Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/FFe7UeE3XtmgSwOIOo2vr8Pp6GE.roa
File:                     FFe7UeE3XtmgSwOIOo2vr8Pp6GE.roa (raw, json)
Hash identifier:          d594oltg0F904G606PfeXavKMY1GMUS3pYcaF13dM9Y=
Subject key identifier:   14:57:BB:51:E1:37:5E:D9:A0:4B:03:88:3A:8D:AF:AF:C3:E9:E8:61
Certificate issuer:       /CN=faf64476ef3945b344ffee38da56caccc5d039b0
Certificate serial:       018CC727355ECAEA56214C46372C0FF35D18
Authority key identifier: FA:F6:44:76:EF:39:45:B3:44:FF:EE:38:DA:56:CA:CC:C5:D0:39:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-vZEdu85RbNE_-442lbKzMXQObA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/FFe7UeE3XtmgSwOIOo2vr8Pp6GE.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49103
IP address blocks:        185.57.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-vZEdu85RbNE_-442lbKzMXQObA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-vZEdu85RbNE_-442lbKzMXQObA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-vZEdu85RbNE_-442lbKzMXQObA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:35:5e:ca:ea:56:21:4c:46:37:2c:0f:f3:5d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faf64476ef3945b344ffee38da56caccc5d039b0
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1457bb51e1375ed9a04b03883a8dafafc3e9e861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:22:8f:3a:e4:94:e4:cd:7b:79:1e:32:89:3d:
                    80:2a:2d:1a:01:60:ed:46:08:f3:ea:26:38:38:02:
                    2e:be:8b:2c:33:6f:8f:10:7b:df:21:2c:ed:b9:f6:
                    94:9d:4a:05:22:9e:50:03:28:ee:f7:f7:c7:31:91:
                    4f:da:8f:fd:f1:ef:4c:b6:d3:aa:8e:16:79:ec:5c:
                    6c:99:e5:ad:d8:d9:0e:49:3d:60:bf:5b:39:e4:c3:
                    b9:1b:4e:67:8a:f4:77:a3:2c:7f:11:f0:b0:ab:13:
                    b7:4a:a6:33:46:87:26:89:22:ad:03:ca:f3:a3:b2:
                    21:02:cf:cd:20:4d:19:c1:f9:b2:70:db:3f:f8:5e:
                    cf:2b:4d:77:61:c5:ef:44:23:e8:d4:39:fa:89:ec:
                    14:3a:6d:66:a7:d0:bb:51:0c:a1:fc:51:9c:54:95:
                    25:68:85:9f:f6:4d:20:44:56:c5:0c:89:88:1f:0d:
                    6a:9b:da:bb:32:fb:e2:4e:1f:e7:72:73:db:96:1c:
                    c3:c3:d9:3f:86:4a:34:dd:13:ec:6c:00:f2:65:9b:
                    20:d4:77:55:ac:b6:b0:2b:21:20:27:71:0e:d3:1b:
                    9e:fc:36:02:be:cd:d1:4c:fb:40:e8:9c:05:00:cd:
                    3c:51:79:2d:64:a8:b6:04:cf:ae:ae:f2:ea:6e:bd:
                    c4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:57:BB:51:E1:37:5E:D9:A0:4B:03:88:3A:8D:AF:AF:C3:E9:E8:61
            X509v3 Authority Key Identifier:
