Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/O7BF3njYk1hSe1uTuVdyjrVeFlE.roa
File:                     O7BF3njYk1hSe1uTuVdyjrVeFlE.roa (raw, json)
Hash identifier:          WsB8E8u7sMZm6DBJtyrLfS8CeUjyc1Cj7ZMO/DHdeho=
Subject key identifier:   3B:B0:45:DE:78:D8:93:58:52:7B:5B:93:B9:57:72:8E:B5:5E:16:51
Certificate issuer:       /CN=0661f20fb8a7e635d7bcc94c00bed7179b7608f6
Certificate serial:       018CC2DAD94C1A8167C0CC9150753A30E62D
Authority key identifier: 06:61:F2:0F:B8:A7:E6:35:D7:BC:C9:4C:00:BE:D7:17:9B:76:08:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/O7BF3njYk1hSe1uTuVdyjrVeFlE.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13127
IP address blocks:        91.209.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d9:4c:1a:81:67:c0:cc:91:50:75:3a:30:e6:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0661f20fb8a7e635d7bcc94c00bed7179b7608f6
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bb045de78d89358527b5b93b957728eb55e1651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2b:e3:68:a7:1f:29:64:da:74:88:1e:38:53:
                    09:eb:96:0f:e6:83:b5:51:c7:b3:80:7e:28:32:f0:
                    74:d1:57:b5:99:90:39:e5:df:e6:0e:f5:1a:4d:f6:
                    f8:5c:17:53:e6:3c:b6:b9:b6:fb:a1:63:2e:c6:a4:
                    e5:b5:7f:b4:28:2d:ba:a1:02:50:13:9a:fe:82:e6:
                    c1:34:bd:ec:29:ff:35:4b:f5:3a:f0:96:bf:49:0f:
                    d3:96:fd:e2:7e:a0:1b:1f:9e:56:eb:42:5e:19:39:
                    c7:ba:6e:e4:bc:17:a7:70:54:09:90:e1:72:63:be:
                    a3:0b:2f:12:ce:e8:1a:32:64:de:7a:fe:8c:fb:f0:
                    73:bb:6f:ff:62:3c:6f:6f:f0:d9:3e:cd:37:49:a3:
                    8a:a1:d9:45:3a:9b:14:c9:a2:15:03:e8:1a:f1:0a:
                    20:13:c3:70:dc:72:f2:a7:5e:44:d4:4f:41:82:3f:
                    44:54:8c:cd:46:ec:02:0f:77:33:c1:4a:f6:d4:94:
                    65:2a:62:c5:ab:17:5d:f0:58:88:06:c7:c0:0f:e3:
                    ae:d5:89:03:61:b8:19:ac:a6:15:34:6f:5a:68:25:
                    9b:3b:c0:ef:1d:72:e6:28:c7:14:39:93:69:75:df:
                    35:0e:d2:f8:66:84:34:2d:0e:a3:da:02:64:9a:a6:
                    48:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B0:45:DE:78:D8:93:58:52:7B:5B:93:B9:57:72:8E:B5:5E:16:51
            X509v3 Authority Key Identifier:
                keyid:06:61:F2:0F:B8:A7:E6:35:D7:BC:C9:4C:00:BE:D7:17:9B:76:08:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/O7BF3njYk1hSe1uTuVdyjrVeFlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:9c:27:19:4f:ad:e7:5b:52:cc:8f:9a:aa:9d:9e:22:3f:72:
