Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/QnKl4TCPjmI5rdMaXIciNvEucUU.roa
File:                     QnKl4TCPjmI5rdMaXIciNvEucUU.roa (raw, json)
Hash identifier:          6NGg7HMttJ7wl15orywF2ehfPy0MxvoVaNpPY3+zpWw=
Subject key identifier:   42:72:A5:E1:30:8F:8E:62:39:AD:D3:1A:5C:87:22:36:F1:2E:71:45
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       018CCA2B33EFECFD1E6E32E8EA1FCC2C738D
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/QnKl4TCPjmI5rdMaXIciNvEucUU.roa
Signing time:             Tue 02 Jan 2024 12:34:38 +0000
ROA not before:           Tue 02 Jan 2024 12:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212567
IP address blocks:        141.98.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:33:ef:ec:fd:1e:6e:32:e8:ea:1f:cc:2c:73:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jan  2 12:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4272a5e1308f8e6239add31a5c872236f12e7145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2d:2d:b2:44:b9:fc:d7:86:a5:a9:4d:25:ed:
                    99:3e:de:9a:21:79:0e:00:eb:45:30:33:a4:d9:17:
                    74:ee:96:d1:93:c5:59:46:cf:63:37:0f:bb:b8:c7:
                    56:9e:78:c2:d1:4a:e1:ac:24:49:18:3c:49:56:c7:
                    c7:c4:2e:02:48:36:f7:79:9c:4a:c0:62:9b:5f:eb:
                    5d:9a:2f:4b:83:e4:7c:6f:0d:a0:53:04:e9:dc:ab:
                    bb:18:b9:5b:67:fd:0a:ec:70:50:b2:08:94:cb:53:
                    eb:50:67:5e:53:5a:af:51:b4:71:0c:28:0a:17:3b:
                    74:bb:42:90:49:ee:23:24:1d:f0:70:66:cc:d1:b4:
                    05:af:18:a1:a3:f7:20:d5:c0:8d:77:43:59:4d:1b:
                    20:66:ed:74:1d:8f:57:28:45:ef:2f:1c:45:7f:6a:
                    4f:cf:27:eb:f8:5b:9e:95:43:b9:ff:55:0f:da:09:
                    5a:44:85:35:ee:4c:9b:e0:3d:b7:fa:8b:78:5a:4c:
                    32:f1:8c:60:9c:39:ea:77:43:51:ca:db:46:e2:28:
                    cb:af:9a:64:70:fb:fe:84:bb:09:aa:d5:8a:a4:7f:
                    e0:14:13:12:c7:a9:17:78:57:6d:ea:2c:a8:02:2f:
                    04:d8:20:e2:2f:97:47:4b:08:58:86:6d:21:ca:de:
                    6a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:72:A5:E1:30:8F:8E:62:39:AD:D3:1A:5C:87:22:36:F1:2E:71:45
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/QnKl4TCPjmI5rdMaXIciNvEucUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:d5:7c:34:14:6c:a8:fe:30:05:92:c8:0f:59:b4:98:13:9a:
         b5:4d:f1:c7:1e:ec:a7:9a:ba:fa:30:2f:ff:87:04:0a:fe:18:
         17:d0:f1:7b:e1:1a:f7:fa:62:7e:d4:62:3b:f9:3c:aa:bc:b7:
         ca:c7:15:43:e9:6b:8a:9e:84:be:3f:6b:d1:13:ce:d6:d4:a5:
         e2:99:fc:2e:b0:19:bd:19:18:35:fe:e0:b8:5c:4b:99:0b:95:
         53:1b:08:f7:06:10:1f:77:85:ee:20:9d:80:df:ce:60:2c:4c:
         38:74:04:79:28:fb:5c:37:8f:e5:6f:42:36:72:d3:fd:19:0e:
         78:a2:e4:d7:88:9a:23:58:67:a6:0b:dd:4e:e9:70:7e:13:ae:
         61:11:bc:ac:b6:1b:ee:b3:7e:60:eb:91:93:bb:4b:14:31:6b:
         0d:00:89:a2:9b:b4:a0:da:9e:af:ee:94:f7:7e:3a:51:5a:57:
         bd:d3:1f:a3:a3:df:a1:bc:17:71:75:ee:94:cf:de:77:be:a2:
         07:0d:99:25:9a:86:0a:31:5d:65:46:50:9a:66:4c:fb:2e:d4:
         80:7a:56:9b:d6:8d:20:04:5f:24:fb:b9:24:70:b6:3a:28:e4:
         6b:60:da:94:08:19:5c:74:5f:d6:7e:b3:0d:da:34:2f:91:e6:
         9a:4b:41:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKzPv7P0ebjLo6h/MLHONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwMTAyMTIzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjcyYTVlMTMwOGY4ZTYyMzlhZGQzMWE1Yzg3MjIzNmYxMmU3MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiS0tskS5/NeGpalNJe2ZPt6aIXkO
AOtFMDOk2Rd07pbRk8VZRs9jNw+7uMdWnnjC0UrhrCRJGDxJVsfHxC4CSDb3eZxK
wGKbX+tdmi9Lg+R8bw2gUwTp3Ku7GLlbZ/0K7HBQsgiUy1PrUGdeU1qvUbRxDCgK
Fzt0u0KQSe4jJB3wcGbM0bQFrxiho/cg1cCNd0NZTRsgZu10HY9XKEXvLxxFf2pP
zyfr+FuelUO5/1UP2glaRIU17kyb4D23+ot4Wkwy8YxgnDnqd0NRyttG4ijLr5pk
cPv+hLsJqtWKpH/gFBMSx6kXeFdt6iyoAi8E2CDiL5dHSwhYhm0hyt5qlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJypeEwj45iOa3TGlyHIjbxLnFFMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvUW5LbDRUQ1BqbUk1cmRNYVhJY2lOdkV1Y1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKKMA0G
CSqGSIb3DQEBCwUAA4IBAQAU1Xw0FGyo/jAFksgPWbSYE5q1TfHHHuynmrr6MC//
hwQK/hgX0PF74Rr3+mJ+1GI7+TyqvLfKxxVD6WuKnoS+P2vRE87W1KXimfwusBm9
GRg1/uC4XEuZC5VTGwj3BhAfd4XuIJ2A385gLEw4dAR5KPtcN4/lb0I2ctP9GQ54
ouTXiJojWGemC91O6XB+E65hEbysthvus35g65GTu0sUMWsNAImim7Sg2p6v7pT3
fjpRWle90x+jo9+hvBdxde6Uz953vqIHDZklmoYKMV1lRlCaZkz7LtSAelab1o0g
BF8k+7kkcLY6KORrYNqUCBlcdF/WfrMN2jQvkeaaS0GK
-----END CERTIFICATE-----
Generated at Thu May 23 04:39:30 2024 by rpki-client on console-ams.rpki-client.org