Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d01a91-a3ab-4e08-9564-a51aa23a8fdd/1/UDKXckzYWOs7Q5nhEaY2A1ExX5s.roa
File:                     UDKXckzYWOs7Q5nhEaY2A1ExX5s.roa (raw, json)
Hash identifier:          gp4o2WQBQuC+GnlyGHX4WOM+ZAsaOkQBwswLbfJS8N8=
Subject key identifier:   50:32:97:72:4C:D8:58:EB:3B:43:99:E1:11:A6:36:03:51:31:5F:9B
Certificate issuer:       /CN=86df1259b3aa1de34d13d1d863178864d9d185cb
Certificate serial:       018CC26D300D3C3C4645423AE32D62EC0646
Authority key identifier: 86:DF:12:59:B3:AA:1D:E3:4D:13:D1:D8:63:17:88:64:D9:D1:85:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ht8SWbOqHeNNE9HYYxeIZNnRhcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/d01a91-a3ab-4e08-9564-a51aa23a8fdd/1/UDKXckzYWOs7Q5nhEaY2A1ExX5s.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394201
IP address blocks:        109.235.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/d01a91-a3ab-4e08-9564-a51aa23a8fdd/1/ht8SWbOqHeNNE9HYYxeIZNnRhcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/d01a91-a3ab-4e08-9564-a51aa23a8fdd/1/ht8SWbOqHeNNE9HYYxeIZNnRhcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ht8SWbOqHeNNE9HYYxeIZNnRhcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 19:04:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:30:0d:3c:3c:46:45:42:3a:e3:2d:62:ec:06:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86df1259b3aa1de34d13d1d863178864d9d185cb
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=503297724cd858eb3b4399e111a6360351315f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:15:55:a0:c1:11:a6:c7:db:b1:c9:60:a8:e7:
                    7a:04:ca:cb:e5:a2:8f:e6:96:1b:55:22:7a:a2:d6:
                    2d:8e:eb:61:ca:1c:f3:41:de:41:a6:e7:74:ab:3b:
                    0f:e5:4c:88:6c:e5:39:f4:6f:53:18:8c:45:be:b7:
                    b5:ef:59:12:e7:12:5d:ea:ba:ca:7f:c2:98:d8:70:
                    ce:0c:26:bf:0c:64:ba:8c:9d:3d:17:06:15:96:d9:
                    7a:6b:8b:f1:73:e0:d1:47:3d:b7:93:d9:7e:ef:d6:
                    f5:7f:c0:c6:26:95:01:02:62:10:56:01:ee:bc:f8:
                    6a:1c:14:75:89:59:60:c2:9d:f6:31:09:f3:42:90:
                    58:c6:be:5d:52:c7:ab:4d:61:22:6c:35:c4:26:75:
                    cd:a3:7f:8b:5c:5f:38:64:7b:60:74:0c:e7:69:95:
                    42:13:f3:51:a9:45:30:17:54:08:4e:e6:09:ed:17:
                    b8:90:0e:db:2a:9a:18:e0:2d:a1:bf:95:31:6f:a8:
                    12:d5:70:5d:87:45:94:64:62:a8:a9:33:01:0a:37:
                    ae:4a:45:72:9b:73:86:21:8a:81:54:aa:c2:29:52:
                    67:34:85:8c:a7:4c:d1:02:55:e4:80:c9:29:5c:5c:
                    60:71:c2:b1:7e:3e:69:03:ec:18:41:39:51:b7:ed:
                    bd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:32:97:72:4C:D8:58:EB:3B:43:99:E1:11:A6:36:03:51:31:5F:9B
            X509v3 Authority Key Identifier:
