Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/bp7l68XHMmItGN6A5EZM0AXoaSA.roa
File:                     bp7l68XHMmItGN6A5EZM0AXoaSA.roa (raw, json)
Hash identifier:          fjmOaIyuHCn7hGx30Lc37BGAdOgQ+MO5eqzTQ1uJaKY=
Subject key identifier:   6E:9E:E5:EB:C5:C7:32:62:2D:18:DE:80:E4:46:4C:D0:05:E8:69:20
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA4A12764B6BA10236EDF1422FA9D
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/bp7l68XHMmItGN6A5EZM0AXoaSA.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201231
IP address blocks:        91.103.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a4:a1:27:64:b6:ba:10:23:6e:df:14:22:fa:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e9ee5ebc5c732622d18de80e4464cd005e86920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5b:8c:09:e4:28:db:59:ca:02:a2:3c:83:da:
                    be:a8:87:7a:cb:3b:bf:f0:5c:e9:98:05:2c:a7:95:
                    ae:7c:6c:ab:b3:59:43:f1:cc:5a:79:9e:33:7c:9b:
                    fa:91:b3:04:6b:26:4c:6e:13:9d:20:83:1d:b8:51:
                    c2:45:c8:38:95:a0:cd:2e:93:37:17:58:1c:bb:af:
                    19:69:ab:2c:7e:72:e0:8f:97:aa:48:f5:7e:ed:f9:
                    4e:9b:05:f9:46:e1:18:e3:1c:22:e6:d4:2b:2e:b2:
                    ea:f2:13:00:41:71:d5:11:7c:64:cb:c2:f1:f2:b3:
                    13:4f:c5:c4:c8:1c:d8:09:87:b5:c4:45:ee:2a:92:
                    17:b8:14:06:24:da:12:83:c3:19:44:15:38:0a:17:
                    35:ae:0e:84:8a:b8:b5:df:d2:73:b2:91:37:25:15:
                    dc:5f:3b:41:ec:25:b6:42:61:34:bb:61:eb:35:13:
                    d2:67:05:c6:54:bf:fd:7e:e7:cb:44:b2:b0:3b:d6:
                    f4:d9:4d:25:80:12:f6:b4:5e:78:c4:82:5e:f6:7e:
                    e1:c2:47:ee:76:1b:44:fb:2f:1a:63:f1:1f:55:e2:
                    0d:16:1c:9e:5f:4d:a4:e4:8f:10:c4:fd:35:07:fc:
                    e9:eb:66:eb:36:ef:96:bd:82:53:8d:a1:20:1d:3b:
                    10:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:9E:E5:EB:C5:C7:32:62:2D:18:DE:80:E4:46:4C:D0:05:E8:69:20
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/bp7l68XHMmItGN6A5EZM0AXoaSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:49:d0:d8:26:5f:9f:c9:50:77:9b:98:4d:77:5f:2a:7d:62:
         e8:ad:da:e8:5b:1f:39:f3:cf:3e:c4:2c:ca:09:85:85:82:45:
         4b:67:6d:40:e5:58:2b:aa:3a:69:cf:90:6b:cb:7e:ea:cc:18:
         a3:ba:2b:ba:c1:8a:df:bf:26:a7:a9:a6:07:1d:ac:b0:b5:77:
         e7:15:b3:1f:0e:55:a7:32:62:73:5d:58:ce:8c:b8:e8:74:e9:
         68:3a:d6:4b:91:51:c5:25:10:b9:7c:c8:80:5a:5d:28:2b:fc:
         20:06:39:51:05:92:87:5f:2c:0c:94:2c:a3:d3:ca:9f:df:45:
         0d:6f:55:d3:8b:36:b0:67:10:f0:23:c1:19:3b:da:b6:aa:e5:
         a6:38:f5:ae:a8:30:d9:39:f0:08:f9:00:12:b5:f4:17:0f:21:
         a5:2c:9e:81:9d:57:dd:c6:bd:0e:0a:3b:6d:f2:80:4e:65:af:
         3f:c3:9b:90:01:1c:f5:47:ae:0a:05:ae:08:be:3e:e2:4b:59:
         5b:62:8d:4b:48:8e:cd:16:f4:08:93:bf:05:73:e0:26:02:7e:
         2a:52:ba:8a:ae:24:2b:66:4e:fb:4d:70:3d:c4:fa:72:c8:db:
         b8:4e:06:d4:e6:02:a1:3b:93:92:03:58:62:36:52:9c:6f:c2:
         3c:d0:a5:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36ShJ2S2uhAjbt8UIvqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTllZTVlYmM1YzczMjYyMmQxOGRlODBlNDQ2NGNkMDA1ZTg2OTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVuMCeQo21nKAqI8g9q+qId6yzu/
8FzpmAUsp5WufGyrs1lD8cxaeZ4zfJv6kbMEayZMbhOdIIMduFHCRcg4laDNLpM3
F1gcu68ZaassfnLgj5eqSPV+7flOmwX5RuEY4xwi5tQrLrLq8hMAQXHVEXxky8Lx
8rMTT8XEyBzYCYe1xEXuKpIXuBQGJNoSg8MZRBU4Chc1rg6Eiri139JzspE3JRXc
XztB7CW2QmE0u2HrNRPSZwXGVL/9fufLRLKwO9b02U0lgBL2tF54xIJe9n7hwkfu
dhtE+y8aY/EfVeINFhyeX02k5I8QxP01B/zp62brNu+WvYJTjaEgHTsQ2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6e5evFxzJiLRjegORGTNAF6GkgMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvYnA3bDY4WEhNbUl0R042QTVFWk0wQVhvYVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2f+MA0G
CSqGSIb3DQEBCwUAA4IBAQAwSdDYJl+fyVB3m5hNd18qfWLordroWx85888+xCzK
CYWFgkVLZ21A5Vgrqjppz5Bry37qzBijuiu6wYrfvyanqaYHHaywtXfnFbMfDlWn
MmJzXVjOjLjodOloOtZLkVHFJRC5fMiAWl0oK/wgBjlRBZKHXywMlCyj08qf30UN
b1XTizawZxDwI8EZO9q2quWmOPWuqDDZOfAI+QAStfQXDyGlLJ6BnVfdxr0OCjtt
8oBOZa8/w5uQARz1R64KBa4Ivj7iS1lbYo1LSI7NFvQIk78Fc+AmAn4qUrqKriQr
Zk77TXA9xPpyyNu4TgbU5gKhO5OSA1hiNlKcb8I80KW4
-----END CERTIFICATE-----
Generated at Wed May 29 08:58:08 2024 by rpki-client on console-ams.rpki-client.org