Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/hy_1b1NJCNDdwSk6qUA7zmupsDU.roa
File:                     hy_1b1NJCNDdwSk6qUA7zmupsDU.roa (raw, json)
Hash identifier:          ZemzpfTUsAOGozkDsK1PXSllqCLrCu6z+gijezqdOGg=
Subject key identifier:   87:2F:F5:6F:53:49:08:D0:DD:C1:29:3A:A9:40:3B:CE:6B:A9:B0:35
Certificate issuer:       /CN=15d1ff6bec9fbcb89e950a3a01ef2d686f0e7a31
Certificate serial:       018CC795168485CA6FBD720AC67A786D5F98
Authority key identifier: 15:D1:FF:6B:EC:9F:BC:B8:9E:95:0A:3A:01:EF:2D:68:6F:0E:7A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/hy_1b1NJCNDdwSk6qUA7zmupsDU.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3225
IP address blocks:        185.150.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:16:84:85:ca:6f:bd:72:0a:c6:7a:78:6d:5f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15d1ff6bec9fbcb89e950a3a01ef2d686f0e7a31
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=872ff56f534908d0ddc1293aa9403bce6ba9b035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4e:2a:55:72:68:bc:0d:27:80:1a:eb:cd:f9:
                    7a:64:0c:4c:b6:ef:68:c8:b3:bf:74:af:f0:82:da:
                    45:c2:5c:e1:8e:08:84:a2:c7:8d:1d:2a:9e:e8:4b:
                    c4:28:21:33:09:34:39:fb:b7:9a:74:d0:34:d6:66:
                    d6:be:78:91:d7:34:4c:d9:45:f0:ec:cc:bf:e9:eb:
                    70:c7:63:8d:67:1f:fc:d1:29:85:58:e6:4d:29:70:
                    3a:38:95:74:98:b2:fa:9c:b4:ff:93:81:43:c9:56:
                    66:32:6b:82:66:a5:35:b8:b7:52:89:70:67:52:a1:
                    f7:0e:f0:54:4d:f1:98:7a:cf:7d:65:f6:7f:be:0a:
                    e5:65:41:3f:b5:e8:91:31:53:53:57:4e:ce:dd:f2:
                    25:95:45:96:1c:be:6d:35:7c:13:6a:be:be:5e:df:
                    78:0a:e4:cd:89:15:d6:67:55:b0:e6:a2:e5:e3:8e:
                    a5:40:6a:19:6d:16:96:48:31:49:4c:04:c2:52:24:
                    d4:54:c5:6c:01:1b:26:cb:25:a4:8d:96:68:27:a4:
                    3e:44:6a:54:ea:68:d9:75:af:ff:d7:60:d7:a4:d7:
                    85:44:da:e3:3f:a7:e0:f5:84:c6:21:31:67:d1:d4:
                    db:ae:10:64:8d:6d:7d:50:5c:99:6e:32:03:2c:c1:
                    69:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2F:F5:6F:53:49:08:D0:DD:C1:29:3A:A9:40:3B:CE:6B:A9:B0:35
            X509v3 Authority Key Identifier:
                keyid:15:D1:FF:6B:EC:9F:BC:B8:9E:95:0A:3A:01:EF:2D:68:6F:0E:7A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/hy_1b1NJCNDdwSk6qUA7zmupsDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:88:bf:81:85:49:6f:13:ed:2d:b6:6c:a9:98:69:ea:76:c0:
