Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/UqhlvWkaBHpdMA2X5mK7PYvr73g.roa
File:                     UqhlvWkaBHpdMA2X5mK7PYvr73g.roa (raw, json)
Hash identifier:          3LF7DHKsmKIBhvNWwdxzesF61GnLC1OyzURk24kyRrY=
Subject key identifier:   52:A8:65:BD:69:1A:04:7A:5D:30:0D:97:E6:62:BB:3D:8B:EB:EF:78
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       018CC94CA6879BAC1992C78EF6A58301D3D5
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/UqhlvWkaBHpdMA2X5mK7PYvr73g.roa
Signing time:             Tue 02 Jan 2024 08:31:32 +0000
ROA not before:           Tue 02 Jan 2024 08:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206446
IP address blocks:        213.137.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a6:87:9b:ac:19:92:c7:8e:f6:a5:83:01:d3:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Jan  2 08:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52a865bd691a047a5d300d97e662bb3d8bebef78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a6:be:20:82:6c:6e:09:e3:ea:88:75:c7:25:
                    90:ec:2d:86:4b:b0:f0:e7:11:82:1b:66:65:e3:7f:
                    6c:3b:db:33:7e:4a:78:5f:aa:d5:cc:34:91:0e:70:
                    e6:83:04:42:12:c6:3e:28:1b:e8:e9:b1:d4:da:1f:
                    9e:2e:b0:5f:a7:37:c0:cc:9c:e5:4d:a7:a5:13:98:
                    bb:48:1f:48:ed:bc:06:b8:b0:2e:8d:ba:ee:12:b7:
                    5e:8d:a0:59:1d:84:5a:70:c5:63:1f:69:e7:d1:43:
                    d0:48:d2:7b:7d:6f:49:1b:65:c7:5d:00:9a:d0:45:
                    cd:5f:ac:82:30:cd:27:1b:c9:68:41:b4:d1:8f:08:
                    ba:89:c6:6d:79:3d:8e:d5:e1:de:9b:a0:25:fd:ef:
                    5b:38:67:09:cb:2f:e4:d0:a8:68:92:00:9c:ea:d8:
                    b1:b0:1d:62:ef:48:07:c1:7c:ee:cb:4b:68:b1:6f:
                    43:6c:af:55:26:c9:7d:a3:d3:db:42:c1:f5:b7:66:
                    82:86:2e:ed:c3:ff:10:d9:09:dc:99:df:61:92:95:
                    e7:ae:44:d8:8b:0c:1c:d1:2f:d8:2f:fe:9f:99:dd:
                    82:de:f8:00:a4:4c:4c:68:f2:f9:3a:20:95:c7:2a:
                    1e:1b:42:ea:7d:60:b6:27:17:24:f1:36:f2:23:c4:
                    dd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:A8:65:BD:69:1A:04:7A:5D:30:0D:97:E6:62:BB:3D:8B:EB:EF:78
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/UqhlvWkaBHpdMA2X5mK7PYvr73g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:7d:b5:aa:be:80:75:1a:ed:65:f8:f5:a9:11:c1:0c:9b:09:
         3b:2c:19:a4:dc:83:8e:e9:73:57:8a:e2:a1:14:43:cc:64:a3:
         7d:cf:a9:ce:88:71:e0:6b:a0:a8:ca:0a:72:1b:5f:17:af:70:
         f7:73:06:3d:14:a6:61:6c:90:cf:53:91:75:54:0c:69:53:a0:
         34:a7:ec:bf:e0:25:ff:c6:9d:20:3f:57:61:e7:f4:f8:d6:c7:
         78:c8:f1:17:80:5c:c8:0a:be:ff:de:03:92:b4:bb:cb:06:e1:
         4b:a5:1e:f6:f4:97:34:35:40:9b:36:a3:12:a9:5e:4e:e5:9a:
         e9:8e:4c:a0:49:77:92:ba:65:67:92:06:41:74:82:3d:9e:22:
         06:57:ce:54:5c:28:c9:87:a6:ea:de:9d:c3:89:68:02:59:ba:
         7f:cd:b5:81:c0:ff:7b:d0:06:c4:35:e9:90:2d:3d:60:82:7d:
         bc:1f:98:7f:62:c6:ff:1e:a9:e1:d9:ac:98:8a:de:18:68:c7:
         96:bc:4b:dd:61:13:d5:a3:ac:d5:68:0c:80:ba:32:bd:ef:6e:
         96:65:54:40:90:1e:0e:42:27:25:f3:b3:20:0d:a5:94:79:a9:
         17:ae:b9:fa:53:67:8c:c9:27:8e:df:97:3e:c3:47:ef:df:db:
         88:81:66:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKaHm6wZkseO9qWDAdPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQwMTAyMDgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmE4NjViZDY5MWEwNDdhNWQzMDBkOTdlNjYyYmIzZDhiZWJlZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqa+IIJsbgnj6oh1xyWQ7C2GS7Dw
5xGCG2Zl439sO9szfkp4X6rVzDSRDnDmgwRCEsY+KBvo6bHU2h+eLrBfpzfAzJzl
TaelE5i7SB9I7bwGuLAujbruErdejaBZHYRacMVjH2nn0UPQSNJ7fW9JG2XHXQCa
0EXNX6yCMM0nG8loQbTRjwi6icZteT2O1eHem6Al/e9bOGcJyy/k0KhokgCc6tix
sB1i70gHwXzuy0tosW9DbK9VJsl9o9PbQsH1t2aChi7tw/8Q2Qncmd9hkpXnrkTY
iwwc0S/YL/6fmd2C3vgApExMaPL5OiCVxyoeG0LqfWC2Jxck8TbyI8TdTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKoZb1pGgR6XTANl+Ziuz2L6+94MB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvVXFobHZXa2FCSHBkTUEyWDVtSzdQWXZyNzNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1YlUMA0G
CSqGSIb3DQEBCwUAA4IBAQBXfbWqvoB1Gu1l+PWpEcEMmwk7LBmk3IOO6XNXiuKh
FEPMZKN9z6nOiHHga6CoygpyG18Xr3D3cwY9FKZhbJDPU5F1VAxpU6A0p+y/4CX/
xp0gP1dh5/T41sd4yPEXgFzICr7/3gOStLvLBuFLpR729Jc0NUCbNqMSqV5O5Zrp
jkygSXeSumVnkgZBdII9niIGV85UXCjJh6bq3p3DiWgCWbp/zbWBwP970AbENemQ
LT1ggn28H5h/Ysb/Hqnh2ayYit4YaMeWvEvdYRPVo6zVaAyAujK9726WZVRAkB4O
Qicl87MgDaWUeakXrrn6U2eMySeO35c+w0fv39uIgWbL
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:54:39 2024 by rpki-client on console-ams.rpki-client.org