         85:25:38:19:99:d6:7a:86:c7:b5:37:00:92:be:79:4a:3c:e5:
         f6:9d:63:88:6d:9d:d3:8c:e7:b3:37:37:4c:c6:b0:3b:d1:ae:
         20:b3:b9:68:13:98:b1:72:64:43:dc:03:cf:d5:d1:38:86:65:
         a7:05:da:7c:e4:43:33:08:37:37:be:93:c3:5d:56:52:4f:5f:
         5d:ce:fd:4e:29:ea:84:bb:b4:13:cb:ce:4e:ee:94:c4:eb:d9:
         3c:81:28:a8:df:02:76:2d:42:59:74:d3:64:8d:0b:92:cf:b1:
         7d:d4:1e:5c:99:57:98:90:57:da:73:d4:2b:8a:b0:7e:fe:a0:
         bb:24:7b:06:16:52:e2:5d:0e:6a:88:8e:f5:79:e3:18:03:ec:
         a3:2e:ad:0d:35:3b:31:e4:04:90:f7:84:c2:04:f1:10:4d:9f:
         cb:06:ea:bd:fa:a0:dd:4e:82:10:6b:45:f8:30:76:15:ad:f8:
         72:0e:f7:7a:e8:c3:59:49:6b:50:71:f2:56:52:a9:56:c3:9b:
         a3:1b:be:d4:c6:73:c0:70:7f:d8:58:e7:4a:4e:73:30:75:c7:
         92:93:92:f5:a4:77:64:b0:02:fd:85:0d:77:23:84:bf:2b:c7:
         2c:97:57:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tlMGoFnwMyRUHU6MOYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NjFmMjBmYjhhN2U2MzVkN2JjYzk0YzAwYmVkNzE3OWI3
NjA4ZjYwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmIwNDVkZTc4ZDg5MzU4NTI3YjViOTNiOTU3NzI4ZWI1NWUxNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSvjaKcfKWTadIgeOFMJ65YP5oO1
UcezgH4oMvB00Ve1mZA55d/mDvUaTfb4XBdT5jy2ubb7oWMuxqTltX+0KC26oQJQ
E5r+gubBNL3sKf81S/U68Ja/SQ/Tlv3ifqAbH55W60JeGTnHum7kvBencFQJkOFy
Y76jCy8SzugaMmTeev6M+/Bzu2//Yjxvb/DZPs03SaOKodlFOpsUyaIVA+ga8Qog
E8Nw3HLyp15E1E9Bgj9EVIzNRuwCD3czwUr21JRlKmLFqxdd8FiIBsfAD+Ou1YkD
YbgZrKYVNG9aaCWbO8DvHXLmKMcUOZNpdd81DtL4ZoQ0LQ6j2gJkmqZIlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuwRd542JNYUntbk7lXco61XhZRMB8GA1UdIwQY
MBaAFAZh8g+4p+Y117zJTAC+1xebdgj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm1IeUQ3aW41alhYdk1sTUFMN1hGNXQyQ1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmQ0OWItYmM2Zi00Y2U0LTkzMzMt
YWQ4ZWRmZTVmMGY3LzEvTzdCRjNuallrMWhTZTF1VHVWZHlqclZlRmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmQ0OWItYmM2Zi00Y2U0LTkzMzMtYWQ4ZWRmZTVmMGY3
LzEvQm1IeUQ3aW41alhYdk1sTUFMN1hGNXQyQ1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GJMA0G
CSqGSIb3DQEBCwUAA4IBAQABnCcZT63nW1LMj5qqnZ4iP3KFJTgZmdZ6hse1NwCS
vnlKPOX2nWOIbZ3TjOezNzdMxrA70a4gs7loE5ixcmRD3APP1dE4hmWnBdp85EMz
CDc3vpPDXVZST19dzv1OKeqEu7QTy85O7pTE69k8gSio3wJ2LUJZdNNkjQuSz7F9
1B5cmVeYkFfac9QrirB+/qC7JHsGFlLiXQ5qiI71eeMYA+yjLq0NNTsx5ASQ94TC
BPEQTZ/LBuq9+qDdToIQa0X4MHYVrfhyDvd66MNZSWtQcfJWUqlWw5ujG77UxnPA
cH/YWOdKTnMwdceSk5L1pHdksAL9hQ13I4S/K8csl1dX
-----END CERTIFICATE-----
Generated at Sun May 19 14:44:37 2024 by rpki-client on console-fra.rpki-client.org