Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/1U07kM94jj1xWUpijO6toIqj2vk.roa
File:                     1U07kM94jj1xWUpijO6toIqj2vk.roa (raw, json)
Hash identifier:          t0vgR2J9QA7SHZVeIwwBuhJpDn8wb//Ub3t3ByTlD8Y=
Subject key identifier:   D5:4D:3B:90:CF:78:8E:3D:71:59:4A:62:8C:EE:AD:A0:8A:A3:DA:F9
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649C5CECCF11D31CEAED00F7F26F429
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/1U07kM94jj1xWUpijO6toIqj2vk.roa
Signing time:             Mon 01 Jan 2024 18:29:32 +0000
ROA not before:           Mon 01 Jan 2024 18:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        109.72.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:c5:ce:cc:f1:1d:31:ce:ae:d0:0f:7f:26:f4:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d54d3b90cf788e3d71594a628ceeada08aa3daf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:14:9e:7e:c7:76:19:4c:3f:78:fe:de:f7:b8:
                    63:af:56:f3:6e:d8:83:dc:06:79:28:77:ce:ed:1e:
                    4b:30:3a:8b:12:c3:04:8b:92:c8:4d:a7:68:ce:0f:
                    30:2e:db:a1:57:97:31:74:b1:56:6a:25:d3:43:e9:
                    97:50:13:11:de:e5:1e:68:cc:8b:63:f6:ce:83:b2:
                    5f:ae:5d:42:33:b5:9b:88:b7:e8:f1:54:d7:79:aa:
                    ca:45:3c:40:25:51:c0:f3:c4:00:b1:27:7d:7d:2a:
                    dd:24:b4:14:70:d8:22:e8:cd:1b:b0:1a:0a:89:86:
                    ef:37:50:f3:6e:a5:9a:d6:96:94:df:63:69:d8:83:
                    c0:e7:de:88:39:5f:dd:0a:ff:a5:e1:92:27:2d:3f:
                    45:cf:01:10:8d:72:cc:8d:8c:ae:44:99:57:2a:6b:
                    03:cb:9b:69:39:3a:a8:88:f7:95:5a:f0:4c:05:32:
                    e6:fd:44:c8:49:4d:30:14:7d:17:b6:de:d4:d0:7f:
                    9d:f0:12:ac:4e:04:dc:c7:da:ab:d9:11:3c:22:c2:
                    5c:cf:e0:03:87:8f:31:56:6b:4e:ca:29:27:ca:bd:
                    0b:39:24:78:1c:0e:b3:39:d7:ab:67:5c:ec:84:de:
                    bb:bd:1c:ee:b6:a7:fb:06:03:28:da:6b:e5:44:ce:
                    a5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:4D:3B:90:CF:78:8E:3D:71:59:4A:62:8C:EE:AD:A0:8A:A3:DA:F9
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/1U07kM94jj1xWUpijO6toIqj2vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:e2:a4:01:5e:0b:6c:d6:d3:4d:f9:a9:d5:c1:d2:c0:fb:37:
         19:ef:b1:f5:9b:0e:d3:d9:de:2a:af:5b:13:22:b9:77:67:c5:
         3f:10:24:e2:4e:d7:d2:c6:9a:6e:8c:b0:7f:70:64:c0:d2:93:
         7e:30:78:48:24:3c:f3:9c:da:92:be:72:82:c3:df:b2:7d:91:
         60:8a:a2:3a:13:85:d0:3d:a0:6a:d6:fc:06:d5:8c:46:76:f7:
         87:86:1b:5e:59:c2:97:f8:b9:50:34:86:9c:d2:95:fd:bd:1d:
         3f:86:f3:a4:a5:df:11:11:16:c0:22:de:65:ba:08:87:50:a9:
         4c:34:e8:2f:62:84:2d:28:9a:f4:b3:6a:f8:0a:bd:e3:0b:49:
         e5:c9:c9:5f:e4:fc:fd:f3:82:af:33:c8:82:27:94:ed:97:0e:
         95:b7:39:be:d4:7f:66:4e:53:ba:5a:b8:5f:44:51:f6:d2:f3:
         c0:05:aa:31:6a:4d:c2:90:62:d1:76:ca:f6:ba:32:2f:e9:1f:
         49:67:10:4f:c3:85:48:9b:6e:92:93:8c:30:33:2c:c7:c4:93:
         1b:e8:ea:f9:5d:93:05:ee:9a:a8:4a:35:df:23:5f:86:b4:27:
         db:11:90:0a:88:f2:60:ef:d4:7a:32:96:ff:c5:c3:d3:b1:1c:
         9f:93:16:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGScXOzPEdMc6u0A9/JvQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTRkM2I5MGNmNzg4ZTNkNzE1OTRhNjI4Y2VlYWRhMDhhYTNkYWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhSefsd2GUw/eP7e97hjr1bzbtiD
3AZ5KHfO7R5LMDqLEsMEi5LITadozg8wLtuhV5cxdLFWaiXTQ+mXUBMR3uUeaMyL
Y/bOg7Jfrl1CM7WbiLfo8VTXearKRTxAJVHA88QAsSd9fSrdJLQUcNgi6M0bsBoK
iYbvN1DzbqWa1paU32Np2IPA596IOV/dCv+l4ZInLT9FzwEQjXLMjYyuRJlXKmsD
y5tpOTqoiPeVWvBMBTLm/UTISU0wFH0Xtt7U0H+d8BKsTgTcx9qr2RE8IsJcz+AD
h48xVmtOyiknyr0LOSR4HA6zOderZ1zshN67vRzutqf7BgMo2mvlRM6l3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVNO5DPeI49cVlKYozuraCKo9r5MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvMVUwN2tNOTRqajF4V1VwaWpPNnRvSXFqMnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUh5MA0G
CSqGSIb3DQEBCwUAA4IBAQAt4qQBXgts1tNN+anVwdLA+zcZ77H1mw7T2d4qr1sT
Irl3Z8U/ECTiTtfSxppujLB/cGTA0pN+MHhIJDzznNqSvnKCw9+yfZFgiqI6E4XQ
PaBq1vwG1YxGdveHhhteWcKX+LlQNIac0pX9vR0/hvOkpd8RERbAIt5lugiHUKlM
NOgvYoQtKJr0s2r4Cr3jC0nlyclf5Pz984KvM8iCJ5Ttlw6Vtzm+1H9mTlO6Wrhf
RFH20vPABaoxak3CkGLRdsr2ujIv6R9JZxBPw4VIm26Sk4wwMyzHxJMb6Or5XZMF
7pqoSjXfI1+GtCfbEZAKiPJg79R6Mpb/xcPTsRyfkxaQ
-----END CERTIFICATE-----
Generated at Mon May 6 13:47:02 2024 by rpki-client on console-ams.rpki-client.org