Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/641aec-da38-4df3-8e71-f7fe3e473b12/1/rBL33DZxRYw_sutQsOkobjcTifA.roa
File:                     rBL33DZxRYw_sutQsOkobjcTifA.roa (raw, json)
Hash identifier:          bJi6cqjRuLwpvguptcQWLPa+3GgHCid+RphQG3Pxlfk=
Subject key identifier:   AC:12:F7:DC:36:71:45:8C:3F:B2:EB:50:B0:E9:28:6E:37:13:89:F0
Certificate issuer:       /CN=cda81fe95261904e941237ea4c7cec8f768b046d
Certificate serial:       018CC492FA8F00FBAEF6235BBC75D6EFA8B5
Authority key identifier: CD:A8:1F:E9:52:61:90:4E:94:12:37:EA:4C:7C:EC:8F:76:8B:04:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zagf6VJhkE6UEjfqTHzsj3aLBG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/641aec-da38-4df3-8e71-f7fe3e473b12/1/rBL33DZxRYw_sutQsOkobjcTifA.roa
Signing time:             Mon 01 Jan 2024 10:30:15 +0000
ROA not before:           Mon 01 Jan 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398464
IP address blocks:        193.111.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/641aec-da38-4df3-8e71-f7fe3e473b12/1/zagf6VJhkE6UEjfqTHzsj3aLBG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/641aec-da38-4df3-8e71-f7fe3e473b12/1/zagf6VJhkE6UEjfqTHzsj3aLBG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zagf6VJhkE6UEjfqTHzsj3aLBG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fa:8f:00:fb:ae:f6:23:5b:bc:75:d6:ef:a8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cda81fe95261904e941237ea4c7cec8f768b046d
        Validity
            Not Before: Jan  1 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac12f7dc3671458c3fb2eb50b0e9286e371389f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:5e:ad:8f:13:88:81:73:a4:83:e1:bd:8c:
                    7a:97:5c:c4:91:9a:04:f3:cd:49:fd:60:c6:94:55:
                    92:2e:6d:e5:0a:3a:1c:00:50:48:c6:71:a2:ce:d8:
                    e1:89:b4:1b:b2:06:03:fb:ff:25:39:95:cc:f8:73:
                    63:fb:db:39:a7:1f:55:40:21:f8:28:37:03:6a:75:
                    2f:22:3e:6b:48:39:3c:96:2e:84:b8:e8:ed:0e:de:
                    86:56:a4:1b:03:1c:46:e7:93:82:e8:d9:c0:90:62:
                    b2:26:37:d7:0f:af:bd:6a:a8:12:2c:cb:f3:23:98:
                    8e:d0:d5:94:d1:c2:15:16:72:82:84:3b:e0:d6:e4:
                    01:fa:6c:8d:b8:a9:99:b5:8f:a8:bd:6e:83:62:6d:
                    8b:64:a0:a3:6c:6b:96:df:3d:2e:9e:6b:ab:46:40:
                    4d:da:96:ef:66:5c:98:3d:50:78:d1:a5:81:a1:93:
                    40:4f:02:cf:ab:50:34:6f:a2:8f:9b:b1:40:0c:53:
                    66:4f:9f:2e:4c:bb:a6:dd:1e:3b:d2:66:a6:97:62:
                    ec:3d:b8:c5:99:c2:bb:6c:56:02:22:10:98:ff:60:
                    55:14:fc:87:2b:be:14:16:c5:11:13:08:45:e0:da:
                    fd:61:bf:17:00:fd:a7:a5:e2:80:4d:1c:0d:4b:2f:
                    fa:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:12:F7:DC:36:71:45:8C:3F:B2:EB:50:B0:E9:28:6E:37:13:89:F0
            X509v3 Authority Key Identifier:
