Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/Ewv14BvtFSgw8NBPZ2dohBy9vqg.roa
File:                     Ewv14BvtFSgw8NBPZ2dohBy9vqg.roa (raw, json)
Hash identifier:          8Gi41HTw3ZY6ZQYqrEFlrqdgCD0C1k6djjMkLnVhwOU=
Subject key identifier:   13:0B:F5:E0:1B:ED:15:28:30:F0:D0:4F:67:67:68:84:1C:BD:BE:A8
Certificate issuer:       /CN=cbff7fd7ee11eff8914a3150fcd16a648a3c7f30
Certificate serial:       018DF3D868C16DD25C8D95C96FF8FF117F70
Authority key identifier: CB:FF:7F:D7:EE:11:EF:F8:91:4A:31:50:FC:D1:6A:64:8A:3C:7F:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/Ewv14BvtFSgw8NBPZ2dohBy9vqg.roa
Signing time:             Thu 29 Feb 2024 07:51:02 +0000
ROA not before:           Thu 29 Feb 2024 07:51:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203741
IP address blocks:        91.195.46.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:d8:68:c1:6d:d2:5c:8d:95:c9:6f:f8:ff:11:7f:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbff7fd7ee11eff8914a3150fcd16a648a3c7f30
        Validity
            Not Before: Feb 29 07:51:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=130bf5e01bed152830f0d04f676768841cbdbea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:13:80:b8:26:5d:ca:21:a2:2d:df:b4:8d:a0:
                    5a:d3:53:75:15:cb:6e:65:5c:72:3a:ec:a4:85:8a:
                    a7:8c:af:d5:2d:b1:99:a7:56:48:28:e1:1b:ce:09:
                    63:f6:43:9a:3b:2b:52:90:3a:95:8d:9d:05:bd:dc:
                    dc:89:63:b0:93:43:d5:d5:38:d0:3f:5e:6b:51:ed:
                    20:9d:27:d9:8b:73:2b:f8:91:54:0b:8e:48:e9:a3:
                    99:3d:59:fa:26:ac:2e:3d:53:f5:18:57:b5:75:d2:
                    01:4c:3e:c6:db:a2:9d:d6:eb:2c:2f:df:19:17:25:
                    80:2f:52:47:41:ec:b5:59:36:50:09:36:f7:e4:93:
                    33:3f:0f:d1:1b:8d:b9:19:80:54:dc:2d:a6:98:04:
                    70:f8:10:50:1e:81:e8:7f:70:44:e0:6c:60:58:4b:
                    06:e7:d9:6a:99:ea:97:c6:74:fd:c7:2e:09:09:68:
                    d4:6c:83:46:ca:30:49:8a:04:c7:34:60:e4:f5:4c:
                    be:be:51:c8:cc:99:ef:c7:f7:5d:23:ad:ba:b3:55:
                    c4:56:a3:7d:98:0f:1b:51:8c:f9:c7:73:f8:2c:a8:
                    ec:08:17:9c:c4:2d:f0:69:ff:04:6b:a9:2c:5a:c5:
                    83:f2:ce:8c:fe:ac:bb:43:88:13:8f:bc:44:37:df:
                    f4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0B:F5:E0:1B:ED:15:28:30:F0:D0:4F:67:67:68:84:1C:BD:BE:A8
            X509v3 Authority Key Identifier:
                keyid:CB:FF:7F:D7:EE:11:EF:F8:91:4A:31:50:FC:D1:6A:64:8A:3C:7F:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/Ewv14BvtFSgw8NBPZ2dohBy9vqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:ed:59:0f:bd:4c:67:3a:fc:5d:9c:e0:a8:90:86:53:34:ec:
