Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/492615-8162-4b37-bcbb-5c0d057ef2a6/1/VDHlXGcIBmiL_MteKiJg8kJPBIU.roa
File:                     VDHlXGcIBmiL_MteKiJg8kJPBIU.roa (raw, json)
Hash identifier:          gKb/dn5bCe9qW11E79V18xOBNdBX4qSE1PHmQ0x1/Lg=
Subject key identifier:   54:31:E5:5C:67:08:06:68:8B:FC:CB:5E:2A:22:60:F2:42:4F:04:85
Certificate issuer:       /CN=1ea0c823c360b5f8614892d35b103c64774fd65d
Certificate serial:       018CC6B9297F213C2ED5FE8F7EB74452ED7F
Authority key identifier: 1E:A0:C8:23:C3:60:B5:F8:61:48:92:D3:5B:10:3C:64:77:4F:D6:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HqDII8NgtfhhSJLTWxA8ZHdP1l0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/492615-8162-4b37-bcbb-5c0d057ef2a6/1/VDHlXGcIBmiL_MteKiJg8kJPBIU.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28889
IP address blocks:        91.206.236.0/24 maxlen: 24
                          91.206.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/492615-8162-4b37-bcbb-5c0d057ef2a6/1/HqDII8NgtfhhSJLTWxA8ZHdP1l0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/492615-8162-4b37-bcbb-5c0d057ef2a6/1/HqDII8NgtfhhSJLTWxA8ZHdP1l0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HqDII8NgtfhhSJLTWxA8ZHdP1l0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:7f:21:3c:2e:d5:fe:8f:7e:b7:44:52:ed:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ea0c823c360b5f8614892d35b103c64774fd65d
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5431e55c670806688bfccb5e2a2260f2424f0485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6c:ab:78:f7:66:8c:f8:64:a5:e2:b9:36:30:
                    1b:d6:09:e5:85:b4:27:a2:ea:02:04:f7:19:a8:e7:
                    6c:53:25:99:5f:87:8d:b0:be:ef:b6:05:d3:b8:dc:
                    fb:cb:b7:c8:94:b0:78:a6:e6:65:19:cc:1a:95:67:
                    f2:a2:c9:84:98:20:3f:15:45:f9:54:1a:76:63:14:
                    5f:93:a9:bf:02:0d:14:7f:b4:77:3e:1a:b9:3e:8c:
                    f9:f9:8d:60:0c:93:7b:d0:69:a2:aa:45:66:69:d4:
                    76:86:c6:c8:c2:5d:43:35:8a:50:84:01:7b:06:7e:
                    50:63:c2:0e:88:21:42:76:ed:d2:14:09:2d:2d:06:
                    6a:40:e2:62:7c:83:0f:55:d5:07:b3:66:36:49:88:
                    4f:15:7f:7d:45:6d:18:86:3c:2d:68:f4:2d:0e:36:
                    f0:9b:79:a4:49:f0:fe:39:fa:8d:d5:4f:e9:47:32:
                    f6:a0:81:7d:ce:00:fb:6e:d0:d6:08:0b:14:58:f4:
                    1e:74:bd:39:22:83:4d:e8:6a:28:41:a0:2c:5e:2f:
                    e8:1f:d0:bd:6f:37:92:66:52:28:61:81:aa:24:d2:
                    93:a9:39:fd:65:f0:0b:09:86:0a:7d:e3:7f:20:bd:
                    2d:75:63:c0:b0:f6:52:78:7d:46:2e:d1:8b:bd:42:
                    3f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:31:E5:5C:67:08:06:68:8B:FC:CB:5E:2A:22:60:F2:42:4F:04:85
            X509v3 Authority Key Identifier:
