:de:
                    b4:b9:5c:47:27:00:1d:99:e9:36:94:1c:6c:fd:9d:
                    f6:e0:6c:80:eb:51:89:c9:42:d7:62:1e:5c:ac:ab:
                    b0:74:e5:07:4b:d9:03:c3:61:32:de:d0:aa:90:31:
                    f1:00:fa:61:43:0f:94:9e:55:71:06:cf:b7:ad:38:
                    44:a2:86:72:65:a8:e5:19:82:69:62:f3:c1:5a:bb:
                    75:32:85:01:f4:44:09:0d:98:c3:31:9f:da:7e:8d:
                    35:7f:81:48:55:4a:57:07:9b:87:5e:51:42:fa:78:
                    de:3d:a3:b0:fe:14:66:0e:7c:5c:23:af:7f:64:9c:
                    70:71:af:15:94:ba:02:ea:c8:93:d6:eb:cf:44:5f:
                    0c:82:6a:00:97:73:18:c8:d0:dc:a7:fc:e4:56:33:
                    fa:78:bb:3f:f6:c2:e7:16:92:6c:1c:47:dc:c1:52:
                    61:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:27:21:7C:55:97:38:4F:0C:07:97:EE:E8:D5:5D:16:2E:6D:78:4D
            X509v3 Authority Key Identifier:
                keyid:A9:A8:15:BE:75:47:EB:87:0E:B5:F6:41:D3:0F:E6:96:37:41:C8:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qagVvnVH64cOtfZB0w_mljdByOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/nichfFWXOE8MB5fu6NVdFi5teE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fe3f3e-e187-4a12-aa9a-243c5f4e2e40/1/qagVvnVH64cOtfZB0w_mljdByOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:8d:76:dd:f6:78:86:46:bd:5b:54:3c:89:51:b3:31:05:4c:
         85:e5:b7:02:89:7d:5f:fd:8e:de:c4:6a:0f:23:1b:aa:60:4d:
         7e:de:bb:a4:4c:71:6c:09:37:06:27:66:9f:b4:c2:b5:f6:68:
         dc:7c:af:06:3d:e1:1a:f5:29:bf:6d:fe:78:46:ed:fd:07:91:
         68:62:a1:6a:19:49:ef:c9:48:d2:58:4d:4a:ff:93:25:42:29:
         c2:f8:a1:d9:e9:76:08:dd:a0:62:a0:d3:c5:a2:ac:9e:26:38:
         16:36:06:98:5f:92:82:c6:8b:c4:a2:44:31:7a:e7:a6:23:af:
         fe:dd:60:22:b6:be:e2:91:19:45:64:15:4c:b4:22:70:3c:85:
         39:ae:17:25:1b:e9:04:cf:33:d6:97:9a:a9:11:9e:4e:02:e1:
         b0:df:d0:57:28:a9:a3:4e:71:95:1e:c9:06:5c:54:45:61:71:
         ab:b2:88:2e:cc:8d:fc:2b:5b:92:5d:55:28:c8:0f:50:bd:ab:
         08:06:72:80:86:9c:0e:57:a7:f1:06:4f:5d:77:cc:04:e8:c5:
         4e:91:40:c8:46:eb:94:48:6d:87:ce:2d:2c:5a:62:fb:b9:16:
         28:bc:e8:44:54:a7:3b:41:bd:8e:0a:cd:f9:37:5a:f7:a0:02:
         d6:24:8a:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtp8wLgZY62e6QzVQmrmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YTgxNWJlNzU0N2ViODcwZWI1ZjY0MWQzMGZlNjk2Mzc0
MWM4ZTAwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTI3MjE3YzU1OTczODRmMGMwNzk3ZWVlOGQ1NWQxNjJlNmQ3ODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh6h3ymGySs/kVNyD1xkOXr+2juH
bXk9gjkwJbBp7pIs6vTkTaQeMamQ4mO3euaZgvLvMmkWFCh+Tk2yNgf1T99SNaWF
FIsKgJnbJpwSpQBdggs6bH2Ikd60uVxHJwAdmek2lBxs/Z324GyA61GJyULXYh5c
rKuwdOUHS9kDw2Ey3tCqkDHxAPphQw+UnlVxBs+3rThEooZyZajlGYJpYvPBWrt1
MoUB9EQJDZjDMZ/afo01f4FIVUpXB5uHXlFC+njePaOw/hRmDnxcI69/ZJxwca8V
lLoC6siT1uvPRF8MgmoAl3MYyNDcp/zkVjP6eLs/9sLnFpJsHEfcwVJhHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4nIXxVlzhPDAeX7ujVXRYubXhNMB8GA1UdIwQY
MBaAFKmoFb51R+uHDrX2QdMP5pY3QcjgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFnVnZuVkg2NGNPdGZaQjB3X21samRCeU9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZTNmM2UtZTE4Ny00YTEyLWFhOWEt
MjQzYzVmNGUyZTQwLzEvbmljaGZGV1hPRThNQjVmdTZOVmRGaTV0ZUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZTNmM2UtZTE4Ny00YTEyLWFhOWEtMjQzYzVmNGUyZTQw
LzEvcWFnVnZuVkg2NGNPdGZaQjB3X21samRCeU9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2NhMA0G
CSqGSIb3DQEBCwUAA4IBAQDcjXbd9niGRr1bVDyJUbMxBUyF5bcCiX1f/Y7exGoP
IxuqYE1+3rukTHFsCTcGJ2aftMK19mjcfK8GPeEa9Sm/bf54Ru39B5FoYqFqGUnv
yUjSWE1K/5MlQinC+KHZ6XYI3aBioNPFoqyeJjgWNgaYX5KCxovEokQxeuemI6/+
3WAitr7ikRlFZBVMtCJwPIU5rhclG+kEzzPWl5qpEZ5OAuGw39BXKKmjTnGVHskG
XFRFYXGrsoguzI38K1uSXVUoyA9QvasIBnKAhpwOV6fxBk9dd8wE6MVOkUDIRuuU
SG2Hzi0sWmL7uRYovOhEVKc7Qb2OCs35N1r3oALWJIr1
-----END CERTIFICATE-----
Generated at Sat Jun 1 16:50:43 2024 by rpki-client on console-ams.rpki-client.org