Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/1MHjz11tSDSzqTLg4pv0prV8I4s.roa
File:                     1MHjz11tSDSzqTLg4pv0prV8I4s.roa (raw, json)
Hash identifier:          /f9tshTvtqrUIT2RjNgmkvB+G5K9sNk5rpVdP3+bne8=
Subject key identifier:   D4:C1:E3:CF:5D:6D:48:34:B3:A9:32:E0:E2:9B:F4:A6:B5:7C:23:8B
Certificate issuer:       /CN=7069a025a84f42ef3ef0b6052de3fd65e8c08692
Certificate serial:       018CC4939F771C21A4E63924C626194B1A90
Authority key identifier: 70:69:A0:25:A8:4F:42:EF:3E:F0:B6:05:2D:E3:FD:65:E8:C0:86:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/1MHjz11tSDSzqTLg4pv0prV8I4s.roa
Signing time:             Mon 01 Jan 2024 10:30:58 +0000
ROA not before:           Mon 01 Jan 2024 10:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13259
IP address blocks:        188.0.40.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/cGmgJahPQu8-8LYFLeP9ZejAhpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/cGmgJahPQu8-8LYFLeP9ZejAhpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9f:77:1c:21:a4:e6:39:24:c6:26:19:4b:1a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7069a025a84f42ef3ef0b6052de3fd65e8c08692
        Validity
            Not Before: Jan  1 10:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4c1e3cf5d6d4834b3a932e0e29bf4a6b57c238b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:86:03:82:1c:23:74:e7:b2:1f:16:54:31:fd:
                    ac:2e:97:13:f8:d8:22:33:60:82:05:0a:b4:39:89:
                    7a:94:10:23:05:ce:ba:05:d2:cd:31:3c:fb:13:b4:
                    96:71:c6:ca:74:d2:32:66:fa:3c:2c:c3:9a:09:e7:
                    ba:25:4d:39:63:07:d9:40:43:54:8d:d0:a9:dd:a1:
                    7b:11:c7:4c:63:fb:ef:80:6e:e4:8f:37:97:9e:be:
                    c4:5c:8d:02:64:bd:bb:63:84:6d:07:6c:30:ca:de:
                    52:8e:1e:28:7c:64:00:ea:88:86:a3:2a:a1:0a:6a:
                    80:22:cd:d4:e6:7a:93:7b:b9:98:30:24:36:8b:21:
                    64:1d:51:66:6d:e4:d9:85:5e:46:9f:44:81:af:d3:
                    82:00:2b:e3:f9:00:57:30:60:9c:e9:af:a6:d1:45:
                    7f:bc:51:05:00:90:a8:34:1a:d5:e8:d5:5a:5d:1c:
                    a6:24:e9:ef:54:cb:15:21:2d:eb:fb:78:74:ac:11:
                    71:f1:ba:26:4b:ca:ba:d3:48:44:ea:5d:90:04:7c:
                    9d:96:11:07:1d:10:2f:b2:99:f0:ed:a9:99:6b:6d:
                    bc:85:b5:1f:db:5d:6d:06:d6:f9:78:25:af:45:3c:
                    41:07:e4:28:8f:83:26:7b:74:f3:a8:15:c9:c1:a3:
                    22:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:C1:E3:CF:5D:6D:48:34:B3:A9:32:E0:E2:9B:F4:A6:B5:7C:23:8B
            X509v3 Authority Key Identifier:
