Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/U4kjOAp2yc88l9uHqSe8JdJLFho.roa
File:                     U4kjOAp2yc88l9uHqSe8JdJLFho.roa (raw, json)
Hash identifier:          cGwq/X5HPrboJTZVACqizfBbgfAx0feHyEjWFex0G/A=
Subject key identifier:   53:89:23:38:0A:76:C9:CF:3C:97:DB:87:A9:27:BC:25:D2:4B:16:1A
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AEA2260E373B297F330067FC142F4
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/U4kjOAp2yc88l9uHqSe8JdJLFho.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207732
IP address blocks:        2.58.55.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ea:22:60:e3:73:b2:97:f3:30:06:7f:c1:42:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=538923380a76c9cf3c97db87a927bc25d24b161a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:31:09:a2:fc:d2:d0:ae:cc:63:cc:84:c0:75:
                    c3:9a:e3:a5:55:c0:8b:47:8a:6e:68:36:00:6d:86:
                    18:6f:e0:20:93:c7:71:77:bc:59:67:7c:54:2a:08:
                    67:d2:44:43:a7:25:dc:be:4c:54:82:a9:52:53:82:
                    6e:eb:09:d7:b6:c8:c7:9a:1e:f6:5c:91:7f:13:1e:
                    fa:b9:7c:f8:6a:fc:15:6b:44:59:ec:6e:d8:09:e2:
                    df:fb:67:f2:e6:3f:1e:46:6e:fd:33:3f:ec:1b:7e:
                    fe:a2:1e:67:f6:5a:63:85:b0:d1:8b:60:4d:e2:e8:
                    27:51:96:9e:d9:28:25:a6:fd:2b:72:a6:55:15:9a:
                    b6:cf:5c:af:4f:85:96:30:e1:f7:8e:48:f2:50:9e:
                    6c:43:a8:eb:f8:c1:08:ea:88:7c:7f:0c:05:f7:df:
                    c2:aa:95:0b:e6:88:1b:ac:15:ec:66:78:a7:84:96:
                    52:bb:5d:5d:22:ba:3b:56:34:18:32:c5:2a:fc:2a:
                    e7:28:46:42:d8:12:35:3c:09:88:5a:21:0d:be:3b:
                    13:d6:20:86:91:d8:00:8d:2d:2c:80:67:93:e6:0d:
                    a5:8c:a6:90:a5:62:8e:0e:05:d2:5c:2a:77:c9:a0:
                    5f:92:f9:80:8c:b7:85:1d:4e:8a:1b:5f:2a:db:78:
                    fc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:89:23:38:0A:76:C9:CF:3C:97:DB:87:A9:27:BC:25:D2:4B:16:1A
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/U4kjOAp2yc88l9uHqSe8JdJLFho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:a5:c9:27:ff:4b:5f:ca:a9:ba:db:8a:ba:f5:1e:6c:18:a7:
         9c:20:1d:e3:21:e2:12:fe:a4:2b:9b:18:11:05:27:6f:f9:24:
         06:34:26:b8:01:ab:c1:f1:94:c5:43:fc:2c:91:8c:7a:9b:9c:
         15:35:45:81:fd:63:17:49:19:c8:a8:ed:7c:c3:65:f4:fc:b8:
         f5:83:fa:56:ad:88:57:84:10:2f:3d:d6:12:eb:b7:bb:67:3a:
         63:6d:ca:a9:33:8d:8e:89:46:93:d6:dd:1a:17:31:4a:d0:b9:
         28:d9:c2:b8:ad:9e:17:07:4d:de:a4:fb:1e:9a:34:09:d4:52:
         49:66:4e:b2:78:65:8d:0c:6a:5a:f4:78:94:24:f3:23:c9:71:
         7b:bb:0f:12:9b:a8:6c:f1:b9:1a:a9:c5:1a:3a:78:05:e1:bb:
         03:12:5a:4e:41:ee:a1:ef:9c:0b:63:6a:91:6e:4e:7d:01:7d:
         af:5d:d0:a0:9a:aa:4d:1a:f1:f7:da:5a:e7:7b:79:73:85:60:
         fd:0a:5a:35:6d:17:62:78:77:c7:0f:86:bb:ba:39:43:1e:af:
         b8:02:f0:4d:66:00:5b:89:9e:3a:52:d8:22:2b:7f:82:38:30:
         09:ea:b1:cf:0d:25:71:f0:20:a4:31:94:41:b0:2c:81:7c:08:
         3e:62:dd:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuoiYONzspfzMAZ/wUL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzg5MjMzODBhNzZjOWNmM2M5N2RiODdhOTI3YmMyNWQyNGIxNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjEJovzS0K7MY8yEwHXDmuOlVcCL
R4puaDYAbYYYb+Agk8dxd7xZZ3xUKghn0kRDpyXcvkxUgqlSU4Ju6wnXtsjHmh72
XJF/Ex76uXz4avwVa0RZ7G7YCeLf+2fy5j8eRm79Mz/sG37+oh5n9lpjhbDRi2BN
4ugnUZae2Sglpv0rcqZVFZq2z1yvT4WWMOH3jkjyUJ5sQ6jr+MEI6oh8fwwF99/C
qpUL5ogbrBXsZninhJZSu11dIro7VjQYMsUq/CrnKEZC2BI1PAmIWiENvjsT1iCG
kdgAjS0sgGeT5g2ljKaQpWKODgXSXCp3yaBfkvmAjLeFHU6KG18q23j8ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOJIzgKdsnPPJfbh6knvCXSSxYaMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvVTRrak9BcDJ5Yzg4bDl1SHFTZThKZEpMRmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjo3MA0G
CSqGSIb3DQEBCwUAA4IBAQBxpckn/0tfyqm624q69R5sGKecIB3jIeIS/qQrmxgR
BSdv+SQGNCa4AavB8ZTFQ/wskYx6m5wVNUWB/WMXSRnIqO18w2X0/Lj1g/pWrYhX
hBAvPdYS67e7ZzpjbcqpM42OiUaT1t0aFzFK0Lko2cK4rZ4XB03epPsemjQJ1FJJ
Zk6yeGWNDGpa9HiUJPMjyXF7uw8Sm6hs8bkaqcUaOngF4bsDElpOQe6h75wLY2qR
bk59AX2vXdCgmqpNGvH32lrne3lzhWD9Clo1bRdieHfHD4a7ujlDHq+4AvBNZgBb
iZ46UtgiK3+CODAJ6rHPDSVx8CCkMZRBsCyBfAg+Yt2N
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:59:16 2024 by rpki-client on console-ams.rpki-client.org