Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/K-lpJ2fFe5K0L2P4pPMsy6pZhdY.roa
File:                     K-lpJ2fFe5K0L2P4pPMsy6pZhdY.roa (raw, json)
Hash identifier:          vcLqv6YLqwWrxOoe+Pf1eBS6ZJUmboVFBDgjWAR8Q4M=
Subject key identifier:   2B:E9:69:27:67:C5:7B:92:B4:2F:63:F8:A4:F3:2C:CB:AA:59:85:D6
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       018F3D89E0D6C16DC86A366E3AF3EE7FCEAF
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/K-lpJ2fFe5K0L2P4pPMsy6pZhdY.roa
Signing time:             Fri 03 May 2024 08:19:56 +0000
ROA not before:           Fri 03 May 2024 08:19:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214981
IP address blocks:        91.211.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:89:e0:d6:c1:6d:c8:6a:36:6e:3a:f3:ee:7f:ce:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: May  3 08:19:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2be9692767c57b92b42f63f8a4f32ccbaa5985d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:23:31:b2:1e:23:b9:ec:bc:da:6e:14:45:2b:
                    86:f3:b8:62:64:39:8c:dc:33:1a:9b:82:f5:94:50:
                    ac:15:8e:30:10:3a:74:4c:c0:cd:a0:d0:f9:2d:64:
                    2f:18:a1:fb:d5:a5:5c:83:00:3f:d8:2c:9b:b1:56:
                    ac:4c:ff:23:ef:61:53:5d:73:11:7f:2a:bb:78:2f:
                    fa:d7:09:6e:07:d0:da:bc:2d:59:4b:6b:fb:b2:4f:
                    43:6c:22:d8:cb:88:d2:27:5f:68:9b:a9:54:15:56:
                    74:2d:c7:4a:3d:80:12:4e:3c:40:55:78:78:9f:60:
                    61:02:ee:ae:dd:d7:54:e3:a7:a5:4c:a7:0e:7e:b6:
                    95:b3:b5:04:67:1a:ed:df:24:5b:94:45:10:b5:e7:
                    0c:1f:e4:f2:1f:64:c5:07:8c:42:5e:74:af:04:13:
                    fe:9a:cd:91:8d:53:2a:12:d8:98:f1:02:11:05:42:
                    a8:41:46:59:13:a8:04:68:4f:e2:a3:fe:b5:72:14:
                    d9:39:bc:4c:4d:dc:aa:b7:50:88:ae:11:5e:8f:37:
                    d9:f1:58:c6:98:6c:5b:40:8c:ed:74:e5:a3:19:4b:
                    e2:65:f0:68:69:fd:72:b4:a0:40:12:52:59:03:b6:
                    77:df:c8:f7:ca:b2:12:c7:2b:36:82:6a:2b:6c:6f:
                    0e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E9:69:27:67:C5:7B:92:B4:2F:63:F8:A4:F3:2C:CB:AA:59:85:D6
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/K-lpJ2fFe5K0L2P4pPMsy6pZhdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:1e:bc:b3:d7:8a:73:8a:a0:82:d1:a7:42:27:e2:ed:bd:99:
         da:6a:46:db:66:f7:2a:6b:af:d7:37:15:b7:58:f8:d5:d1:57:
         ef:40:a5:9a:b4:69:c8:ea:ab:d2:a0:a3:fb:69:d4:1d:83:f1:
         d3:23:a5:e8:49:f8:e9:88:ec:d6:02:6b:e8:3f:20:be:31:aa:
         3a:29:93:26:a1:d2:8d:c8:3c:a3:12:84:24:35:9a:a9:7a:9d:
         96:53:e1:4a:89:27:d1:0f:21:39:2d:8d:51:9d:94:dc:e9:e1:
         af:7b:a4:ba:f7:c3:f0:16:15:ea:84:21:43:c9:e5:55:88:a9:
         0c:b0:81:b3:b3:77:c0:aa:65:0c:20:61:60:ab:de:b0:be:c5:
         b2:2e:b1:b2:90:37:28:14:53:b2:20:24:5c:f5:f4:6d:d1:43:
         97:19:84:e5:8b:c2:8b:61:dd:0d:7c:39:06:9d:e4:ff:9c:08:
         02:71:78:3e:ae:e1:ab:5f:28:f6:79:bb:38:4a:0b:c6:de:c9:
         94:a0:5e:88:5e:44:bd:f5:60:79:83:ce:e8:74:b3:fa:59:cf:
         28:82:5d:26:b0:de:7d:f3:75:7d:29:28:38:9b:eb:bb:9d:3b:
         87:2a:b8:bc:85:1f:4f:32:a0:d3:b9:33:4b:b3:b1:d9:04:74:
         60:ac:dc:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY89ieDWwW3IajZuOvPuf86vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjQwNTAzMDgxOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmU5NjkyNzY3YzU3YjkyYjQyZjYzZjhhNGYzMmNjYmFhNTk4NWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCMxsh4juey82m4URSuG87hiZDmM
3DMam4L1lFCsFY4wEDp0TMDNoND5LWQvGKH71aVcgwA/2CybsVasTP8j72FTXXMR
fyq7eC/61wluB9DavC1ZS2v7sk9DbCLYy4jSJ19om6lUFVZ0LcdKPYASTjxAVXh4
n2BhAu6u3ddU46elTKcOfraVs7UEZxrt3yRblEUQtecMH+TyH2TFB4xCXnSvBBP+
ms2RjVMqEtiY8QIRBUKoQUZZE6gEaE/io/61chTZObxMTdyqt1CIrhFejzfZ8VjG
mGxbQIztdOWjGUviZfBoaf1ytKBAElJZA7Z338j3yrISxys2gmorbG8OcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvpaSdnxXuStC9j+KTzLMuqWYXWMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvSy1scEoyZkZlNUswTDJQNHBQTXN5NnBaaGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9N7MA0G
CSqGSIb3DQEBCwUAA4IBAQBzHryz14pziqCC0adCJ+LtvZnaakbbZvcqa6/XNxW3
WPjV0VfvQKWatGnI6qvSoKP7adQdg/HTI6XoSfjpiOzWAmvoPyC+Mao6KZMmodKN
yDyjEoQkNZqpep2WU+FKiSfRDyE5LY1RnZTc6eGve6S698PwFhXqhCFDyeVViKkM
sIGzs3fAqmUMIGFgq96wvsWyLrGykDcoFFOyICRc9fRt0UOXGYTli8KLYd0NfDkG
neT/nAgCcXg+ruGrXyj2ebs4SgvG3smUoF6IXkS99WB5g87odLP6Wc8ogl0msN59
83V9KSg4m+u7nTuHKri8hR9PMqDTuTNLs7HZBHRgrNyi
-----END CERTIFICATE-----
Generated at Sat Jun 1 20:35:17 2024 by rpki-client on console-fra.rpki-client.org