Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/KpFaoZuC3D45DNlwgbD0p6Ecq28.roa
File:                     KpFaoZuC3D45DNlwgbD0p6Ecq28.roa (raw, json)
Hash identifier:          OGrvOM0QpkvRc711kTuu8boWoNAT6HFsRFSxXut+cxA=
Subject key identifier:   2A:91:5A:A1:9B:82:DC:3E:39:0C:D9:70:81:B0:F4:A7:A1:1C:AB:6F
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B64708519E8AD12E50C0AA47C19B
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/KpFaoZuC3D45DNlwgbD0p6Ecq28.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210122
IP address blocks:        81.28.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b6:47:08:51:9e:8a:d1:2e:50:c0:aa:47:c1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a915aa19b82dc3e390cd97081b0f4a7a11cab6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:32:bc:9e:3a:80:8b:f1:af:ac:84:b3:59:5a:
                    33:3b:44:14:95:85:d8:b1:2f:0c:65:9d:d7:33:8c:
                    73:cd:4c:2a:cb:e6:22:cc:2c:13:2a:fe:b8:b4:01:
                    a4:8c:14:80:54:d3:e1:a1:e0:ac:81:0e:9a:f6:e6:
                    48:2a:9c:a3:f7:ef:f1:7c:52:2d:f8:6c:dd:79:c8:
                    c5:19:11:09:3c:d0:53:13:6c:95:d9:41:bb:1b:95:
                    9d:4b:86:31:70:9d:1b:0b:ac:c4:55:94:af:bd:81:
                    9f:5f:48:de:2e:24:4a:f1:aa:f1:1c:ea:45:9d:40:
                    c7:6e:c0:0e:ab:75:48:d1:09:e1:46:58:33:0e:95:
                    98:89:dc:1c:e5:1b:5d:0c:a2:ad:f7:a0:92:3f:21:
                    fc:ff:7e:be:90:f2:62:9a:eb:d2:b9:ab:3d:d1:01:
                    6a:cd:87:73:2f:17:3f:55:56:c9:00:00:3d:01:99:
                    83:a4:8b:7a:d7:c2:19:4e:ab:32:e2:32:ce:8b:91:
                    5a:2e:11:89:88:2a:e4:c8:f0:6d:53:ed:83:e8:f6:
                    9a:aa:af:54:16:5e:96:00:19:0a:77:64:40:36:37:
                    74:b0:33:28:fc:f0:1b:c1:fd:e6:72:f9:26:a7:0c:
                    84:b6:aa:2f:58:22:ae:4d:ba:e5:f9:6f:02:6b:59:
                    43:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:91:5A:A1:9B:82:DC:3E:39:0C:D9:70:81:B0:F4:A7:A1:1C:AB:6F
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/KpFaoZuC3D45DNlwgbD0p6Ecq28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.28.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:38:55:c7:ff:a9:1e:32:34:3a:99:d4:50:7f:63:c8:7f:62:
         90:04:de:c5:84:e5:50:8e:fc:80:31:13:17:00:c3:80:6f:83:
         3a:fe:2b:69:bc:9a:59:9d:46:ed:07:8f:8c:0c:8d:1d:a4:f2:
         46:e7:23:ad:9e:dc:60:6c:f6:20:b0:a1:6c:96:33:81:a5:7f:
         59:57:93:cf:d8:63:89:3f:be:b9:25:9d:01:67:d1:f8:64:ff:
         36:bf:df:81:30:ff:73:f9:75:0c:fd:ed:bd:ec:74:8c:60:07:
         9c:cb:14:db:5e:1a:0c:e1:aa:41:15:eb:43:dd:2a:da:44:17:
         4f:d1:c6:24:af:be:74:87:bc:b7:66:e7:45:70:a6:db:60:51:
         4a:fd:a3:f3:70:e7:f3:1e:51:3a:02:ca:59:40:6b:e7:1a:e2:
         ce:0e:40:c5:59:d7:2a:d8:7e:84:7d:91:66:b6:04:68:3d:20:
         2d:a5:07:24:87:bb:71:37:db:6f:a6:7c:fd:d4:3f:e6:13:86:
         67:c8:ee:80:a5:db:af:4e:76:f0:71:5e:d2:82:cb:d0:ae:77:
         a2:1f:3c:00:cf:53:9d:27:90:a3:ed:ec:e5:7e:f5:cd:60:9c:
         a6:56:9a:67:7d:36:fd:17:79:56:dc:38:f5:c0:85:57:1e:74:
         d3:73:8c:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALZHCFGeitEuUMCqR8GbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkxNWFhMTliODJkYzNlMzkwY2Q5NzA4MWIwZjRhN2ExMWNhYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzK8njqAi/GvrISzWVozO0QUlYXY
sS8MZZ3XM4xzzUwqy+YizCwTKv64tAGkjBSAVNPhoeCsgQ6a9uZIKpyj9+/xfFIt
+GzdecjFGREJPNBTE2yV2UG7G5WdS4YxcJ0bC6zEVZSvvYGfX0jeLiRK8arxHOpF
nUDHbsAOq3VI0QnhRlgzDpWYidwc5RtdDKKt96CSPyH8/36+kPJimuvSuas90QFq
zYdzLxc/VVbJAAA9AZmDpIt618IZTqsy4jLOi5FaLhGJiCrkyPBtU+2D6Paaqq9U
Fl6WABkKd2RANjd0sDMo/PAbwf3mcvkmpwyEtqovWCKuTbrl+W8Ca1lDowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqRWqGbgtw+OQzZcIGw9KehHKtvMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvS3BGYW9adUMzRDQ1RE5sd2diRDBwNkVjcTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURz+MA0G
CSqGSIb3DQEBCwUAA4IBAQBAOFXH/6keMjQ6mdRQf2PIf2KQBN7FhOVQjvyAMRMX
AMOAb4M6/itpvJpZnUbtB4+MDI0dpPJG5yOtntxgbPYgsKFsljOBpX9ZV5PP2GOJ
P765JZ0BZ9H4ZP82v9+BMP9z+XUM/e297HSMYAecyxTbXhoM4apBFetD3SraRBdP
0cYkr750h7y3ZudFcKbbYFFK/aPzcOfzHlE6AspZQGvnGuLODkDFWdcq2H6EfZFm
tgRoPSAtpQckh7txN9tvpnz91D/mE4ZnyO6ApduvTnbwcV7SgsvQrneiHzwAz1Od
J5Cj7ezlfvXNYJymVppnfTb9F3lW3Dj1wIVXHnTTc4wb
-----END CERTIFICATE-----
Generated at Sun May 5 00:32:30 2024 by rpki-client on console-fra.rpki-client.org