Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/S0ldKMJLgbZLKyHOtYnq0tIGVXM.roa
File:                     S0ldKMJLgbZLKyHOtYnq0tIGVXM.roa (raw, json)
Hash identifier:          6BvV2rqunOTJ2x+wMn9To5TAUXdBl9dY8TADUNjOfW8=
Subject key identifier:   4B:49:5D:28:C2:4B:81:B6:4B:2B:21:CE:B5:89:EA:D2:D2:06:55:73
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       018CC794E3E9EE80F507CFF1F0AFF4A82A9B
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/S0ldKMJLgbZLKyHOtYnq0tIGVXM.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212520
IP address blocks:        2a05:4741:25::/48 maxlen: 48
                          2a05:4741:26::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e3:e9:ee:80:f5:07:cf:f1:f0:af:f4:a8:2a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b495d28c24b81b64b2b21ceb589ead2d2065573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:98:5a:9b:79:30:25:0d:ad:c8:e7:e6:0d:49:
                    24:9b:1c:4d:89:c7:94:9e:68:86:b0:53:c3:9f:59:
                    32:5c:31:17:38:0b:da:db:5a:85:23:44:ae:f8:fa:
                    73:18:46:9c:d2:f0:cd:6c:11:40:6f:f6:51:fd:56:
                    77:26:7e:d2:ee:c4:e4:f0:43:f5:e0:81:8d:7f:41:
                    7a:a3:83:45:6a:15:31:de:cf:f6:fc:8e:84:84:7c:
                    ec:3f:37:c3:5a:65:2a:da:54:31:2f:87:9a:d2:32:
                    59:38:ac:25:b7:27:d2:cf:6a:ff:1c:48:84:36:b2:
                    cd:07:31:03:25:d1:0e:5a:56:0d:23:80:f3:12:1f:
                    b0:29:28:de:a8:b6:cc:a2:8d:25:72:4f:17:ba:60:
                    c9:9f:5b:2e:2f:26:b2:ef:e9:3b:47:63:00:b6:e1:
                    55:9b:70:58:62:19:ea:90:d8:5d:46:e6:6d:03:8b:
                    24:1c:93:8e:39:eb:da:b8:f2:7c:ea:af:a5:8c:fc:
                    1d:38:e2:bd:b0:58:e6:0e:fe:ea:53:69:4b:92:ed:
                    6d:7b:a3:5b:bd:9d:79:b9:f8:1a:20:26:62:da:2d:
                    54:ba:c5:3f:49:e5:47:a9:68:08:3a:d3:b4:13:66:
                    8a:6a:79:c9:20:78:9b:2b:19:c4:57:32:b6:94:5c:
                    c1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:49:5D:28:C2:4B:81:B6:4B:2B:21:CE:B5:89:EA:D2:D2:06:55:73
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/S0ldKMJLgbZLKyHOtYnq0tIGVXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4741:25::-2a05:4741:26:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         50:d3:4d:dd:00:ac:6b:df:67:da:cf:db:7b:83:97:4d:d1:ff:
         c4:3b:3b:d0:2a:84:42:1f:c8:a1:1a:05:2d:de:b0:5d:5d:23:
         71:44:57:9b:70:ad:b3:6a:79:be:ae:6b:32:23:0b:9f:b3:85:
         d7:ee:b9:65:68:6a:e0:33:a1:0e:6c:9d:0a:d6:e5:2f:cc:5e:
         7c:67:06:12:4a:02:c6:3b:7b:41:67:67:bb:81:92:30:2c:10:
         2f:dc:96:81:30:56:7e:c5:c3:05:6e:82:88:c4:94:76:f5:ce:
         30:31:c4:dd:61:2f:43:7a:bc:3e:a6:2a:7f:3c:5a:e7:da:03:
         a0:ec:5e:b9:ab:ec:62:db:32:4c:39:e4:ec:81:b8:9c:8e:1b:
         e8:fd:1d:9b:c2:40:42:42:55:1f:fd:74:84:fb:64:15:ed:fc:
         85:62:ee:fb:8a:77:df:ad:a9:84:ce:af:26:27:00:0c:61:74:
         da:29:73:bf:1d:de:a8:c6:0d:76:5f:44:7e:0b:b4:3f:3f:17:
         a1:5a:97:30:f3:42:e8:ac:13:22:6d:d7:8c:32:91:dd:a7:45:
         47:16:a3:fc:51:ee:d4:63:60:0a:e4:9e:9a:9b:53:75:68:9c:
         36:f0:7c:f7:0b:5b:c8:6b:08:26:b4:f0:55:bc:55:14:c6:07:
         02:80:49:de
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHlOPp7oD1B8/x8K/0qCqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ5NWQyOGMyNGI4MWI2NGIyYjIxY2ViNTg5ZWFkMmQyMDY1NTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZham3kwJQ2tyOfmDUkkmxxNiceU
nmiGsFPDn1kyXDEXOAva21qFI0Su+PpzGEac0vDNbBFAb/ZR/VZ3Jn7S7sTk8EP1
4IGNf0F6o4NFahUx3s/2/I6EhHzsPzfDWmUq2lQxL4ea0jJZOKwltyfSz2r/HEiE
NrLNBzEDJdEOWlYNI4DzEh+wKSjeqLbMoo0lck8XumDJn1suLyay7+k7R2MAtuFV
m3BYYhnqkNhdRuZtA4skHJOOOevauPJ86q+ljPwdOOK9sFjmDv7qU2lLku1te6Nb
vZ15ufgaICZi2i1UusU/SeVHqWgIOtO0E2aKannJIHibKxnEVzK2lFzBFQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEtJXSjCS4G2SyshzrWJ6tLSBlVzMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvUzBsZEtNSkxnYlpMS3lIT3RZbnEwdElHVlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqBUdB
ACUDBwAqBUdBACYwDQYJKoZIhvcNAQELBQADggEBAFDTTd0ArGvfZ9rP23uDl03R
/8Q7O9AqhEIfyKEaBS3esF1dI3FEV5twrbNqeb6uazIjC5+zhdfuuWVoauAzoQ5s
nQrW5S/MXnxnBhJKAsY7e0FnZ7uBkjAsEC/cloEwVn7FwwVugojElHb1zjAxxN1h
L0N6vD6mKn88WufaA6DsXrmr7GLbMkw55OyBuJyOG+j9HZvCQEJCVR/9dIT7ZBXt
/IVi7vuKd9+tqYTOryYnAAxhdNopc78d3qjGDXZfRH4LtD8/F6FalzDzQuisEyJt
14wykd2nRUcWo/xR7tRjYArknpqbU3VonDbwfPcLW8hrCCa08FW8VRTGBwKASd4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:08:07 2024 by rpki-client on console-fra.rpki-client.org