                keyid:70:69:A0:25:A8:4F:42:EF:3E:F0:B6:05:2D:E3:FD:65:E8:C0:86:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/1MHjz11tSDSzqTLg4pv0prV8I4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/cGmgJahPQu8-8LYFLeP9ZejAhpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.0.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         21:cd:15:a8:c1:47:a0:ee:06:68:17:52:d3:9d:16:80:b4:aa:
         73:ce:a8:3a:cc:9b:10:3f:81:9f:27:98:d9:ee:58:5d:68:12:
         6a:7e:30:cb:90:fb:67:d4:01:ab:29:c6:d8:3f:b0:c1:85:0f:
         86:8c:a2:b3:8f:f2:a9:db:96:a8:ba:4b:3b:89:2f:60:8f:b2:
         5d:1b:f7:81:29:12:e5:da:b3:c1:55:56:4a:15:9e:eb:44:82:
         c3:63:d1:96:94:0b:80:32:a7:73:ef:88:7a:86:af:29:74:72:
         1e:e2:f2:d5:19:40:fa:58:8f:c8:fc:70:53:9e:bd:ef:f8:53:
         5f:6e:ed:66:a6:a7:a9:b1:8e:f1:07:76:0f:18:10:1d:6d:b7:
         c3:e4:cd:b7:42:f6:37:44:79:0f:3c:a4:6a:37:2e:da:1a:82:
         89:ef:12:30:a0:5f:ae:89:4a:56:6e:70:44:cc:ab:9e:eb:93:
         1d:31:cc:1f:73:a7:a7:8a:a0:0d:e0:80:83:1a:0c:81:96:84:
         a9:0c:d4:14:5a:d1:76:7e:9b:9d:81:b2:07:a2:fa:7e:dd:0f:
         0b:ec:70:a5:b7:cb:42:cc:9a:66:4b:b4:5b:05:a4:9f:49:93:
         f1:c5:21:5f:aa:49:42:ef:88:f8:75:24:65:20:f4:d0:53:f6:
         1a:a6:43:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk593HCGk5jkkxiYZSxqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNjlhMDI1YTg0ZjQyZWYzZWYwYjYwNTJkZTNmZDY1ZThj
MDg2OTIwHhcNMjQwMTAxMTAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGMxZTNjZjVkNmQ0ODM0YjNhOTMyZTBlMjliZjRhNmI1N2MyMzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4oYDghwjdOeyHxZUMf2sLpcT+Ngi
M2CCBQq0OYl6lBAjBc66BdLNMTz7E7SWccbKdNIyZvo8LMOaCee6JU05YwfZQENU
jdCp3aF7EcdMY/vvgG7kjzeXnr7EXI0CZL27Y4RtB2wwyt5Sjh4ofGQA6oiGoyqh
CmqAIs3U5nqTe7mYMCQ2iyFkHVFmbeTZhV5Gn0SBr9OCACvj+QBXMGCc6a+m0UV/
vFEFAJCoNBrV6NVaXRymJOnvVMsVIS3r+3h0rBFx8bomS8q600hE6l2QBHydlhEH
HRAvspnw7amZa228hbUf211tBtb5eCWvRTxBB+Qoj4Mme3TzqBXJwaMigwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTB489dbUg0s6ky4OKb9Ka1fCOLMB8GA1UdIwQY
MBaAFHBpoCWoT0LvPvC2BS3j/WXowIaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0dtZ0phaFBRdTgtOExZRkxlUDlaZWpBaHBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hZDAxMTYtNzU1OC00NjU2LTlmYjMt
NTE5OWE3MTE2ODRkLzEvMU1IanoxMXRTRFN6cVRMZzRwdjBwclY4STRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hZDAxMTYtNzU1OC00NjU2LTlmYjMtNTE5OWE3MTE2ODRk
LzEvY0dtZ0phaFBRdTgtOExZRkxlUDlaZWpBaHBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvAAoMA0G
CSqGSIb3DQEBCwUAA4IBAQAhzRWowUeg7gZoF1LTnRaAtKpzzqg6zJsQP4GfJ5jZ
7lhdaBJqfjDLkPtn1AGrKcbYP7DBhQ+GjKKzj/Kp25aouks7iS9gj7JdG/eBKRLl
2rPBVVZKFZ7rRILDY9GWlAuAMqdz74h6hq8pdHIe4vLVGUD6WI/I/HBTnr3v+FNf
bu1mpqepsY7xB3YPGBAdbbfD5M23QvY3RHkPPKRqNy7aGoKJ7xIwoF+uiUpWbnBE
zKue65MdMcwfc6eniqAN4ICDGgyBloSpDNQUWtF2fpudgbIHovp+3Q8L7HClt8tC
zJpmS7RbBaSfSZPxxSFfqklC74j4dSRlIPTQU/YapkMT
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:49 2024 by rpki-client on console-ams.rpki-client.org