         b0:6e:01:05:2c:b3:a2:82:dc:ee:64:0b:b9:f8:f7:e8:d8:d6:
         25:cb:76:5f:29:4b:50:6a:88:f6:7d:e6:48:b6:d7:c6:44:d0:
         94:34:bd:e8:45:43:8c:b6:6f:38:a7:42:ed:b2:45:2d:7a:12:
         f1:14:8c:11:8f:69:0d:3e:03:26:f6:1e:4f:4c:55:bb:12:be:
         e3:6e:6b:35:c9:0e:59:22:38:87:9e:43:50:7d:ee:0f:b6:b7:
         28:46:72:8e:16:9b:55:93:cb:61:07:ad:ec:aa:6f:47:84:2a:
         85:2f:0b:c6:5e:28:8b:b1:6b:19:1a:9b:73:a7:5c:b7:55:30:
         c1:73:12:de:e2:df:f4:f6:40:02:ce:89:aa:48:39:c2:26:e6:
         b4:af:33:f1:a9:6d:ee:a1:59:7d:e1:5d:f4:ea:30:af:49:6f:
         cb:c7:c1:9e:91:30:36:ef:f6:a1:b8:77:4b:83:8e:a2:36:d2:
         24:a8:1a:d3:6b:ea:f3:42:b6:d8:52:9c:27:ae:6d:b4:04:4b:
         c2:cb:ad:6b:6d:ff:20:2f:ff:04:9b:fe:c0:68:15:ce:a6:d6:
         25:a9:2c:1e:98:3e:76:0a:30:b9:e6:5e:24:15:81:61:3d:9c:
         e4:ae:93:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3z2GjBbdJcjZXJb/j/EX9wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZmY3ZmQ3ZWUxMWVmZjg5MTRhMzE1MGZjZDE2YTY0OGEz
YzdmMzAwHhcNMjQwMjI5MDc1MTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzBiZjVlMDFiZWQxNTI4MzBmMGQwNGY2NzY3Njg4NDFjYmRiZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBOAuCZdyiGiLd+0jaBa01N1Fctu
ZVxyOuykhYqnjK/VLbGZp1ZIKOEbzglj9kOaOytSkDqVjZ0FvdzciWOwk0PV1TjQ
P15rUe0gnSfZi3Mr+JFUC45I6aOZPVn6JqwuPVP1GFe1ddIBTD7G26Kd1ussL98Z
FyWAL1JHQey1WTZQCTb35JMzPw/RG425GYBU3C2mmARw+BBQHoHof3BE4GxgWEsG
59lqmeqXxnT9xy4JCWjUbINGyjBJigTHNGDk9Uy+vlHIzJnvx/ddI626s1XEVqN9
mA8bUYz5x3P4LKjsCBecxC3waf8Ea6ksWsWD8s6M/qy7Q4gTj7xEN9/0kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBML9eAb7RUoMPDQT2dnaIQcvb6oMB8GA1UdIwQY
MBaAFMv/f9fuEe/4kUoxUPzRamSKPH8wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveV85XzEtNFI3X2lSU2pGUV9ORnFaSW84ZnpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NTgxNDMtYWYwYy00OTNlLThlZDEt
OWY1Zjc4MDU2OWExLzEvRXd2MTRCdnRGU2d3OE5CUFoyZG9oQnk5dnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NTgxNDMtYWYwYy00OTNlLThlZDEtOWY1Zjc4MDU2OWEx
LzEveV85XzEtNFI3X2lSU2pGUV9ORnFaSW84ZnpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8MuMA0G
CSqGSIb3DQEBCwUAA4IBAQCe7VkPvUxnOvxdnOCokIZTNOywbgEFLLOigtzuZAu5
+Pfo2NYly3ZfKUtQaoj2feZIttfGRNCUNL3oRUOMtm84p0LtskUtehLxFIwRj2kN
PgMm9h5PTFW7Er7jbms1yQ5ZIjiHnkNQfe4PtrcoRnKOFptVk8thB63sqm9HhCqF
LwvGXiiLsWsZGptzp1y3VTDBcxLe4t/09kACzomqSDnCJua0rzPxqW3uoVl94V30
6jCvSW/Lx8GekTA27/ahuHdLg46iNtIkqBrTa+rzQrbYUpwnrm20BEvCy61rbf8g
L/8Em/7AaBXOptYlqSwemD52CjC55l4kFYFhPZzkrpNC
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:56:43 2024 by rpki-client on console-fra.rpki-client.org