Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Xk9h07ZRibNpEhkT1JrEGVquK_Q.roa
File:                     Xk9h07ZRibNpEhkT1JrEGVquK_Q.roa (raw, json)
Hash identifier:          SARlN+R7nFJWLulNg5XQlAp18gu4pb3rAtH+d+MmR+g=
Subject key identifier:   5E:4F:61:D3:B6:51:89:B3:69:12:19:13:D4:9A:C4:19:5A:AE:2B:F4
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC795479C26C6BE0CC282627C73787231
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Xk9h07ZRibNpEhkT1JrEGVquK_Q.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35397
IP address blocks:        86.107.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:47:9c:26:c6:be:0c:c2:82:62:7c:73:78:72:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e4f61d3b65189b369121913d49ac4195aae2bf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9d:7c:75:00:87:58:da:7a:02:c3:69:4c:a5:
                    3b:51:83:80:7c:f8:bf:11:7e:48:18:ca:7c:48:f8:
                    35:40:aa:32:09:80:8f:a9:ff:91:22:69:1b:e5:1b:
                    8b:90:43:25:de:54:49:04:d1:03:67:4d:e5:38:5a:
                    9c:c6:45:1b:5c:ce:26:fc:7b:b2:a6:2c:7d:84:e1:
                    a9:04:4c:8b:ae:86:53:c2:88:76:ef:0f:d4:62:fe:
                    c9:5f:9a:3a:f0:d1:bc:7d:7d:b3:3f:43:51:1e:9c:
                    cf:dc:c5:0d:23:43:a1:87:06:52:8e:2a:81:dd:69:
                    06:0c:85:be:e8:38:28:a0:27:31:b2:2b:a9:1a:28:
                    22:e4:83:4c:71:a3:36:53:11:0f:27:47:20:5c:cd:
                    48:5a:c8:a7:1a:11:78:d2:62:d6:19:40:c3:23:ac:
                    cf:3f:a7:3d:9a:f6:8e:15:86:c8:42:81:cc:ed:59:
                    f3:21:4d:c8:3c:20:5b:77:ab:64:49:d3:f7:43:5a:
                    46:de:5f:74:f1:cc:65:58:47:65:99:ea:47:36:09:
                    18:03:2f:25:2a:a0:0a:e4:19:a9:9e:bc:f1:1d:9f:
                    51:5f:74:6d:15:38:9d:8e:08:49:ee:2d:a6:fd:e2:
                    ee:2a:a8:38:03:dc:33:ba:e9:c7:69:42:5f:42:e0:
                    b7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4F:61:D3:B6:51:89:B3:69:12:19:13:D4:9A:C4:19:5A:AE:2B:F4
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Xk9h07ZRibNpEhkT1JrEGVquK_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:7e:07:16:02:f8:77:b6:9a:17:83:78:89:b5:22:be:5c:c6:
         a6:79:42:17:fe:9b:20:e7:4e:ee:af:ef:a3:9b:e0:55:90:a1:
         b2:6c:14:a4:91:62:81:a4:56:07:f9:29:2a:2a:46:20:b8:f6:
         7a:bc:65:eb:25:1b:38:0b:8a:f2:d7:e8:d2:a2:85:bb:b7:68:
         8f:98:f2:58:1d:37:41:ee:03:68:71:1e:aa:93:37:0d:02:2a:
         da:ed:22:4c:c5:0c:c2:39:2a:96:f0:9d:de:54:9f:ff:0d:2c:
         d8:99:2d:b7:91:a1:f5:af:fb:75:a6:61:f4:d4:81:72:ec:24:
         8d:04:05:c1:55:e5:96:4f:b5:18:7e:bc:86:ed:f8:1f:8a:80:
         5f:ac:c7:6c:af:99:a7:5f:b5:72:5d:ef:f1:94:71:78:da:dd:
         67:8a:a5:5c:ca:0a:ce:c1:08:aa:cd:76:a4:d3:2e:22:cd:7f:
         dc:7e:b3:1a:49:af:47:7a:3e:9d:da:47:47:ec:23:f8:ec:37:
         b5:c4:c1:33:bc:a7:ce:63:db:87:2d:f5:8a:e4:ac:e6:9c:12:
         d9:23:56:cf:74:9d:63:de:de:b2:6a:55:36:ff:ee:48:52:0f:
         a8:72:c1:89:46:bc:e8:f1:99:4e:73:85:fb:c3:98:95:c0:53:
         20:7b:29:8e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUecJsa+DMKCYnxzeHIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRmNjFkM2I2NTE4OWIzNjkxMjE5MTNkNDlhYzQxOTVhYWUyYmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZ18dQCHWNp6AsNpTKU7UYOAfPi/
EX5IGMp8SPg1QKoyCYCPqf+RImkb5RuLkEMl3lRJBNEDZ03lOFqcxkUbXM4m/Huy
pix9hOGpBEyLroZTwoh27w/UYv7JX5o68NG8fX2zP0NRHpzP3MUNI0OhhwZSjiqB
3WkGDIW+6DgooCcxsiupGigi5INMcaM2UxEPJ0cgXM1IWsinGhF40mLWGUDDI6zP
P6c9mvaOFYbIQoHM7VnzIU3IPCBbd6tkSdP3Q1pG3l908cxlWEdlmepHNgkYAy8l
KqAK5BmpnrzxHZ9RX3RtFTidjghJ7i2m/eLuKqg4A9wzuunHaUJfQuC3pQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF5PYdO2UYmzaRIZE9SaxBlariv0MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1hrOWgwN1pSaWJOcEVoa1QxSnJFR1ZxdUtfUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWa/Aw
DQYJKoZIhvcNAQELBQADggEBAAt+BxYC+He2mheDeIm1Ir5cxqZ5Qhf+myDnTu6v
76Ob4FWQobJsFKSRYoGkVgf5KSoqRiC49nq8ZeslGzgLivLX6NKihbu3aI+Y8lgd
N0HuA2hxHqqTNw0CKtrtIkzFDMI5Kpbwnd5Un/8NLNiZLbeRofWv+3WmYfTUgXLs
JI0EBcFV5ZZPtRh+vIbt+B+KgF+sx2yvmadftXJd7/GUcXja3WeKpVzKCs7BCKrN
dqTTLiLNf9x+sxpJr0d6Pp3aR0fsI/jsN7XEwTO8p85j24ct9YrkrOacEtkjVs90
nWPe3rJqVTb/7khSD6hywYlGvOjxmU5zhfvDmJXAUyB7KY4=
-----END CERTIFICATE-----
Generated at Fri May 24 06:18:04 2024 by rpki-client on console-ams.rpki-client.org