Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/c301fb-3174-45c3-a447-a7fcfb529dc7/1/LdzswJoW6namQGAongSJlEjxI2E.roa
File:                     LdzswJoW6namQGAongSJlEjxI2E.roa (raw, json)
Hash identifier:          rdDeXmGGsRNw0Ag/6cENwrskVENKVJUwQN2RtqfOmpQ=
Subject key identifier:   2D:DC:EC:C0:9A:16:EA:76:A6:40:60:28:9E:04:89:94:48:F1:23:61
Certificate issuer:       /CN=80c7b3de96b91edc6e9c85d9d5a668419203b5f5
Certificate serial:       01912895638045A3523886125CA87DC3938D
Authority key identifier: 80:C7:B3:DE:96:B9:1E:DC:6E:9C:85:D9:D5:A6:68:41:92:03:B5:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gMez3pa5HtxunIXZ1aZoQZIDtfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/c301fb-3174-45c3-a447-a7fcfb529dc7/1/LdzswJoW6namQGAongSJlEjxI2E.roa
Signing time:             Tue 06 Aug 2024 16:46:04 +0000
ROA not before:           Tue 06 Aug 2024 16:46:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        195.200.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/c301fb-3174-45c3-a447-a7fcfb529dc7/1/gMez3pa5HtxunIXZ1aZoQZIDtfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/c301fb-3174-45c3-a447-a7fcfb529dc7/1/gMez3pa5HtxunIXZ1aZoQZIDtfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gMez3pa5HtxunIXZ1aZoQZIDtfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:28:95:63:80:45:a3:52:38:86:12:5c:a8:7d:c3:93:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80c7b3de96b91edc6e9c85d9d5a668419203b5f5
        Validity
            Not Before: Aug  6 16:46:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ddcecc09a16ea76a64060289e04899448f12361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:4b:11:0e:6c:5d:6f:07:22:d9:1f:2b:d8:2b:
                    67:76:26:11:46:dd:9a:2a:85:09:04:a2:58:5e:3c:
                    96:c8:89:2f:c7:e8:7c:9a:8a:4c:e9:af:63:ba:10:
                    1b:df:a9:72:b3:05:d6:5a:60:3a:76:2b:08:e6:8f:
                    25:92:db:6f:bc:86:d1:d7:69:02:bc:f6:26:ec:62:
                    ad:38:51:77:2e:46:7a:b8:3d:27:91:2a:a4:e3:4e:
                    e5:18:a9:7d:b7:e0:b6:c4:67:f2:2c:b8:6c:6f:40:
                    57:ff:d8:9a:f2:b7:8b:fc:9b:94:0d:04:1d:af:ce:
                    6b:ee:81:1e:e3:93:7d:c3:03:84:70:6c:ef:56:97:
                    d5:05:55:66:0c:e8:1f:50:e3:ea:a0:3a:64:cc:2c:
                    48:74:1e:de:22:b2:0e:8f:a7:87:2a:9a:1f:b2:ee:
                    98:3f:6c:4c:23:e0:69:b9:49:c9:43:19:5a:96:e8:
                    20:d4:fd:0f:5c:25:33:d1:7a:2f:81:18:8d:89:f7:
                    cc:cf:cf:8f:c3:1c:2e:a2:7a:74:20:6e:23:7c:db:
                    0b:f5:27:57:4b:32:62:2b:90:f3:44:f5:72:0e:15:
                    03:80:95:fe:82:8e:cb:3a:36:0a:a5:45:5a:aa:85:
                    12:f9:5c:6b:45:81:a6:8b:29:d4:22:9c:3f:30:1a:
                    3a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:DC:EC:C0:9A:16:EA:76:A6:40:60:28:9E:04:89:94:48:F1:23:61
            X509v3 Authority Key Identifier:
