Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/S4kiUvDO1OFUGweZZoRvcDcQM4Y.roa
File:                     S4kiUvDO1OFUGweZZoRvcDcQM4Y.roa (raw, json)
Hash identifier:          G4LQgSvVQ+73ZfdDUo4G6bKqzLexvVLMGcM/Qlsx0rw=
Subject key identifier:   4B:89:22:52:F0:CE:D4:E1:54:1B:07:99:66:84:6F:70:37:10:33:86
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649CDF680D94257CCD1EA6D9D1FF578
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/S4kiUvDO1OFUGweZZoRvcDcQM4Y.roa
Signing time:             Mon 01 Jan 2024 18:29:34 +0000
ROA not before:           Mon 01 Jan 2024 18:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206505
IP address blocks:        109.72.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:cd:f6:80:d9:42:57:cc:d1:ea:6d:9d:1f:f5:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b892252f0ced4e1541b079966846f7037103386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8b:d9:d1:9d:94:10:fe:58:a7:2b:fc:14:d1:
                    ae:22:c5:61:7a:07:be:a1:07:07:fb:b4:6c:38:35:
                    8d:f1:02:e6:83:4c:99:67:6e:9b:8a:33:1d:ff:2c:
                    d3:7b:73:58:7b:80:b9:ee:d3:58:04:84:e8:41:46:
                    e9:07:45:80:76:74:67:01:d3:4a:86:f8:b5:a6:c6:
                    f5:4b:37:48:36:ab:a5:d4:de:57:63:c1:cd:61:d8:
                    7e:fa:f2:a8:8f:50:af:5d:91:86:30:b8:cc:52:bf:
                    7f:ae:a2:c6:a0:cf:1f:42:b0:6c:98:bf:e4:1c:80:
                    d5:d1:43:80:91:38:db:5e:9a:2e:3d:d2:24:56:0a:
                    b8:2b:98:ed:a8:f2:7a:4a:f5:93:b3:e9:44:20:f6:
                    69:bf:ef:94:d2:03:3a:6d:f0:45:1a:e4:72:10:7b:
                    fe:9c:fd:06:5e:05:0c:5b:d4:6e:15:25:7e:4b:00:
                    c0:a5:b7:78:08:10:d8:75:d0:44:51:aa:ae:c3:9d:
                    96:92:8f:e7:0a:29:d0:1d:c1:2d:78:51:19:ca:67:
                    73:06:7a:00:9e:02:a8:c0:80:e9:85:a9:89:9d:be:
                    47:23:50:4c:35:49:3b:07:55:ad:36:b9:d1:16:5c:
                    ba:f7:ed:6d:ac:b2:35:16:71:bb:02:34:f3:ca:92:
                    62:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:89:22:52:F0:CE:D4:E1:54:1B:07:99:66:84:6F:70:37:10:33:86
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/S4kiUvDO1OFUGweZZoRvcDcQM4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:33:a4:da:4b:5c:aa:72:3b:53:9c:ba:5d:2c:6d:29:fc:25:
         ec:49:55:d4:b8:e6:a3:74:c3:0a:23:92:81:05:df:c4:92:f2:
         a5:6e:4d:62:19:95:b3:a2:cf:6d:90:35:81:0f:4a:32:2a:67:
         f2:2c:3c:c4:bf:d0:c5:b7:c5:b4:e8:78:3f:e3:6b:39:af:af:
         af:e8:5b:bb:dc:0e:e3:a3:3f:bb:3e:ac:20:62:c3:33:e4:c2:
         a0:4b:59:cc:08:71:73:57:e0:a1:be:83:2c:34:82:55:08:0c:
         45:f0:34:48:70:36:3b:9a:00:02:60:67:d6:a1:66:15:09:66:
         f7:07:c7:27:c8:45:af:94:51:0a:20:e7:4a:0a:d3:e6:45:be:
         3f:ee:60:a3:69:14:ab:71:d9:5a:96:53:6e:dd:2a:19:54:63:
         39:c5:db:8b:07:9a:b0:db:65:58:d0:1f:d0:5f:44:d9:7e:2a:
         7d:17:ad:6f:20:de:61:36:33:44:6b:8f:7d:0c:1d:25:db:d4:
         ba:61:f0:8e:1c:57:62:0f:ab:f1:b9:42:a0:86:4d:c0:73:54:
         da:4b:64:e4:01:d2:4f:5d:5b:5f:7e:45:54:ea:8d:65:d8:d6:
         8a:14:e0:42:3e:a3:61:30:44:d9:53:0b:fb:ce:29:71:d4:08:
         4e:fa:38:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSc32gNlCV8zR6m2dH/V4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjg5MjI1MmYwY2VkNGUxNTQxYjA3OTk2Njg0NmY3MDM3MTAzMzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYvZ0Z2UEP5Ypyv8FNGuIsVhege+
oQcH+7RsODWN8QLmg0yZZ26bijMd/yzTe3NYe4C57tNYBIToQUbpB0WAdnRnAdNK
hvi1psb1SzdINqul1N5XY8HNYdh++vKoj1CvXZGGMLjMUr9/rqLGoM8fQrBsmL/k
HIDV0UOAkTjbXpouPdIkVgq4K5jtqPJ6SvWTs+lEIPZpv++U0gM6bfBFGuRyEHv+
nP0GXgUMW9RuFSV+SwDApbd4CBDYddBEUaquw52Wko/nCinQHcEteFEZymdzBnoA
ngKowIDphamJnb5HI1BMNUk7B1WtNrnRFly69+1trLI1FnG7AjTzypJiiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuJIlLwztThVBsHmWaEb3A3EDOGMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvUzRraVV2RE8xT0ZVR3dlWlpvUnZjRGNRTTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUh8MA0G
CSqGSIb3DQEBCwUAA4IBAQAhM6TaS1yqcjtTnLpdLG0p/CXsSVXUuOajdMMKI5KB
Bd/EkvKlbk1iGZWzos9tkDWBD0oyKmfyLDzEv9DFt8W06Hg/42s5r6+v6Fu73A7j
oz+7PqwgYsMz5MKgS1nMCHFzV+ChvoMsNIJVCAxF8DRIcDY7mgACYGfWoWYVCWb3
B8cnyEWvlFEKIOdKCtPmRb4/7mCjaRSrcdlallNu3SoZVGM5xduLB5qw22VY0B/Q
X0TZfip9F61vIN5hNjNEa499DB0l29S6YfCOHFdiD6vxuUKghk3Ac1TaS2TkAdJP
XVtffkVU6o1l2NaKFOBCPqNhMETZUwv7zilx1AhO+jgw
-----END CERTIFICATE-----
Generated at Mon May 6 23:46:51 2024 by rpki-client on console-ams.rpki-client.org