Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/8f8oLNRZd_mUIbLFPz8R601E5Qc.roa
File:                     8f8oLNRZd_mUIbLFPz8R601E5Qc.roa (raw, json)
Hash identifier:          3Ge1gZhcgGFultrkH/hNM66mioy08dRMJZ66KjYM2S8=
Subject key identifier:   F1:FF:28:2C:D4:59:77:F9:94:21:B2:C5:3F:3F:11:EB:4D:44:E5:07
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276D3A5A376C24685BA6025DE96BFA
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/8f8oLNRZd_mUIbLFPz8R601E5Qc.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203920
IP address blocks:        157.25.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6d:3a:5a:37:6c:24:68:5b:a6:02:5d:e9:6b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1ff282cd45977f99421b2c53f3f11eb4d44e507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:08:64:f8:60:fb:65:61:b1:5f:93:03:66:e9:
                    75:d6:dd:61:2a:f9:45:b7:8a:70:3f:49:97:0c:fc:
                    c9:7e:f7:16:78:94:eb:67:e6:51:85:9e:e0:3b:2f:
                    cc:25:ca:1a:a9:db:c5:8a:32:ba:94:7e:7c:4f:d7:
                    fe:c2:67:c2:01:44:f0:6e:d4:77:24:76:fb:94:bd:
                    b1:ec:2b:22:34:35:32:ec:c7:eb:8c:fa:fb:e3:e0:
                    03:5c:93:80:46:3b:9c:3a:04:98:5c:51:cf:44:c3:
                    13:05:b9:6c:92:96:de:b4:a3:ca:d2:5c:0d:85:47:
                    96:d9:a5:ed:53:60:9f:da:ba:3b:b5:46:5a:84:c4:
                    52:2f:88:65:88:95:b4:6e:31:a7:bf:a5:e0:5e:16:
                    62:4b:a1:3c:26:4f:a1:ca:ae:25:6e:f8:11:3e:37:
                    15:09:9a:25:a1:18:bb:72:53:64:0e:4a:22:60:97:
                    bb:d9:3a:c5:66:e6:d6:1c:6f:ff:90:ba:54:ec:f6:
                    73:d4:cd:22:50:da:b3:0b:d9:91:0d:a2:94:e3:67:
                    b5:25:17:8c:9a:31:81:ee:d3:da:d7:0c:17:ff:44:
                    f3:e9:5c:3c:4b:7e:ab:40:55:bf:29:3d:c8:4d:bd:
                    4f:44:72:14:56:90:0e:b2:55:6f:a1:93:46:17:d9:
                    ce:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FF:28:2C:D4:59:77:F9:94:21:B2:C5:3F:3F:11:EB:4D:44:E5:07
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/8f8oLNRZd_mUIbLFPz8R601E5Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:c2:f2:f7:ac:cf:4c:50:92:b6:53:5a:61:08:c8:4d:86:a3:
         02:07:ee:32:63:a4:5e:a8:0a:1e:fb:22:dc:d1:42:9e:c9:07:
         45:9e:9d:b8:9d:0c:14:ed:fb:d5:9e:cd:6d:72:32:12:10:e4:
         33:41:3a:e5:e8:60:07:ee:45:dd:d6:37:e5:97:84:5f:1f:24:
         0c:b3:1f:00:be:92:37:27:a4:01:ed:f1:ef:a5:a7:0e:48:e3:
         68:22:06:17:14:97:eb:c4:76:34:c2:85:e8:45:5a:93:6d:1a:
         a4:9b:d8:d0:ab:5a:ae:65:62:2c:7a:23:f4:ac:3b:21:c0:d4:
         8d:a9:12:ef:06:9d:44:52:49:29:02:8e:c5:53:7d:b7:70:77:
         24:a9:cf:c9:7e:11:0d:fc:34:43:67:f7:94:15:74:db:48:b2:
         2c:08:92:46:22:7e:c1:c6:cd:41:0d:32:ba:96:4b:58:ef:d1:
         35:44:a5:2d:f0:19:29:fb:a0:d8:8b:b8:99:43:ad:e0:e6:88:
         98:43:b1:04:3c:f1:f4:4e:1d:b6:be:c5:a8:1d:33:7b:99:79:
         06:4d:78:1c:69:56:85:83:4f:98:8e:80:11:12:bd:2c:bc:e9:
         81:56:0b:2f:e4:1c:77:1a:98:cd:ec:e1:2c:4d:f5:7c:ce:dd:
         48:89:53:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ206WjdsJGhbpgJd6Wv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWZmMjgyY2Q0NTk3N2Y5OTQyMWIyYzUzZjNmMTFlYjRkNDRlNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAhk+GD7ZWGxX5MDZul11t1hKvlF
t4pwP0mXDPzJfvcWeJTrZ+ZRhZ7gOy/MJcoaqdvFijK6lH58T9f+wmfCAUTwbtR3
JHb7lL2x7CsiNDUy7MfrjPr74+ADXJOARjucOgSYXFHPRMMTBblskpbetKPK0lwN
hUeW2aXtU2Cf2ro7tUZahMRSL4hliJW0bjGnv6XgXhZiS6E8Jk+hyq4lbvgRPjcV
CZoloRi7clNkDkoiYJe72TrFZubWHG//kLpU7PZz1M0iUNqzC9mRDaKU42e1JReM
mjGB7tPa1wwX/0Tz6Vw8S36rQFW/KT3ITb1PRHIUVpAOslVvoZNGF9nOVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPH/KCzUWXf5lCGyxT8/EetNROUHMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvOGY4b0xOUlpkX21VSWJMRlB6OFI2MDFFNVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnRmMMA0G
CSqGSIb3DQEBCwUAA4IBAQCWwvL3rM9MUJK2U1phCMhNhqMCB+4yY6ReqAoe+yLc
0UKeyQdFnp24nQwU7fvVns1tcjISEOQzQTrl6GAH7kXd1jfll4RfHyQMsx8AvpI3
J6QB7fHvpacOSONoIgYXFJfrxHY0woXoRVqTbRqkm9jQq1quZWIseiP0rDshwNSN
qRLvBp1EUkkpAo7FU323cHckqc/JfhEN/DRDZ/eUFXTbSLIsCJJGIn7Bxs1BDTK6
lktY79E1RKUt8Bkp+6DYi7iZQ63g5oiYQ7EEPPH0Th22vsWoHTN7mXkGTXgcaVaF
g0+YjoAREr0svOmBVgsv5Bx3GpjN7OEsTfV8zt1IiVP9
-----END CERTIFICATE-----
Generated at Fri May 17 12:02:43 2024 by rpki-client on console-ams.rpki-client.org