Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/DKyJwZuMOOa7x9e9Syq7SVsVCt8.roa
File:                     DKyJwZuMOOa7x9e9Syq7SVsVCt8.roa (raw, json)
Hash identifier:          KWsFUurjDrOt/CVSmd5Z0M/QyiEtcQrJNJqa+wUd+ec=
Subject key identifier:   0C:AC:89:C1:9B:8C:38:E6:BB:C7:D7:BD:4B:2A:BB:49:5B:15:0A:DF
Certificate issuer:       /CN=c3a8e8648e0ba36a323ab9df6341d668bda6b4d2
Certificate serial:       018CC5006C2C97564BFFB75DA99A86A57EF7
Authority key identifier: C3:A8:E8:64:8E:0B:A3:6A:32:3A:B9:DF:63:41:D6:68:BD:A6:B4:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/DKyJwZuMOOa7x9e9Syq7SVsVCt8.roa
Signing time:             Mon 01 Jan 2024 12:29:48 +0000
ROA not before:           Mon 01 Jan 2024 12:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        193.43.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/w6joZI4Lo2oyOrnfY0HWaL2mtNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/w6joZI4Lo2oyOrnfY0HWaL2mtNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6c:2c:97:56:4b:ff:b7:5d:a9:9a:86:a5:7e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3a8e8648e0ba36a323ab9df6341d668bda6b4d2
        Validity
            Not Before: Jan  1 12:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cac89c19b8c38e6bbc7d7bd4b2abb495b150adf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:32:0d:52:17:a1:55:06:01:b6:8f:a9:d0:53:
                    65:4f:06:90:cc:14:e3:3b:80:d9:cd:d0:63:3c:b0:
                    f6:80:cf:3a:42:44:34:9a:36:e4:df:5f:54:c8:32:
                    d7:8d:31:e8:97:4d:1c:99:b9:9f:56:b3:36:14:9f:
                    cb:ed:32:ca:60:58:b4:39:fd:bb:88:94:c9:69:cb:
                    92:c9:cc:ee:f7:6d:68:41:95:e1:08:bf:d0:9d:37:
                    c8:c3:1f:ab:0c:49:27:4b:39:fb:9e:9f:5a:38:53:
                    c5:df:e3:96:0c:b4:0b:4a:34:0b:39:1d:3c:2a:a6:
                    6e:84:ef:db:60:bf:3c:a9:13:e5:89:f3:97:6e:54:
                    25:e1:88:31:6c:b5:41:84:14:54:df:0a:a3:76:e5:
                    f2:5d:aa:cf:24:66:c9:34:63:68:42:97:62:77:0e:
                    fe:27:39:c8:f6:65:7b:8b:cc:6c:3f:cb:8c:5e:17:
                    5f:bf:24:f4:48:0b:9c:dc:ca:cf:d3:5d:5b:d5:f3:
                    c8:14:74:a9:c9:fc:c1:7b:53:aa:ef:2f:38:7f:01:
                    ca:48:3f:10:16:7f:63:11:78:fd:f1:ea:1f:8f:c2:
                    b2:16:c1:81:fc:c0:78:11:d2:f3:9d:1c:1d:ac:c3:
                    ca:bf:d9:48:09:45:a4:6f:da:30:6c:35:f9:bf:26:
                    af:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AC:89:C1:9B:8C:38:E6:BB:C7:D7:BD:4B:2A:BB:49:5B:15:0A:DF
            X509v3 Authority Key Identifier:
