Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/QnOqy9Suw5lBQpKVHhITObvabCA.roa
File:                     QnOqy9Suw5lBQpKVHhITObvabCA.roa (raw, json)
Hash identifier:          KG35b5ujsdrNXP5YtWj+zBoKoYGR/RUAvaiAUYJrWNc=
Subject key identifier:   42:73:AA:CB:D4:AE:C3:99:41:42:92:95:1E:12:13:39:BB:DA:6C:20
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       0193083AF3A5DC546630726F6026468DD27A
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/QnOqy9Suw5lBQpKVHhITObvabCA.roa
Signing time:             Thu 07 Nov 2024 20:05:01 +0000
ROA not before:           Thu 07 Nov 2024 20:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214697
IP address blocks:        94.228.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:08:3a:f3:a5:dc:54:66:30:72:6f:60:26:46:8d:d2:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Nov  7 20:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4273aacbd4aec399414292951e121339bbda6c20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:81:fe:53:de:a5:56:bf:90:97:d0:22:27:af:
                    ba:78:36:86:b5:71:90:87:a5:8a:45:8e:a1:ff:1d:
                    1f:40:8d:27:54:ed:e7:85:3d:ca:a7:82:aa:3c:1c:
                    57:a2:4c:51:28:dc:aa:bc:46:64:20:d2:f5:90:0c:
                    53:e4:7f:45:e8:10:42:a0:73:f6:d8:57:7a:c5:bb:
                    9c:6f:87:3d:0f:3e:dc:2a:cf:50:28:05:2f:6b:70:
                    0e:b1:f5:5a:a8:f3:23:06:09:0f:19:fc:86:4a:97:
                    8f:dc:bd:64:bb:42:4e:10:45:dc:9d:77:c7:7d:eb:
                    f6:37:f6:55:ed:58:94:e0:39:60:99:dc:12:9b:78:
                    37:9f:e0:62:8e:6d:29:42:6c:20:94:b4:ad:65:12:
                    6b:ff:18:06:c1:e9:e1:e6:b5:3f:fa:3b:76:06:61:
                    eb:c0:8d:25:95:17:3a:d2:63:d7:ff:2e:cc:5e:1c:
                    71:f9:e2:73:98:28:87:d8:d7:25:7b:01:58:82:5b:
                    48:ac:da:66:d6:d6:51:f6:27:93:9a:ff:76:7f:73:
                    be:db:73:d2:ea:12:28:d1:98:90:38:59:8d:7a:a6:
                    6d:23:a7:58:35:17:f5:b1:72:21:a4:4a:13:f7:e7:
                    aa:0f:ca:b2:77:0a:9e:2a:94:cc:d4:bb:53:48:49:
                    9e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:73:AA:CB:D4:AE:C3:99:41:42:92:95:1E:12:13:39:BB:DA:6C:20
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/QnOqy9Suw5lBQpKVHhITObvabCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:98:cc:ff:61:ad:ee:4b:fc:3a:27:02:6b:c0:be:3f:04:f1:
         65:1e:e9:86:94:b9:02:d9:69:bb:fa:ef:55:af:2d:1c:b8:b4:
         46:6f:da:ba:63:c1:02:8a:4f:08:ce:62:ac:33:31:b3:62:7b:
         75:70:2f:e9:bb:55:17:cf:de:d1:49:f4:c2:5c:5a:7d:12:da:
         b0:32:f4:bf:f3:93:f3:a7:60:3b:06:b8:df:9e:b0:5e:63:80:
         1c:11:ea:66:7c:de:df:05:4a:22:96:76:3b:93:b8:6c:2a:22:
         ec:2c:21:2f:4f:70:dc:3e:e2:d3:30:80:9d:f5:d3:68:33:a2:
         bb:07:70:f3:90:56:8f:51:a6:ca:3d:69:9a:f5:cd:24:3a:17:
         11:0e:d3:fa:76:1d:58:9d:ee:ab:5e:2b:80:ac:2b:17:98:e2:
         da:f1:bc:f8:3c:ca:32:61:c1:38:96:5b:14:bd:58:8b:71:fe:
         00:0f:d7:87:f5:43:e5:be:2c:a0:28:85:25:ac:6b:76:a2:cd:
         3c:9d:42:23:89:5a:12:6a:5a:d5:60:54:eb:28:92:fb:f0:4b:
         1d:ca:d7:8b:69:53:55:b0:9b:1c:3a:eb:c7:5e:6a:a9:60:4b:
         67:9a:f1:f0:fb:55:90:44:8a:ac:1e:e0:3a:75:24:7f:16:2a:
         cd:c2:a0:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMIOvOl3FRmMHJvYCZGjdJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQxMTA3MjAwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjczYWFjYmQ0YWVjMzk5NDE0MjkyOTUxZTEyMTMzOWJiZGE2YzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IH+U96lVr+Ql9AiJ6+6eDaGtXGQ
h6WKRY6h/x0fQI0nVO3nhT3Kp4KqPBxXokxRKNyqvEZkINL1kAxT5H9F6BBCoHP2
2Fd6xbucb4c9Dz7cKs9QKAUva3AOsfVaqPMjBgkPGfyGSpeP3L1ku0JOEEXcnXfH
fev2N/ZV7ViU4DlgmdwSm3g3n+Bijm0pQmwglLStZRJr/xgGwenh5rU/+jt2BmHr
wI0llRc60mPX/y7MXhxx+eJzmCiH2NclewFYgltIrNpm1tZR9ieTmv92f3O+23PS
6hIo0ZiQOFmNeqZtI6dYNRf1sXIhpEoT9+eqD8qydwqeKpTM1LtTSEmenQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJzqsvUrsOZQUKSlR4SEzm72mwgMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvUW5PcXk5U3V3NWxCUXBLVkhoSVRPYnZhYkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuSmMA0G
CSqGSIb3DQEBCwUAA4IBAQAfmMz/Ya3uS/w6JwJrwL4/BPFlHumGlLkC2Wm7+u9V
ry0cuLRGb9q6Y8ECik8IzmKsMzGzYnt1cC/pu1UXz97RSfTCXFp9EtqwMvS/85Pz
p2A7BrjfnrBeY4AcEepmfN7fBUoilnY7k7hsKiLsLCEvT3DcPuLTMICd9dNoM6K7
B3DzkFaPUabKPWma9c0kOhcRDtP6dh1Yne6rXiuArCsXmOLa8bz4PMoyYcE4llsU
vViLcf4AD9eH9UPlviygKIUlrGt2os08nUIjiVoSalrVYFTrKJL78EsdyteLaVNV
sJscOuvHXmqpYEtnmvHw+1WQRIqsHuA6dSR/FirNwqDI
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:50:22 2024 by rpki-client on console-ams.rpki-client.org