         36:c6:85:fb:62:6a:c9:da:7b:f3:67:f3:13:8f:39:ee:11:5d:
         65:42:43:06:30:73:e4:4f:a8:5f:6c:fb:cc:99:38:18:f3:3f:
         39:fd:1c:cc:a7:3b:1e:b8:3a:a8:54:ad:c4:54:2e:02:bb:ab:
         32:60:35:da:70:5a:31:bf:26:d3:5a:df:eb:79:05:2f:51:1f:
         5b:b8:19:bc:4a:5a:70:db:22:ed:20:8d:a2:c4:c6:01:ce:4f:
         1d:d8:86:ec:6e:df:57:c4:4c:2b:49:85:68:df:b5:de:3d:5c:
         2d:96:7a:51:76:c6:38:0d:d9:5d:a0:86:11:80:01:15:d7:36:
         05:0f:84:b5:0e:be:71:a9:40:6a:72:d9:2f:d6:8b:0a:04:b4:
         33:b2:08:66:4e:1b:cc:4b:96:7f:47:5b:b4:52:ad:a2:a2:03:
         e9:53:8e:de:69:7d:23:04:06:76:9d:97:2e:2c:23:05:17:42:
         13:0f:bd:62:3e:68:24:3c:ba:e7:77:a1:ef:2a:b2:c8:9b:f9:
         75:e4:f9:cc:aa:dd:aa:aa:9c:08:57:c3:50:3f:62:a9:a5:0b:
         d3:47:0e:9b:14:3b:de:73:7b:aa:6c:8c:5e:a7:52:b4:8f:49:
         72:73:6a:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRaEhcpvvXIKxnp4bV+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZDFmZjZiZWM5ZmJjYjg5ZTk1MGEzYTAxZWYyZDY4NmYw
ZTdhMzEwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJmZjU2ZjUzNDkwOGQwZGRjMTI5M2FhOTQwM2JjZTZiYTliMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg04qVXJovA0ngBrrzfl6ZAxMtu9o
yLO/dK/wgtpFwlzhjgiEoseNHSqe6EvEKCEzCTQ5+7eadNA01mbWvniR1zRM2UXw
7My/6etwx2ONZx/80SmFWOZNKXA6OJV0mLL6nLT/k4FDyVZmMmuCZqU1uLdSiXBn
UqH3DvBUTfGYes99ZfZ/vgrlZUE/teiRMVNTV07O3fIllUWWHL5tNXwTar6+Xt94
CuTNiRXWZ1Ww5qLl446lQGoZbRaWSDFJTATCUiTUVMVsARsmyyWkjZZoJ6Q+RGpU
6mjZda//12DXpNeFRNrjP6fg9YTGITFn0dTbrhBkjW19UFyZbjIDLMFpxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcv9W9TSQjQ3cEpOqlAO85rqbA1MB8GA1UdIwQY
MBaAFBXR/2vsn7y4npUKOgHvLWhvDnoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmRIX2EteWZ2TGllbFFvNkFlOHRhRzhPZWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9mNTAxZjYtMTcwMi00OGQzLTgwMjct
OTZiODY5MWY1MjYwLzEvaHlfMWIxTkpDTkRkd1NrNnFVQTd6bXVwc0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9mNTAxZjYtMTcwMi00OGQzLTgwMjctOTZiODY5MWY1MjYw
LzEvRmRIX2EteWZ2TGllbFFvNkFlOHRhRzhPZWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZbbMA0G
CSqGSIb3DQEBCwUAA4IBAQAUiL+BhUlvE+0ttmypmGnqdsA2xoX7YmrJ2nvzZ/MT
jznuEV1lQkMGMHPkT6hfbPvMmTgY8z85/RzMpzseuDqoVK3EVC4Cu6syYDXacFox
vybTWt/reQUvUR9buBm8Slpw2yLtII2ixMYBzk8d2Ibsbt9XxEwrSYVo37XePVwt
lnpRdsY4DdldoIYRgAEV1zYFD4S1Dr5xqUBqctkv1osKBLQzsghmThvMS5Z/R1u0
Uq2iogPpU47eaX0jBAZ2nZcuLCMFF0ITD71iPmgkPLrnd6HvKrLIm/l15PnMqt2q
qpwIV8NQP2KppQvTRw6bFDvec3uqbIxep1K0j0lyc2rZ
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:10:12 2024 by rpki-client on console-fra.rpki-client.org