                keyid:C3:A8:E8:64:8E:0B:A3:6A:32:3A:B9:DF:63:41:D6:68:BD:A6:B4:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/DKyJwZuMOOa7x9e9Syq7SVsVCt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/w6joZI4Lo2oyOrnfY0HWaL2mtNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:bf:d5:01:49:d5:74:59:bd:40:31:36:cc:a2:fe:54:0e:e5:
         73:59:cb:ee:a0:e0:e7:08:39:72:57:51:4a:a3:fa:96:b3:7b:
         61:13:d0:10:ec:15:8d:5d:28:c6:73:4b:12:f1:c8:32:85:01:
         67:d9:de:2f:ac:f1:27:da:16:98:9a:48:48:61:c2:f7:47:cc:
         c0:d0:8d:5d:6d:ce:da:90:10:6e:ab:d5:ec:8a:6e:d4:bf:95:
         ee:be:26:5f:86:c1:1c:bc:83:58:cf:c9:d3:bc:28:4e:c2:6a:
         86:3f:e2:96:76:5d:a6:08:36:43:6c:f6:e8:af:f7:ff:2f:e5:
         43:1a:da:96:b6:83:c6:c6:31:bc:53:8f:32:bd:16:d6:a5:6d:
         65:af:ac:c2:1b:6a:4d:cd:1d:8e:83:10:27:f4:ff:da:e1:88:
         30:b9:5f:54:3f:f2:8f:fd:67:6f:c4:62:d1:c3:ef:c4:4b:87:
         79:a2:1d:cf:04:2f:99:b9:31:f2:9d:4e:d3:da:42:68:3a:f1:
         46:e7:86:49:12:de:c3:c9:09:77:96:42:b4:c5:88:7b:40:09:
         22:99:da:41:bb:a5:fc:27:ac:b1:3b:bb:26:8c:98:ca:af:b2:
         ee:f1:53:07:7b:4f:d0:c3:43:5e:5d:2b:aa:94:ad:74:e7:6e:
         54:f9:31:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAGwsl1ZL/7ddqZqGpX73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYThlODY0OGUwYmEzNmEzMjNhYjlkZjYzNDFkNjY4YmRh
NmI0ZDIwHhcNMjQwMTAxMTIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FjODljMTliOGMzOGU2YmJjN2Q3YmQ0YjJhYmI0OTViMTUwYWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTINUhehVQYBto+p0FNlTwaQzBTj
O4DZzdBjPLD2gM86QkQ0mjbk319UyDLXjTHol00cmbmfVrM2FJ/L7TLKYFi0Of27
iJTJacuSyczu921oQZXhCL/QnTfIwx+rDEknSzn7np9aOFPF3+OWDLQLSjQLOR08
KqZuhO/bYL88qRPlifOXblQl4YgxbLVBhBRU3wqjduXyXarPJGbJNGNoQpdidw7+
JznI9mV7i8xsP8uMXhdfvyT0SAuc3MrP011b1fPIFHSpyfzBe1Oq7y84fwHKSD8Q
Fn9jEXj98eofj8KyFsGB/MB4EdLznRwdrMPKv9lICUWkb9owbDX5vyavaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAysicGbjDjmu8fXvUsqu0lbFQrfMB8GA1UdIwQY
MBaAFMOo6GSOC6NqMjq532NB1mi9prTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZqb1pJNExvMm95T3JuZlkwSFdhTDJtdE5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC81YTNkMjAtZWNhYS00MGVhLTlkYjIt
ZDU5ODQ1ZmI5YjNkLzEvREt5SndadU1PT2E3eDllOVN5cTdTVnNWQ3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC81YTNkMjAtZWNhYS00MGVhLTlkYjItZDU5ODQ1ZmI5YjNk
LzEvdzZqb1pJNExvMm95T3JuZlkwSFdhTDJtdE5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSsqMA0G
CSqGSIb3DQEBCwUAA4IBAQB6v9UBSdV0Wb1AMTbMov5UDuVzWcvuoODnCDlyV1FK
o/qWs3thE9AQ7BWNXSjGc0sS8cgyhQFn2d4vrPEn2haYmkhIYcL3R8zA0I1dbc7a
kBBuq9Xsim7Uv5XuviZfhsEcvINYz8nTvChOwmqGP+KWdl2mCDZDbPbor/f/L+VD
GtqWtoPGxjG8U48yvRbWpW1lr6zCG2pNzR2OgxAn9P/a4YgwuV9UP/KP/WdvxGLR
w+/ES4d5oh3PBC+ZuTHynU7T2kJoOvFG54ZJEt7DyQl3lkK0xYh7QAkimdpBu6X8
J6yxO7smjJjKr7Lu8VMHe0/Qw0NeXSuqlK10525U+TG4
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:48:30 2024 by rpki-client on console-ams.rpki-client.org