                keyid:1E:A0:C8:23:C3:60:B5:F8:61:48:92:D3:5B:10:3C:64:77:4F:D6:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HqDII8NgtfhhSJLTWxA8ZHdP1l0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/492615-8162-4b37-bcbb-5c0d057ef2a6/1/VDHlXGcIBmiL_MteKiJg8kJPBIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/492615-8162-4b37-bcbb-5c0d057ef2a6/1/HqDII8NgtfhhSJLTWxA8ZHdP1l0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:14:f7:12:43:9c:b3:8d:21:69:e8:7a:26:89:f3:16:26:3a:
         84:47:88:c7:f9:5a:8d:f1:22:62:7c:b4:a5:8e:ca:5e:8b:4f:
         83:52:95:e9:e2:52:bf:24:8d:70:a5:b3:e9:c4:d1:92:0c:68:
         17:c4:19:c6:20:9d:47:be:15:81:db:ba:e4:db:e5:09:25:d2:
         b4:20:b3:d4:b7:75:ec:6a:d7:27:ec:9f:da:28:a7:0c:3f:4f:
         7d:ed:78:0e:8a:65:dd:1c:24:15:57:03:4c:6a:cb:ca:2f:d1:
         49:e7:45:88:ad:c5:ae:29:73:7a:72:2a:d1:77:12:8d:d7:ef:
         96:69:c2:11:32:b3:18:74:af:fe:e8:86:e7:20:13:bf:c0:6c:
         4f:4d:3a:db:01:15:00:f2:5d:9a:c4:3d:70:b9:f8:45:e3:e8:
         b9:bf:13:7c:4a:d4:2e:93:1d:0d:53:63:86:d8:f5:8d:ee:5a:
         f2:3e:6d:7f:14:d9:91:ca:7a:d1:2a:50:2a:bf:f1:06:f7:38:
         7b:c8:b5:26:8c:56:48:97:55:20:33:b0:e4:86:be:f5:51:d4:
         69:ad:a2:aa:01:5a:7d:b3:07:48:a8:c9:8a:fc:2b:f4:84:cf:
         10:81:1e:1a:4b:82:2d:54:95:52:2a:35:64:ed:4a:71:e3:04:
         dc:0c:bc:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSl/ITwu1f6PfrdEUu1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYTBjODIzYzM2MGI1Zjg2MTQ4OTJkMzViMTAzYzY0Nzc0
ZmQ2NWQwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDMxZTU1YzY3MDgwNjY4OGJmY2NiNWUyYTIyNjBmMjQyNGYwNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2yrePdmjPhkpeK5NjAb1gnlhbQn
ouoCBPcZqOdsUyWZX4eNsL7vtgXTuNz7y7fIlLB4puZlGcwalWfyosmEmCA/FUX5
VBp2YxRfk6m/Ag0Uf7R3Phq5Poz5+Y1gDJN70GmiqkVmadR2hsbIwl1DNYpQhAF7
Bn5QY8IOiCFCdu3SFAktLQZqQOJifIMPVdUHs2Y2SYhPFX99RW0YhjwtaPQtDjbw
m3mkSfD+OfqN1U/pRzL2oIF9zgD7btDWCAsUWPQedL05IoNN6GooQaAsXi/oH9C9
bzeSZlIoYYGqJNKTqTn9ZfALCYYKfeN/IL0tdWPAsPZSeH1GLtGLvUI/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQx5VxnCAZoi/zLXioiYPJCTwSFMB8GA1UdIwQY
MBaAFB6gyCPDYLX4YUiS01sQPGR3T9ZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHFESUk4Tmd0ZmhoU0pMVFd4QThaSGRQMWwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS80OTI2MTUtODE2Mi00YjM3LWJjYmIt
NWMwZDA1N2VmMmE2LzEvVkRIbFhHY0lCbWlMX010ZUtpSmc4a0pQQklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS80OTI2MTUtODE2Mi00YjM3LWJjYmItNWMwZDA1N2VmMmE2
LzEvSHFESUk4Tmd0ZmhoU0pMVFd4QThaSGRQMWwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW87sMA0G
CSqGSIb3DQEBCwUAA4IBAQCWFPcSQ5yzjSFp6HomifMWJjqER4jH+VqN8SJifLSl
jspei0+DUpXp4lK/JI1wpbPpxNGSDGgXxBnGIJ1HvhWB27rk2+UJJdK0ILPUt3Xs
atcn7J/aKKcMP0997XgOimXdHCQVVwNMasvKL9FJ50WIrcWuKXN6cirRdxKN1++W
acIRMrMYdK/+6IbnIBO/wGxPTTrbARUA8l2axD1wufhF4+i5vxN8StQukx0NU2OG
2PWN7lryPm1/FNmRynrRKlAqv/EG9zh7yLUmjFZIl1UgM7Dkhr71UdRpraKqAVp9
swdIqMmK/Cv0hM8QgR4aS4ItVJVSKjVk7Upx4wTcDLyt
-----END CERTIFICATE-----
Generated at Tue May 21 17:45:31 2024 by rpki-client on console-fra.rpki-client.org