Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/28Zc-wSwotXRnLbQ0ROMGk5BRAQ.roa
File:                     28Zc-wSwotXRnLbQ0ROMGk5BRAQ.roa (raw, json)
Hash identifier:          CjD1aLpRIoyA7w6RM76yq4MP/4X41sulYAaZdry68kk=
Subject key identifier:   DB:C6:5C:FB:04:B0:A2:D5:D1:9C:B6:D0:D1:13:8C:1A:4E:41:44:04
Certificate issuer:       /CN=4568d0a7204560b6356d837bbf1510d9636df63a
Certificate serial:       019011CCD3796F22478140EAB7710E5C1522
Authority key identifier: 45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/28Zc-wSwotXRnLbQ0ROMGk5BRAQ.roa
Signing time:             Thu 13 Jun 2024 13:32:34 +0000
ROA not before:           Thu 13 Jun 2024 13:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203
IP address blocks:        80.245.208.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:cc:d3:79:6f:22:47:81:40:ea:b7:71:0e:5c:15:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4568d0a7204560b6356d837bbf1510d9636df63a
        Validity
            Not Before: Jun 13 13:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbc65cfb04b0a2d5d19cb6d0d1138c1a4e414404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:df:27:83:dd:aa:4e:46:2d:c3:d4:1f:66:e0:
                    d3:7a:83:30:05:98:4d:c7:29:0d:b5:45:3d:a2:2b:
                    ec:f2:47:a3:22:d3:0d:21:e4:5f:2c:46:b1:51:ac:
                    d1:2b:fc:09:2b:98:5e:5a:15:e3:df:0d:bc:c6:15:
                    31:b4:10:1b:63:05:ba:ea:4d:19:7f:09:85:af:87:
                    b8:90:2d:62:07:66:f7:d3:56:22:20:47:dc:c9:0e:
                    c9:ec:27:a1:75:c3:0d:db:39:45:8c:03:50:97:91:
                    4e:7a:2f:04:da:74:c4:da:e7:64:bb:70:8b:5a:fe:
                    a8:7f:6e:6d:fb:1a:d3:d0:f8:30:fe:bd:72:ef:2f:
                    dd:fc:10:f6:f5:6c:28:f5:f6:1a:1f:35:49:de:d0:
                    dd:bf:09:94:39:d5:77:3d:be:b6:b1:22:5d:e6:98:
                    e9:56:2c:14:63:0c:43:00:3a:b5:08:e7:55:c4:5d:
                    3e:5c:0e:b9:4f:a0:13:dd:6b:39:15:01:19:06:f1:
                    38:09:fe:20:99:36:b5:3d:d6:07:32:a8:27:b7:0d:
                    a9:63:46:58:5f:0e:86:51:cb:b2:74:45:7d:be:f7:
                    cb:6c:be:d7:a4:10:d6:f2:f0:ac:c5:b1:58:a3:e5:
                    74:da:e5:72:a0:a7:55:cf:55:c5:50:29:24:fb:ce:
                    e6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C6:5C:FB:04:B0:A2:D5:D1:9C:B6:D0:D1:13:8C:1A:4E:41:44:04
            X509v3 Authority Key Identifier:
                keyid:45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/28Zc-wSwotXRnLbQ0ROMGk5BRAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9b:ac:f6:57:a8:75:78:bc:00:c9:40:71:35:74:db:db:b1:81:
         0d:80:1d:73:8b:9c:b5:21:ab:08:89:25:75:fe:6f:c7:95:6d:
         d0:d4:7e:cc:aa:d8:1c:fe:e8:cc:66:a9:89:ec:26:16:25:f3:
         ba:59:d0:81:27:2a:44:59:34:7e:24:04:fa:51:82:97:15:3b:
         9f:43:dd:bb:27:97:de:9e:d7:5b:6d:8e:0a:fe:35:06:67:e3:
         0e:a9:25:1a:14:5e:d4:8a:f3:29:67:fd:a5:f4:ca:07:dd:4c:
         5c:54:10:2f:12:4a:2f:d1:26:49:d2:af:e6:6c:a9:6a:33:a8:
         c7:b7:39:32:b8:28:be:68:c6:c6:30:da:5d:16:c8:68:21:ac:
         4b:76:3d:b8:f0:d1:9e:8a:f8:6f:28:83:70:d9:bf:d2:92:9b:
         6c:7b:95:f1:f0:42:23:a9:53:c8:e8:38:9a:e8:04:07:53:8d:
         7a:b9:6a:fe:bb:a6:84:cf:c9:09:07:32:a6:fd:86:a8:50:83:
         c1:a7:d5:b2:0b:d0:6f:24:99:ee:2e:c4:46:03:49:8e:cb:f5:
         d9:f5:ee:01:f3:ce:94:38:3d:3b:24:6b:3a:58:f1:e8:af:c6:
         5e:75:6e:02:f4:d1:7f:2e:41:2d:40:1f:42:56:38:95:00:53:
         25:2e:9e:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZARzNN5byJHgUDqt3EOXBUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjhkMGE3MjA0NTYwYjYzNTZkODM3YmJmMTUxMGQ5NjM2
ZGY2M2EwHhcNMjQwNjEzMTMzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmM2NWNmYjA0YjBhMmQ1ZDE5Y2I2ZDBkMTEzOGMxYTRlNDE0NDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2d8ng92qTkYtw9QfZuDTeoMwBZhN
xykNtUU9oivs8kejItMNIeRfLEaxUazRK/wJK5heWhXj3w28xhUxtBAbYwW66k0Z
fwmFr4e4kC1iB2b301YiIEfcyQ7J7CehdcMN2zlFjANQl5FOei8E2nTE2udku3CL
Wv6of25t+xrT0Pgw/r1y7y/d/BD29Wwo9fYaHzVJ3tDdvwmUOdV3Pb62sSJd5pjp
ViwUYwxDADq1COdVxF0+XA65T6AT3Ws5FQEZBvE4Cf4gmTa1PdYHMqgntw2pY0ZY
Xw6GUcuydEV9vvfLbL7XpBDW8vCsxbFYo+V02uVyoKdVz1XFUCkk+87mIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvGXPsEsKLV0Zy20NETjBpOQUQEMB8GA1UdIwQY
MBaAFEVo0KcgRWC2NW2De78VENljbfY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgt
NmZlMzVhZTU0YTViLzEvMjhaYy13U3dvdFhSbkxiUTBST01HazVCUkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgtNmZlMzVhZTU0YTVi
LzEvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPXQMA0G
CSqGSIb3DQEBCwUAA4IBAQCbrPZXqHV4vADJQHE1dNvbsYENgB1zi5y1IasIiSV1
/m/HlW3Q1H7Mqtgc/ujMZqmJ7CYWJfO6WdCBJypEWTR+JAT6UYKXFTufQ927J5fe
ntdbbY4K/jUGZ+MOqSUaFF7UivMpZ/2l9MoH3UxcVBAvEkov0SZJ0q/mbKlqM6jH
tzkyuCi+aMbGMNpdFshoIaxLdj248NGeivhvKINw2b/Skptse5Xx8EIjqVPI6Dia
6AQHU416uWr+u6aEz8kJBzKm/YaoUIPBp9WyC9BvJJnuLsRGA0mOy/XZ9e4B886U
OD07JGs6WPHor8ZedW4C9NF/LkEtQB9CVjiVAFMlLp7r
-----END CERTIFICATE-----
Generated at Wed Jun 26 17:37:20 2024 by rpki-client on console-ams.rpki-client.org