Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/_rluX7mpfMRhXZj9rKuIhirt-jI.roa
File:                     _rluX7mpfMRhXZj9rKuIhirt-jI.roa (raw, json)
Hash identifier:          OnXgoJdOOZ0FbyI9ZEGZnMcIvoPK21mQ/8QVKvuIyl4=
Subject key identifier:   FE:B9:6E:5F:B9:A9:7C:C4:61:5D:98:FD:AC:AB:88:86:2A:ED:FA:32
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF345D6C00148520581623F34B48A0
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/_rluX7mpfMRhXZj9rKuIhirt-jI.roa
Signing time:             Tue 02 Jan 2024 06:32:00 +0000
ROA not before:           Tue 02 Jan 2024 06:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209514
IP address blocks:        147.234.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:34:5d:6c:00:14:85:20:58:16:23:f3:4b:48:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=feb96e5fb9a97cc4615d98fdacab88862aedfa32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:db:83:bf:ed:0d:ea:65:0d:19:1d:52:aa:72:
                    42:1f:db:02:b1:56:4d:7d:6b:6e:5d:08:2a:b3:0e:
                    72:c8:5b:aa:bb:5c:c4:03:52:01:cc:8c:29:e9:9b:
                    44:ee:d0:62:40:b1:b4:09:a5:b3:32:a8:55:33:1c:
                    b3:f3:32:8a:55:c6:01:00:e7:63:01:c2:b1:63:bb:
                    22:fe:3a:ee:09:58:36:67:25:67:60:58:2a:e6:ee:
                    25:bd:12:7a:73:21:4c:be:0c:ed:34:aa:7e:f7:54:
                    b4:4e:87:5e:74:6f:02:a7:d9:54:99:6e:de:b7:47:
                    d5:d3:10:3b:29:55:f9:a2:13:1a:88:56:61:61:c9:
                    8e:c0:c5:8d:0c:02:1d:36:be:01:04:c9:b8:81:df:
                    66:56:40:45:32:6b:28:30:0f:ce:f3:cc:1d:cc:94:
                    48:54:a3:ce:08:df:95:34:a8:4a:2d:70:fb:f0:0a:
                    94:53:6c:d0:0d:d8:16:3b:fb:07:ce:40:6b:20:62:
                    13:3d:4a:63:13:21:4a:74:17:35:3b:2f:8d:db:f9:
                    85:90:5e:3c:4a:a3:76:07:e8:c4:bb:ea:6e:af:01:
                    dc:53:a2:e2:dc:1d:5c:c0:fa:6b:aa:9b:2c:7b:1b:
                    84:73:f0:85:c1:53:2b:2e:37:24:d1:b5:e1:24:94:
                    25:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B9:6E:5F:B9:A9:7C:C4:61:5D:98:FD:AC:AB:88:86:2A:ED:FA:32
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/_rluX7mpfMRhXZj9rKuIhirt-jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:a0:12:ca:f4:85:9a:93:97:a1:17:65:62:46:23:bf:fe:ae:
         16:0d:59:3e:6c:f6:4c:95:fa:75:28:79:fd:35:52:f9:f8:7b:
         7f:c0:33:46:da:09:a7:eb:32:96:c6:13:2f:e8:ab:12:a0:2d:
         29:2c:5b:b6:79:dd:70:82:2a:0a:35:b0:c3:93:4e:71:3a:3a:
         5a:c1:7a:b3:4c:6a:53:e1:05:c3:16:13:a6:be:05:ed:13:82:
         e6:92:93:08:09:79:4a:b9:4e:01:22:32:ce:03:80:52:e8:fe:
         92:92:d4:5f:b3:d1:21:39:15:5e:63:8a:7b:c8:65:66:5f:34:
         f3:10:b0:a7:57:db:b9:96:bd:e1:49:fb:b1:65:29:d9:a9:49:
         ec:af:83:4f:7c:68:b8:d9:86:db:10:ef:c4:de:a1:fb:af:87:
         2d:15:bd:2c:16:e5:10:bd:f1:1e:a0:a5:c3:16:5c:eb:ae:f6:
         c7:70:68:92:ce:1d:46:bb:75:c8:b8:31:cc:4e:e9:19:9d:19:
         66:bc:f3:63:36:d2:3a:e0:ca:e5:34:a2:10:f5:da:6d:9f:70:
         a8:73:8c:6f:68:d5:a6:3b:34:0f:03:29:05:b0:56:6b:cf:a1:
         cf:f3:a9:77:26:94:77:1c:3f:2b:58:79:87:b0:b4:31:77:91:
         31:11:67:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zRdbAAUhSBYFiPzS0igMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWI5NmU1ZmI5YTk3Y2M0NjE1ZDk4ZmRhY2FiODg4NjJhZWRmYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNuDv+0N6mUNGR1SqnJCH9sCsVZN
fWtuXQgqsw5yyFuqu1zEA1IBzIwp6ZtE7tBiQLG0CaWzMqhVMxyz8zKKVcYBAOdj
AcKxY7si/jruCVg2ZyVnYFgq5u4lvRJ6cyFMvgztNKp+91S0TodedG8Cp9lUmW7e
t0fV0xA7KVX5ohMaiFZhYcmOwMWNDAIdNr4BBMm4gd9mVkBFMmsoMA/O88wdzJRI
VKPOCN+VNKhKLXD78AqUU2zQDdgWO/sHzkBrIGITPUpjEyFKdBc1Oy+N2/mFkF48
SqN2B+jEu+purwHcU6Li3B1cwPprqpssexuEc/CFwVMrLjck0bXhJJQlZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP65bl+5qXzEYV2Y/ayriIYq7foyMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvX3JsdVg3bXBmTVJoWFpqOXJLdUloaXJ0LWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+opMA0G
CSqGSIb3DQEBCwUAA4IBAQDEoBLK9IWak5ehF2ViRiO//q4WDVk+bPZMlfp1KHn9
NVL5+Ht/wDNG2gmn6zKWxhMv6KsSoC0pLFu2ed1wgioKNbDDk05xOjpawXqzTGpT
4QXDFhOmvgXtE4LmkpMICXlKuU4BIjLOA4BS6P6SktRfs9EhORVeY4p7yGVmXzTz
ELCnV9u5lr3hSfuxZSnZqUnsr4NPfGi42YbbEO/E3qH7r4ctFb0sFuUQvfEeoKXD
FlzrrvbHcGiSzh1Gu3XIuDHMTukZnRlmvPNjNtI64MrlNKIQ9dptn3Coc4xvaNWm
OzQPAykFsFZrz6HP86l3JpR3HD8rWHmHsLQxd5ExEWcA
-----END CERTIFICATE-----
Generated at Tue May 28 23:32:02 2024 by rpki-client on console-ams.rpki-client.org