Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZT896EkRNNObFfU6EypCIqv1i3E.roa
File:                     ZT896EkRNNObFfU6EypCIqv1i3E.roa (raw, json)
Hash identifier:          /T1ZYyRAQVvhoX/X3taljRq1XhOWY5qOtk0rAwXg24A=
Subject key identifier:   65:3F:3D:E8:49:11:34:D3:9B:15:F5:3A:13:2A:42:22:AB:F5:8B:71
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01930D021B03AB7E9D6F25EAB59E4855FF59
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZT896EkRNNObFfU6EypCIqv1i3E.roa
Signing time:             Fri 08 Nov 2024 18:21:02 +0000
ROA not before:           Fri 08 Nov 2024 18:21:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     148987
IP address blocks:        213.130.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0d:02:1b:03:ab:7e:9d:6f:25:ea:b5:9e:48:55:ff:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  8 18:21:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=653f3de8491134d39b15f53a132a4222abf58b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e7:1b:a2:f0:61:26:f0:68:ab:41:c3:ae:d3:
                    19:59:b0:6f:2c:eb:c2:e6:2c:74:c6:2e:11:d9:5a:
                    ef:1f:a4:86:e3:10:2e:c4:14:0b:96:50:bd:ac:67:
                    8c:3b:65:5a:61:9c:f0:ee:b7:7e:b0:38:6f:ba:6d:
                    c8:92:77:ad:c3:3d:26:5a:43:e1:c4:76:85:4b:2c:
                    fd:27:6d:f3:4e:d1:f9:cf:3b:ef:4b:1c:84:61:f6:
                    01:cd:7f:fa:a7:47:3c:3b:c5:8b:ff:b4:99:30:d5:
                    12:51:6b:cb:f3:9a:5c:98:69:d5:29:90:db:c3:bb:
                    83:65:07:3b:25:9f:ae:73:e1:7a:54:69:62:d9:3e:
                    8c:4b:ed:2b:6d:e5:25:ad:25:69:93:17:63:03:1c:
                    f2:96:ae:75:d7:d0:4f:1b:8f:de:ca:be:b6:9a:76:
                    13:dc:e1:0d:79:11:a9:6e:4c:9a:82:ac:bd:c3:f3:
                    b5:e5:1d:14:57:1d:bf:d7:43:01:26:03:1c:9e:9a:
                    cf:c8:01:f1:10:48:1f:39:fb:c7:5a:b0:b5:dd:f4:
                    e8:e6:b3:54:4b:b8:6c:3f:4d:cf:a2:f2:d1:05:1c:
                    6b:7e:13:06:cc:5f:49:7a:29:d6:a5:9d:30:97:a5:
                    13:fc:de:3d:11:06:f9:5f:70:c6:6b:6e:35:2e:f7:
                    84:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3F:3D:E8:49:11:34:D3:9B:15:F5:3A:13:2A:42:22:AB:F5:8B:71
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZT896EkRNNObFfU6EypCIqv1i3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:07:7a:7f:d4:ed:4a:eb:8c:73:df:fd:28:fb:2d:5d:5b:56:
         8b:84:01:7a:10:5d:81:ef:f0:4d:3e:11:44:8b:0d:23:bf:0f:
         f5:30:c8:95:10:fa:34:12:a4:f5:8e:f5:d7:8d:5b:64:94:a0:
         da:06:ba:92:e3:a3:82:2c:20:1e:2d:50:a5:05:5b:1d:1f:cb:
         7b:df:b4:78:85:12:e0:4e:e4:71:2e:bb:90:46:e2:14:32:39:
         31:26:b0:08:d4:3d:b8:f9:7e:90:cb:1e:b1:a3:6c:92:36:c0:
         a0:e5:98:04:e6:7d:77:05:63:32:c2:f5:1e:34:c3:e3:ff:0b:
         2b:42:bd:f1:36:19:9a:c1:fa:27:3d:17:fd:51:bf:ca:2c:f8:
         f3:39:fa:5e:c4:41:57:3a:64:79:6f:17:fc:15:14:95:77:30:
         cc:48:e4:b3:8a:f0:db:04:c5:9c:f5:fc:09:1c:00:3c:df:f7:
         a1:e3:f0:44:26:08:34:3a:3e:3b:95:a2:d8:05:ee:5c:be:7b:
         a2:30:ad:59:23:47:20:89:b2:24:2e:b1:a9:b6:0d:62:1a:90:
         bf:cc:16:e3:e9:a3:af:c3:5d:1b:f9:67:97:1f:1d:d1:56:18:
         79:68:db:99:59:34:2f:41:82:88:c4:aa:d5:b6:61:57:c5:3e:
         35:23:b4:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMNAhsDq36dbyXqtZ5IVf9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMTA4MTgyMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTNmM2RlODQ5MTEzNGQzOWIxNWY1M2ExMzJhNDIyMmFiZjU4YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+cbovBhJvBoq0HDrtMZWbBvLOvC
5ix0xi4R2VrvH6SG4xAuxBQLllC9rGeMO2VaYZzw7rd+sDhvum3Iknetwz0mWkPh
xHaFSyz9J23zTtH5zzvvSxyEYfYBzX/6p0c8O8WL/7SZMNUSUWvL85pcmGnVKZDb
w7uDZQc7JZ+uc+F6VGli2T6MS+0rbeUlrSVpkxdjAxzylq5119BPG4/eyr62mnYT
3OENeRGpbkyagqy9w/O15R0UVx2/10MBJgMcnprPyAHxEEgfOfvHWrC13fTo5rNU
S7hsP03PovLRBRxrfhMGzF9JeinWpZ0wl6UT/N49EQb5X3DGa241LveEIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGU/PehJETTTmxX1OhMqQiKr9YtxMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWlQ4OTZFa1JOTk9iRmZVNkV5cENJcXYxaTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKZMA0G
CSqGSIb3DQEBCwUAA4IBAQA3B3p/1O1K64xz3/0o+y1dW1aLhAF6EF2B7/BNPhFE
iw0jvw/1MMiVEPo0EqT1jvXXjVtklKDaBrqS46OCLCAeLVClBVsdH8t737R4hRLg
TuRxLruQRuIUMjkxJrAI1D24+X6Qyx6xo2ySNsCg5ZgE5n13BWMywvUeNMPj/wsr
Qr3xNhmawfonPRf9Ub/KLPjzOfpexEFXOmR5bxf8FRSVdzDMSOSzivDbBMWc9fwJ
HAA83/eh4/BEJgg0Oj47laLYBe5cvnuiMK1ZI0cgibIkLrGptg1iGpC/zBbj6aOv
w10b+WeXHx3RVhh5aNuZWTQvQYKIxKrVtmFXxT41I7Qp
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:54:23 2024 by rpki-client on console-ams.rpki-client.org