Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/0_v3KPV3VXC2qxFSZpJE6VO67_4.roa
File:                     0_v3KPV3VXC2qxFSZpJE6VO67_4.roa (raw, json)
Hash identifier:          IZXVR49yqsc3yTn8BZ9XR5TLgn2GE2UrLt9exwzsq/o=
Subject key identifier:   D3:FB:F7:28:F5:77:55:70:B6:AB:11:52:66:92:44:E9:53:BA:EF:FE
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       01934A6ABECF1E4C30E44AA7B32AB7D1A35B
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/0_v3KPV3VXC2qxFSZpJE6VO67_4.roa
Signing time:             Wed 20 Nov 2024 16:32:09 +0000
ROA not before:           Wed 20 Nov 2024 16:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214402
IP address blocks:        89.36.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:6a:be:cf:1e:4c:30:e4:4a:a7:b3:2a:b7:d1:a3:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Nov 20 16:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3fbf728f5775570b6ab1152669244e953baeffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a4:d4:35:96:d2:7b:95:1b:21:d4:39:49:84:
                    c9:1b:10:20:09:fb:32:79:76:f5:51:81:c5:59:93:
                    64:ba:bb:ce:ae:6d:32:28:d1:c8:74:71:db:6c:b0:
                    77:8b:f0:d8:f8:b4:f7:6d:50:34:15:57:c7:e9:a9:
                    91:be:58:d3:c9:6b:c3:76:19:91:13:13:8e:1d:6c:
                    ba:13:43:5b:7b:22:08:84:16:7e:f8:b9:23:ef:47:
                    6b:59:63:75:84:76:06:b0:e2:c3:78:0d:a3:8b:a5:
                    ae:84:75:de:6d:bc:7a:81:06:5b:23:ae:bb:61:f2:
                    a3:2f:bc:1c:34:5b:68:a7:7b:c7:3e:ea:84:27:a3:
                    eb:54:60:ea:e8:cb:89:78:e8:62:50:c5:fb:f5:74:
                    88:3a:b7:7e:52:06:34:fd:69:f4:05:e0:1c:cb:e2:
                    18:47:69:b5:3b:a8:a0:3a:19:32:61:42:cc:5e:4f:
                    46:a6:a1:fe:f2:4e:c7:e4:a6:41:bc:80:53:2a:af:
                    4e:2a:77:a5:81:04:d7:d8:75:19:7f:e0:34:1e:47:
                    b7:d2:a7:77:36:32:22:29:7f:bb:7d:59:02:0b:e1:
                    fa:6a:5a:d0:d1:53:47:8e:10:53:dd:87:0d:6b:30:
                    7f:8c:87:1a:a0:9c:d6:b2:d4:c1:56:9d:3f:7c:78:
                    86:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FB:F7:28:F5:77:55:70:B6:AB:11:52:66:92:44:E9:53:BA:EF:FE
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/0_v3KPV3VXC2qxFSZpJE6VO67_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:e5:58:4b:77:fd:2c:72:b3:4f:48:15:5f:37:33:58:0a:22:
         7b:bc:e5:2f:39:12:46:91:28:2c:a0:4b:53:a0:b6:70:2c:bc:
         e0:eb:ff:a2:c1:e6:b4:53:2f:56:f3:31:d0:2d:3e:b6:eb:8d:
         06:1b:73:f9:a5:c1:5d:a6:85:6d:20:5c:eb:44:1b:fb:99:8d:
         c0:98:9e:c6:fe:b9:79:0d:fe:62:8c:0c:4d:9c:41:8a:78:61:
         39:3e:4b:71:aa:70:e1:f1:7a:41:85:ce:30:63:4f:2f:28:ea:
         14:55:27:2c:9c:4f:f1:f7:a1:1c:47:46:f2:c1:7d:81:b7:4c:
         5d:9f:f4:fd:34:9a:e8:76:6c:0f:3b:fc:b4:4b:4c:1d:b9:3f:
         82:93:d4:12:0b:3d:e9:db:06:39:2a:b8:25:c2:d7:77:2e:9a:
         04:2b:3a:ce:e8:74:25:64:60:5d:a8:1a:20:1d:06:44:89:bb:
         7c:38:8f:dd:0e:22:6f:11:23:6b:41:a2:21:d8:a3:5d:ad:88:
         3a:0f:97:42:e9:49:c5:aa:7b:58:2a:6a:5f:3e:49:f4:0e:0e:
         5d:06:a5:49:b5:d5:df:8b:10:41:f9:b7:d4:5f:08:87:0d:c3:
         b3:df:ee:99:88:48:72:e7:09:8f:e7:e9:40:3a:ea:2d:ad:e4:
         4f:d6:ce:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNKar7PHkww5Eqnsyq30aNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQxMTIwMTYzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZiZjcyOGY1Nzc1NTcwYjZhYjExNTI2NjkyNDRlOTUzYmFlZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaTUNZbSe5UbIdQ5SYTJGxAgCfsy
eXb1UYHFWZNkurvOrm0yKNHIdHHbbLB3i/DY+LT3bVA0FVfH6amRvljTyWvDdhmR
ExOOHWy6E0NbeyIIhBZ++Lkj70drWWN1hHYGsOLDeA2ji6WuhHXebbx6gQZbI667
YfKjL7wcNFtop3vHPuqEJ6PrVGDq6MuJeOhiUMX79XSIOrd+UgY0/Wn0BeAcy+IY
R2m1O6igOhkyYULMXk9GpqH+8k7H5KZBvIBTKq9OKnelgQTX2HUZf+A0Hke30qd3
NjIiKX+7fVkCC+H6alrQ0VNHjhBT3YcNazB/jIcaoJzWstTBVp0/fHiGjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP79yj1d1VwtqsRUmaSROlTuu/+MB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvMF92M0tQVjNWWEMycXhGU1pwSkU2Vk82N180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSRYMA0G
CSqGSIb3DQEBCwUAA4IBAQBi5VhLd/0scrNPSBVfNzNYCiJ7vOUvORJGkSgsoEtT
oLZwLLzg6/+iwea0Uy9W8zHQLT62640GG3P5pcFdpoVtIFzrRBv7mY3AmJ7G/rl5
Df5ijAxNnEGKeGE5PktxqnDh8XpBhc4wY08vKOoUVScsnE/x96EcR0bywX2Bt0xd
n/T9NJrodmwPO/y0S0wduT+Ck9QSCz3p2wY5Krglwtd3LpoEKzrO6HQlZGBdqBog
HQZEibt8OI/dDiJvESNrQaIh2KNdrYg6D5dC6UnFqntYKmpfPkn0Dg5dBqVJtdXf
ixBB+bfUXwiHDcOz3+6ZiEhy5wmP5+lAOuotreRP1s68
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:21:29 2024 by rpki-client on console-ams.rpki-client.org