Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/2lnqbImLXxs3Wbp1Ze7lO-z1znQ.roa
File:                     2lnqbImLXxs3Wbp1Ze7lO-z1znQ.roa (raw, json)
Hash identifier:          fo+OQStVu/frgRp4eXhTJslO9wxHI3OWrvz6QRiHEIQ=
Subject key identifier:   DA:59:EA:6C:89:8B:5F:1B:37:59:BA:75:65:EE:E5:3B:EC:F5:CE:74
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       018CC8024689D3B229706A6F2E5AC508D649
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/2lnqbImLXxs3Wbp1Ze7lO-z1znQ.roa
Signing time:             Tue 02 Jan 2024 02:30:41 +0000
ROA not before:           Tue 02 Jan 2024 02:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198441
IP address blocks:        185.86.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:46:89:d3:b2:29:70:6a:6f:2e:5a:c5:08:d6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  2 02:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da59ea6c898b5f1b3759ba7565eee53becf5ce74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9a:80:42:2e:e2:b3:62:86:77:67:ff:bb:04:
                    87:b2:c7:18:75:af:0d:0a:ba:7a:d5:11:2e:cc:8a:
                    20:fe:34:04:31:5e:bd:0d:07:c7:9a:83:89:67:b4:
                    4e:cc:0c:36:c6:84:64:27:7d:b0:f3:00:43:9f:91:
                    44:98:b3:5f:26:a2:73:6a:05:96:b9:d9:2c:c1:15:
                    c0:2d:a7:36:af:3a:76:ca:04:f1:e8:3f:44:23:da:
                    56:f2:33:f9:81:56:8f:f6:bd:cc:50:cf:cf:2c:84:
                    ec:67:26:ae:ab:a4:23:5f:c8:66:b1:9f:7d:ea:dd:
                    bd:aa:5d:72:11:73:84:f7:5d:3b:a2:fa:80:ca:39:
                    b1:8e:15:25:92:16:13:ad:3b:11:86:f3:ce:4a:aa:
                    1e:34:80:b1:7b:45:9d:ea:26:aa:87:d3:54:e9:96:
                    ba:cf:52:7f:04:4f:af:73:9d:47:8a:f4:ae:dd:88:
                    bd:ef:43:b7:c6:e4:c6:43:4a:1f:7c:8b:19:aa:04:
                    7f:34:52:58:40:28:fd:c9:b2:32:81:ed:f0:58:2b:
                    ce:17:97:ba:6a:5f:92:72:ab:01:e9:e2:ea:4a:64:
                    a2:86:39:86:66:15:c5:18:98:77:b9:9f:bd:a4:95:
                    29:9b:92:cd:00:7b:16:20:62:4f:8b:8e:86:57:f5:
                    91:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:59:EA:6C:89:8B:5F:1B:37:59:BA:75:65:EE:E5:3B:EC:F5:CE:74
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/2lnqbImLXxs3Wbp1Ze7lO-z1znQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:df:59:c1:8f:4e:60:fc:8b:d8:88:b2:31:b3:60:58:3e:22:
         97:b4:92:60:92:ed:68:8d:69:55:7b:d7:6a:53:7b:a5:3a:22:
         01:48:cd:f8:f9:54:fe:b6:71:80:51:6d:e2:19:77:28:be:be:
         43:38:0c:20:62:07:85:e2:cb:6c:69:86:c7:15:68:6d:3b:50:
         73:8a:b5:11:99:1f:04:dd:cb:19:4d:43:58:ba:51:78:15:b0:
         e9:f1:8d:f0:66:99:4f:91:c8:33:b3:6b:d6:25:ec:92:e4:5f:
         4b:02:b7:7b:53:28:27:03:b9:59:76:47:be:52:71:12:77:15:
         c3:ae:ce:27:87:bc:15:65:73:a1:f4:55:8a:01:28:33:99:3a:
         fc:10:70:24:20:27:55:29:f3:54:bf:91:78:7e:ff:b9:de:e6:
         d4:a9:1e:7a:7d:04:e5:6a:6b:80:6c:a0:a5:35:0d:93:d0:ee:
         eb:c9:b6:3d:6d:f3:59:f1:ec:29:99:0f:20:19:57:56:43:15:
         93:ca:3e:ba:e4:c5:13:1a:8d:87:eb:bc:c2:e6:1c:87:0a:b5:
         d1:d4:65:68:2e:13:bd:05:72:25:ce:cb:80:b4:2d:6a:4e:4b:
         27:70:44:55:cd:60:2a:cc:1b:3b:75:44:54:e3:8f:10:36:77:
         b4:35:fc:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAkaJ07IpcGpvLlrFCNZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjQwMTAyMDIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTU5ZWE2Yzg5OGI1ZjFiMzc1OWJhNzU2NWVlZTUzYmVjZjVjZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5qAQi7is2KGd2f/uwSHsscYda8N
Crp61REuzIog/jQEMV69DQfHmoOJZ7ROzAw2xoRkJ32w8wBDn5FEmLNfJqJzagWW
udkswRXALac2rzp2ygTx6D9EI9pW8jP5gVaP9r3MUM/PLITsZyauq6QjX8hmsZ99
6t29ql1yEXOE9107ovqAyjmxjhUlkhYTrTsRhvPOSqoeNICxe0Wd6iaqh9NU6Za6
z1J/BE+vc51HivSu3Yi970O3xuTGQ0offIsZqgR/NFJYQCj9ybIyge3wWCvOF5e6
al+ScqsB6eLqSmSihjmGZhXFGJh3uZ+9pJUpm5LNAHsWIGJPi46GV/WRbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpZ6myJi18bN1m6dWXu5Tvs9c50MB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvMmxucWJJbUxYeHMzV2JwMVplN2xPLXoxem5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVbBMA0G
CSqGSIb3DQEBCwUAA4IBAQBp31nBj05g/IvYiLIxs2BYPiKXtJJgku1ojWlVe9dq
U3ulOiIBSM34+VT+tnGAUW3iGXcovr5DOAwgYgeF4stsaYbHFWhtO1BzirURmR8E
3csZTUNYulF4FbDp8Y3wZplPkcgzs2vWJeyS5F9LArd7UygnA7lZdke+UnESdxXD
rs4nh7wVZXOh9FWKASgzmTr8EHAkICdVKfNUv5F4fv+53ubUqR56fQTlamuAbKCl
NQ2T0O7rybY9bfNZ8ewpmQ8gGVdWQxWTyj665MUTGo2H67zC5hyHCrXR1GVoLhO9
BXIlzsuAtC1qTksncERVzWAqzBs7dURU448QNne0Nfy5
-----END CERTIFICATE-----
Generated at Sat May 11 06:37:31 2024 by rpki-client on console-ams.rpki-client.org