                keyid:CD:A8:1F:E9:52:61:90:4E:94:12:37:EA:4C:7C:EC:8F:76:8B:04:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zagf6VJhkE6UEjfqTHzsj3aLBG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/641aec-da38-4df3-8e71-f7fe3e473b12/1/rBL33DZxRYw_sutQsOkobjcTifA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/641aec-da38-4df3-8e71-f7fe3e473b12/1/zagf6VJhkE6UEjfqTHzsj3aLBG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:5e:1d:fd:7d:a0:49:9e:2d:d6:aa:57:8a:b6:a3:c0:46:e8:
         22:0b:a0:10:0c:e1:81:aa:be:31:08:c0:31:93:95:d9:2f:61:
         1f:19:e3:3b:21:59:18:a5:c0:89:12:ee:ee:63:0c:b1:6e:90:
         d4:24:c6:91:88:77:51:d8:1f:78:3f:e0:81:40:56:31:99:d5:
         bf:b4:a5:9a:90:08:aa:39:8f:f2:e2:31:38:be:53:45:7d:cb:
         1a:b1:5c:b9:ac:81:76:44:32:1c:4a:1b:d4:83:1e:b0:3e:28:
         1a:3b:1e:d9:4d:1a:6d:2e:7d:aa:25:24:83:64:50:86:a7:5e:
         bd:f6:32:ad:1e:72:92:e3:b9:8f:41:78:fd:e1:71:f6:62:9d:
         1f:34:98:8c:87:45:b5:66:95:cc:06:71:a7:f4:62:f7:56:7b:
         97:ca:d6:9d:e5:73:17:50:fb:f3:f2:a3:65:1e:6d:7e:77:40:
         fb:d5:31:64:54:17:89:5a:0c:e7:a3:ce:9f:6d:46:fe:a3:23:
         65:12:30:c9:15:cf:9a:4f:f8:ff:31:92:a4:6c:33:93:d2:87:
         7e:90:f2:10:d3:19:3e:26:e4:bb:65:cc:c3:53:e1:ac:5b:c4:
         3c:ac:ff:5d:7c:fb:18:77:6c:d3:e4:e1:c5:b5:df:bd:cb:b8:
         c1:1c:ed:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvqPAPuu9iNbvHXW76i1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYTgxZmU5NTI2MTkwNGU5NDEyMzdlYTRjN2NlYzhmNzY4
YjA0NmQwHhcNMjQwMTAxMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzEyZjdkYzM2NzE0NThjM2ZiMmViNTBiMGU5Mjg2ZTM3MTM4OWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1VerY8TiIFzpIPhvYx6l1zEkZoE
881J/WDGlFWSLm3lCjocAFBIxnGiztjhibQbsgYD+/8lOZXM+HNj+9s5px9VQCH4
KDcDanUvIj5rSDk8li6EuOjtDt6GVqQbAxxG55OC6NnAkGKyJjfXD6+9aqgSLMvz
I5iO0NWU0cIVFnKChDvg1uQB+myNuKmZtY+ovW6DYm2LZKCjbGuW3z0unmurRkBN
2pbvZlyYPVB40aWBoZNATwLPq1A0b6KPm7FADFNmT58uTLum3R470maml2LsPbjF
mcK7bFYCIhCY/2BVFPyHK74UFsUREwhF4Nr9Yb8XAP2npeKATRwNSy/6KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwS99w2cUWMP7LrULDpKG43E4nwMB8GA1UdIwQY
MBaAFM2oH+lSYZBOlBI36kx87I92iwRtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFnZjZWSmhrRTZVRWpmcVRIenNqM2FMQkcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC82NDFhZWMtZGEzOC00ZGYzLThlNzEt
ZjdmZTNlNDczYjEyLzEvckJMMzNEWnhSWXdfc3V0UXNPa29iamNUaWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC82NDFhZWMtZGEzOC00ZGYzLThlNzEtZjdmZTNlNDczYjEy
LzEvemFnZjZWSmhrRTZVRWpmcVRIenNqM2FMQkcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW8oMA0G
CSqGSIb3DQEBCwUAA4IBAQAWXh39faBJni3WqleKtqPARugiC6AQDOGBqr4xCMAx
k5XZL2EfGeM7IVkYpcCJEu7uYwyxbpDUJMaRiHdR2B94P+CBQFYxmdW/tKWakAiq
OY/y4jE4vlNFfcsasVy5rIF2RDIcShvUgx6wPigaOx7ZTRptLn2qJSSDZFCGp169
9jKtHnKS47mPQXj94XH2Yp0fNJiMh0W1ZpXMBnGn9GL3VnuXytad5XMXUPvz8qNl
Hm1+d0D71TFkVBeJWgzno86fbUb+oyNlEjDJFc+aT/j/MZKkbDOT0od+kPIQ0xk+
JuS7ZczDU+GsW8Q8rP9dfPsYd2zT5OHFtd+9y7jBHO1J
-----END CERTIFICATE-----
Generated at Wed May 1 23:14:11 2024 by rpki-client on console-fra.rpki-client.org