                keyid:80:C7:B3:DE:96:B9:1E:DC:6E:9C:85:D9:D5:A6:68:41:92:03:B5:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gMez3pa5HtxunIXZ1aZoQZIDtfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/c301fb-3174-45c3-a447-a7fcfb529dc7/1/LdzswJoW6namQGAongSJlEjxI2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/c301fb-3174-45c3-a447-a7fcfb529dc7/1/gMez3pa5HtxunIXZ1aZoQZIDtfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:14:8c:dc:9b:86:e4:c4:d6:29:3d:cc:d1:3b:c2:e5:f4:cd:
         ab:f6:f7:eb:77:49:b7:31:c4:96:d4:94:dc:9e:74:05:3d:50:
         8f:b6:b2:34:fc:b4:da:dc:f6:5a:70:a8:96:56:de:af:b1:0a:
         0c:cb:57:7a:4e:fc:63:49:98:8a:23:b7:de:c9:72:ee:3c:45:
         d9:d4:1c:c1:2c:9c:73:0a:a3:f8:72:b3:61:e8:13:51:5a:ec:
         62:94:b6:da:4f:b8:e4:04:01:7f:63:f7:3d:b4:03:88:91:2f:
         12:af:b9:db:74:7b:46:27:c3:91:46:c6:e7:9e:e5:6c:66:bd:
         31:5f:62:07:37:a4:c6:55:f0:99:9f:a3:8c:88:a6:8d:96:8f:
         bd:c8:7c:81:5a:da:9f:a7:07:29:7c:71:b0:a1:28:39:49:ff:
         10:c2:08:69:67:64:da:01:63:54:26:e5:c6:16:ef:73:e7:63:
         b4:ff:8a:c7:02:ad:41:6b:b1:f3:62:f0:25:51:b2:36:76:30:
         6a:70:42:c3:ae:3a:a6:13:ea:96:a4:4f:69:67:73:d2:3d:de:
         b3:ec:ce:89:8f:cb:f6:ea:b4:b2:33:35:30:d9:3c:ef:c8:41:
         64:42:4e:66:42:17:f1:0f:b4:5f:84:53:89:16:cb:e1:62:7e:
         58:ff:aa:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEolWOARaNSOIYSXKh9w5ONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYzdiM2RlOTZiOTFlZGM2ZTljODVkOWQ1YTY2ODQxOTIw
M2I1ZjUwHhcNMjQwODA2MTY0NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGRjZWNjMDlhMTZlYTc2YTY0MDYwMjg5ZTA0ODk5NDQ4ZjEyMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhksRDmxdbwci2R8r2CtndiYRRt2a
KoUJBKJYXjyWyIkvx+h8mopM6a9juhAb36lyswXWWmA6disI5o8lkttvvIbR12kC
vPYm7GKtOFF3LkZ6uD0nkSqk407lGKl9t+C2xGfyLLhsb0BX/9ia8reL/JuUDQQd
r85r7oEe45N9wwOEcGzvVpfVBVVmDOgfUOPqoDpkzCxIdB7eIrIOj6eHKpofsu6Y
P2xMI+BpuUnJQxlalugg1P0PXCUz0XovgRiNiffMz8+Pwxwuonp0IG4jfNsL9SdX
SzJiK5DzRPVyDhUDgJX+go7LOjYKpUVaqoUS+VxrRYGmiynUIpw/MBo6lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3c7MCaFup2pkBgKJ4EiZRI8SNhMB8GA1UdIwQY
MBaAFIDHs96WuR7cbpyF2dWmaEGSA7X1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ01lejNwYTVIdHh1bklYWjFhWm9RWklEdGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9jMzAxZmItMzE3NC00NWMzLWE0NDct
YTdmY2ZiNTI5ZGM3LzEvTGR6c3dKb1c2bmFtUUdBb25nU0psRWp4STJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9jMzAxZmItMzE3NC00NWMzLWE0NDctYTdmY2ZiNTI5ZGM3
LzEvZ01lejNwYTVIdHh1bklYWjFhWm9RWklEdGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8hMMA0G
CSqGSIb3DQEBCwUAA4IBAQAMFIzcm4bkxNYpPczRO8Ll9M2r9vfrd0m3McSW1JTc
nnQFPVCPtrI0/LTa3PZacKiWVt6vsQoMy1d6TvxjSZiKI7feyXLuPEXZ1BzBLJxz
CqP4crNh6BNRWuxilLbaT7jkBAF/Y/c9tAOIkS8Sr7nbdHtGJ8ORRsbnnuVsZr0x
X2IHN6TGVfCZn6OMiKaNlo+9yHyBWtqfpwcpfHGwoSg5Sf8QwghpZ2TaAWNUJuXG
Fu9z52O0/4rHAq1Ba7HzYvAlUbI2djBqcELDrjqmE+qWpE9pZ3PSPd6z7M6Jj8v2
6rSyMzUw2TzvyEFkQk5mQhfxD7RfhFOJFsvhYn5Y/6rK
-----END CERTIFICATE-----
Generated at Wed Sep 18 23:56:41 2024 by rpki-client on console-fra.rpki-client.org