Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/hyZJtkvXrMZWCVb0mSoAwOnYLE4.roa
File:                     hyZJtkvXrMZWCVb0mSoAwOnYLE4.roa (raw, json)
Hash identifier:          BfxdutaAx2SZ/fE3n7MTcT6ZOT4BhnYSh3/LMg0c3zg=
Subject key identifier:   87:26:49:B6:4B:D7:AC:C6:56:09:56:F4:99:2A:00:C0:E9:D8:2C:4E
Certificate issuer:       /CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
Certificate serial:       018CC9BCF0C11B1E04F65DE50410938F3E98
Authority key identifier: 4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/hyZJtkvXrMZWCVb0mSoAwOnYLE4.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47280
IP address blocks:        185.191.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f0:c1:1b:1e:04:f6:5d:e5:04:10:93:8f:3e:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=872649b64bd7acc6560956f4992a00c0e9d82c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7d:b2:f5:a2:3a:ba:b6:bf:d9:62:ae:01:35:
                    90:6f:ff:63:f5:31:b1:4c:81:bc:04:c8:2c:2e:44:
                    85:f3:51:6c:9e:35:04:9f:cb:f1:2d:13:86:15:9b:
                    34:ab:aa:92:33:3f:dc:a9:34:42:be:c7:5d:ed:6b:
                    61:c6:dd:d0:9f:4f:87:23:40:b6:44:0b:89:eb:87:
                    c6:92:bf:04:74:e9:8a:4f:44:ad:11:2b:72:e7:07:
                    5c:81:41:ab:cb:f4:5e:b5:40:14:b5:f4:a8:41:95:
                    4a:17:17:da:1f:1a:73:25:4b:ac:c5:53:b0:c7:b7:
                    81:d0:2e:4a:02:5b:16:99:ed:6e:21:87:2e:84:23:
                    f9:5e:14:8c:0e:62:b3:72:99:7a:f0:3f:bc:7a:05:
                    00:d0:d3:af:ad:33:51:07:80:89:0d:b4:a8:86:11:
                    9e:fa:6c:73:ba:66:0b:db:a9:99:53:03:1d:fd:54:
                    03:8b:19:ea:bc:d3:5f:b0:b3:69:f6:34:e7:54:e1:
                    70:49:b5:47:59:af:bd:3e:88:67:15:aa:56:5b:5f:
                    e2:1f:bc:dd:76:fc:26:86:d2:13:d1:e3:48:f1:cd:
                    e0:b4:0d:7f:17:e7:6f:f5:24:f2:88:42:8a:4a:78:
                    b5:55:ce:76:e7:b9:1a:2f:6e:03:2f:ec:38:c4:da:
                    c1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:26:49:B6:4B:D7:AC:C6:56:09:56:F4:99:2A:00:C0:E9:D8:2C:4E
            X509v3 Authority Key Identifier:
                keyid:4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/hyZJtkvXrMZWCVb0mSoAwOnYLE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:3f:a2:93:20:31:31:34:c1:b2:90:ca:33:9d:96:d5:2a:4d:
         18:ae:28:98:7d:f1:73:f3:da:dd:6b:7d:6b:42:53:b8:0e:e1:
         f2:0a:c1:42:6e:fb:5b:8d:80:81:7f:0b:3a:58:0a:f6:6e:7c:
         0c:00:27:83:03:15:7d:de:67:b4:56:e6:bd:3f:b8:2c:25:8b:
         5e:f2:01:bb:56:71:13:46:db:9a:01:14:5e:e1:51:a7:a9:28:
         be:38:97:33:fa:5d:4d:6d:ed:3d:72:ea:30:c0:0c:73:6a:b8:
         7b:53:92:c6:a2:ce:ff:11:94:21:bb:32:21:82:2c:f1:c6:70:
         35:22:2c:ca:d0:c0:e0:ca:db:8d:68:58:70:bf:2e:95:a9:e9:
         39:9e:61:be:b0:6f:82:1d:66:55:12:a5:b7:19:3c:fd:5a:34:
         90:07:ce:c8:a7:77:ba:b2:67:b3:7e:70:f0:99:0f:aa:0b:8a:
         9b:e6:93:a4:c0:37:26:85:2a:ed:64:37:77:d3:65:bd:89:12:
         f6:0e:17:00:43:d9:be:3b:ca:2b:fa:67:03:5f:7b:10:c4:fd:
         03:bd:47:43:11:25:d8:6c:5f:aa:60:7a:a6:f5:cd:9b:1f:4e:
         b0:61:cc:95:ea:0e:0f:0f:03:94:00:2e:1c:55:cc:e3:09:6e:
         93:42:63:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPDBGx4E9l3lBBCTjz6YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzc4OWVjZjY3ZTA0Mjk4YzVlZTQ0YzY3ZDhmYjdmNWQ2
ZDk1YTEwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI2NDliNjRiZDdhY2M2NTYwOTU2ZjQ5OTJhMDBjMGU5ZDgyYzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj32y9aI6ura/2WKuATWQb/9j9TGx
TIG8BMgsLkSF81FsnjUEn8vxLROGFZs0q6qSMz/cqTRCvsdd7Wthxt3Qn0+HI0C2
RAuJ64fGkr8EdOmKT0StESty5wdcgUGry/RetUAUtfSoQZVKFxfaHxpzJUusxVOw
x7eB0C5KAlsWme1uIYcuhCP5XhSMDmKzcpl68D+8egUA0NOvrTNRB4CJDbSohhGe
+mxzumYL26mZUwMd/VQDixnqvNNfsLNp9jTnVOFwSbVHWa+9PohnFapWW1/iH7zd
dvwmhtIT0eNI8c3gtA1/F+dv9STyiEKKSni1Vc5257kaL24DL+w4xNrBWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcmSbZL16zGVglW9JkqAMDp2CxOMB8GA1UdIwQY
MBaAFEw3iez2fgQpjF7kTGfY+39dbZWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMt
MWRjNTRkMWMwM2EzLzEvaHlaSnRrdlhyTVpXQ1ZiMG1Tb0F3T25ZTEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMtMWRjNTRkMWMwM2Ez
LzEvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub+XMA0G
CSqGSIb3DQEBCwUAA4IBAQCAP6KTIDExNMGykMoznZbVKk0YriiYffFz89rda31r
QlO4DuHyCsFCbvtbjYCBfws6WAr2bnwMACeDAxV93me0Vua9P7gsJYte8gG7VnET
RtuaARRe4VGnqSi+OJcz+l1Nbe09cuowwAxzarh7U5LGos7/EZQhuzIhgizxxnA1
IizK0MDgytuNaFhwvy6Vqek5nmG+sG+CHWZVEqW3GTz9WjSQB87Ip3e6smezfnDw
mQ+qC4qb5pOkwDcmhSrtZDd302W9iRL2DhcAQ9m+O8or+mcDX3sQxP0DvUdDESXY
bF+qYHqm9c2bH06wYcyV6g4PDwOUAC4cVczjCW6TQmMt
-----END CERTIFICATE-----
Generated at Sat Jun 1 13:52:45 2024 by rpki-client on console-fra.rpki-client.org