                keyid:86:DF:12:59:B3:AA:1D:E3:4D:13:D1:D8:63:17:88:64:D9:D1:85:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ht8SWbOqHeNNE9HYYxeIZNnRhcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d01a91-a3ab-4e08-9564-a51aa23a8fdd/1/UDKXckzYWOs7Q5nhEaY2A1ExX5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d01a91-a3ab-4e08-9564-a51aa23a8fdd/1/ht8SWbOqHeNNE9HYYxeIZNnRhcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:82:8e:09:e1:57:9e:33:22:1a:cb:b4:11:7c:45:5c:b2:ee:
         a6:b4:f5:fd:bf:29:8e:b8:8b:b2:2b:ef:c3:05:82:0c:7e:ed:
         10:71:da:63:67:ac:4e:2a:95:f3:96:a1:21:5a:75:37:fe:37:
         24:96:13:fa:96:2a:f5:63:dc:b6:71:6d:35:b6:45:c5:bf:55:
         88:21:ca:a4:18:93:e9:13:22:08:a2:af:f2:19:d3:a4:ca:1d:
         2c:1d:bb:70:93:17:a1:cc:4b:03:57:ba:d3:a5:df:e9:87:bb:
         f9:b0:7c:02:91:e0:c1:5c:82:b4:bc:3c:1e:96:17:ae:db:e4:
         bf:3f:dc:86:83:3d:d1:38:a6:61:52:aa:d2:1d:86:cc:2c:35:
         28:6b:79:62:bd:51:8c:5e:1a:2b:4d:1d:1d:84:bf:32:50:72:
         6c:68:86:05:2a:29:3c:2d:9b:57:b0:98:d8:63:43:35:9b:58:
         3f:22:66:e8:11:22:95:89:67:a3:5d:d6:dc:bd:c1:2b:78:5f:
         3a:f7:a1:72:d0:1e:b4:21:07:1e:23:fb:81:bf:4e:8f:5e:3a:
         78:22:19:7c:43:f5:82:12:f7:8a:59:39:3c:e9:0b:34:57:17:
         98:74:af:04:a9:8e:2c:bb:f8:0f:43:27:71:8d:32:47:24:61:
         db:71:8e:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTANPDxGRUI64y1i7AZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZGYxMjU5YjNhYTFkZTM0ZDEzZDFkODYzMTc4ODY0ZDlk
MTg1Y2IwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDMyOTc3MjRjZDg1OGViM2I0Mzk5ZTExMWE2MzYwMzUxMzE1ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRVVoMERpsfbsclgqOd6BMrL5aKP
5pYbVSJ6otYtjuthyhzzQd5Bpud0qzsP5UyIbOU59G9TGIxFvre171kS5xJd6rrK
f8KY2HDODCa/DGS6jJ09FwYVltl6a4vxc+DRRz23k9l+79b1f8DGJpUBAmIQVgHu
vPhqHBR1iVlgwp32MQnzQpBYxr5dUserTWEibDXEJnXNo3+LXF84ZHtgdAznaZVC
E/NRqUUwF1QITuYJ7Re4kA7bKpoY4C2hv5Uxb6gS1XBdh0WUZGKoqTMBCjeuSkVy
m3OGIYqBVKrCKVJnNIWMp0zRAlXkgMkpXFxgccKxfj5pA+wYQTlRt+29KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAyl3JM2FjrO0OZ4RGmNgNRMV+bMB8GA1UdIwQY
MBaAFIbfElmzqh3jTRPR2GMXiGTZ0YXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHQ4U1diT3FIZU5ORTlIWVl4ZUlaTm5SaGNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kMDFhOTEtYTNhYi00ZTA4LTk1NjQt
YTUxYWEyM2E4ZmRkLzEvVURLWGNrellXT3M3UTVuaEVhWTJBMUV4WDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kMDFhOTEtYTNhYi00ZTA4LTk1NjQtYTUxYWEyM2E4ZmRk
LzEvaHQ4U1diT3FIZU5ORTlIWVl4ZUlaTm5SaGNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbetgMA0G
CSqGSIb3DQEBCwUAA4IBAQBhgo4J4VeeMyIay7QRfEVcsu6mtPX9vymOuIuyK+/D
BYIMfu0QcdpjZ6xOKpXzlqEhWnU3/jcklhP6lir1Y9y2cW01tkXFv1WIIcqkGJPp
EyIIoq/yGdOkyh0sHbtwkxehzEsDV7rTpd/ph7v5sHwCkeDBXIK0vDwelheu2+S/
P9yGgz3ROKZhUqrSHYbMLDUoa3livVGMXhorTR0dhL8yUHJsaIYFKik8LZtXsJjY
Y0M1m1g/ImboESKViWejXdbcvcEreF8696Fy0B60IQceI/uBv06PXjp4Ihl8Q/WC
EveKWTk86Qs0VxeYdK8EqY4su/gPQydxjTJHJGHbcY6N
-----END CERTIFICATE-----
Generated at Tue May 7 00:28:36 2024 by rpki-client on console-fra.rpki-client.org