                keyid:FA:F6:44:76:EF:39:45:B3:44:FF:EE:38:DA:56:CA:CC:C5:D0:39:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-vZEdu85RbNE_-442lbKzMXQObA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/FFe7UeE3XtmgSwOIOo2vr8Pp6GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-vZEdu85RbNE_-442lbKzMXQObA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:2e:e8:88:1c:a0:45:03:07:1a:9a:f4:54:78:ce:fb:12:22:
         d6:43:02:0b:ad:e6:ca:37:f0:60:7c:55:04:47:5a:ec:09:b3:
         58:e3:03:eb:cf:4f:8c:9b:26:d9:64:92:e4:a1:b9:ef:ea:02:
         56:09:cc:b5:12:17:78:aa:d7:40:65:d8:4f:fb:99:0f:0f:ae:
         77:e8:7f:22:ec:d8:25:91:02:0e:fa:bd:d5:bf:e5:3b:f5:3c:
         3a:b8:56:47:d6:52:eb:8d:08:14:81:9c:31:1d:35:00:9b:c2:
         0f:16:1b:96:7f:43:60:f7:cb:bb:38:13:a4:b0:fe:86:d4:b5:
         d6:d0:81:4e:0e:79:3a:61:bb:8a:18:96:be:5c:dd:79:01:86:
         e8:33:60:17:0a:01:09:74:fe:ce:cb:77:9b:88:ba:7d:8b:49:
         5a:d4:5a:2f:1f:ca:17:4d:7a:84:99:b3:64:88:80:b3:64:93:
         63:3c:13:b7:10:5a:41:e5:0a:85:fc:60:08:83:81:6f:3d:66:
         da:e7:14:48:45:8a:d2:8e:68:5b:cf:e8:74:b3:e9:08:fc:64:
         43:a0:fe:e1:f4:ee:ba:4e:9d:ff:0c:37:e9:3b:47:21:83:d0:
         72:ab:b9:0f:e9:21:6e:27:31:fb:f4:97:52:50:3f:ab:e3:92:
         c9:04:48:de
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJzVeyupWIUxGNywP810YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZjY0NDc2ZWYzOTQ1YjM0NGZmZWUzOGRhNTZjYWNjYzVk
MDM5YjAwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDU3YmI1MWUxMzc1ZWQ5YTA0YjAzODgzYThkYWZhZmMzZTllODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKPOuSU5M17eR4yiT2AKi0aAWDt
Rgjz6iY4OAIuvossM2+PEHvfISztufaUnUoFIp5QAyju9/fHMZFP2o/98e9MttOq
jhZ57FxsmeWt2NkOST1gv1s55MO5G05nivR3oyx/EfCwqxO3SqYzRocmiSKtA8rz
o7IhAs/NIE0ZwfmycNs/+F7PK013YcXvRCPo1Dn6iewUOm1mp9C7UQyh/FGcVJUl
aIWf9k0gRFbFDImIHw1qm9q7MvviTh/ncnPblhzDw9k/hko03RPsbADyZZsg1HdV
rLawKyEgJ3EO0xue/DYCvs3RTPtA6JwFAM08UXktZKi2BM+urvLqbr3EjQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBRXu1HhN17ZoEsDiDqNr6/D6ehhMB8GA1UdIwQY
MBaAFPr2RHbvOUWzRP/uONpWyszF0DmwMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS12WkVkdTg1UmJORV8tNDQybGJLek1YUU9iQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvNjdlMzZjLWNkNTUtNGI1OS1hYTEy
LTc0NDJmMGUyYmQxNy8xL0ZGZTdVZUUzWHRtZ1N3T0lPbzJ2cjhQcDZHRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTgvNjdlMzZjLWNkNTUtNGI1OS1hYTEyLTc0NDJmMGUyYmQx
Ny8xLzEtdlpFZHU4NVJiTkVfLTQ0MmxiS3pNWFFPYkEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK5OaQw
DQYJKoZIhvcNAQELBQADggEBAH8u6IgcoEUDBxqa9FR4zvsSItZDAgut5so38GB8
VQRHWuwJs1jjA+vPT4ybJtlkkuShue/qAlYJzLUSF3iq10Bl2E/7mQ8PrnfofyLs
2CWRAg76vdW/5Tv1PDq4VkfWUuuNCBSBnDEdNQCbwg8WG5Z/Q2D3y7s4E6Sw/obU
tdbQgU4OeTphu4oYlr5c3XkBhugzYBcKAQl0/s7Ld5uIun2LSVrUWi8fyhdNeoSZ
s2SIgLNkk2M8E7cQWkHlCoX8YAiDgW89ZtrnFEhFitKOaFvP6HSz6Qj8ZEOg/uH0
7rpOnf8MN+k7RyGD0HKruQ/pIW4nMfv0l1JQP6vjkskESN4=
-----END CERTIFICATE-----
Generated at Sun May 26 02:17:54 2024 by rpki-client on console-fra.rpki-client.org