Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/_10Y5TaAfGpNeF3OY99jdDKF7d4.roa
File:                     _10Y5TaAfGpNeF3OY99jdDKF7d4.roa (raw, json)
Hash identifier:          nNXaHvcyWR2r64VH7FvACmd8x/SZ+AvI9gqoHCG//NQ=
Subject key identifier:   FF:5D:18:E5:36:80:7C:6A:4D:78:5D:CE:63:DF:63:74:32:85:ED:DE
Certificate issuer:       /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial:       018EBD368D5EA5B48FC8B8E14F13DC75FE71
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/_10Y5TaAfGpNeF3OY99jdDKF7d4.roa
Signing time:             Mon 08 Apr 2024 10:17:32 +0000
ROA not before:           Mon 08 Apr 2024 10:17:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        162.12.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:36:8d:5e:a5:b4:8f:c8:b8:e1:4f:13:dc:75:fe:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
        Validity
            Not Before: Apr  8 10:17:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff5d18e536807c6a4d785dce63df63743285edde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:93:d2:cd:41:31:32:f1:cb:6a:eb:35:a0:d8:
                    cd:6e:d7:de:62:b9:f1:b0:45:cb:2f:bb:2c:9f:bb:
                    a7:f8:52:4e:65:a4:dc:8e:3b:cd:75:ad:c6:7e:54:
                    7d:1f:93:78:aa:c9:5b:2d:8e:6e:a0:2c:6b:ff:91:
                    b4:f3:73:3c:6b:ec:df:27:b4:d8:33:d3:a2:f8:fe:
                    86:6b:d5:a6:53:e1:c7:84:be:81:a4:aa:cc:69:17:
                    b2:95:49:20:a9:84:63:fd:b1:6e:a9:52:f5:aa:ed:
                    57:e6:c0:e0:f4:0a:6a:c3:2e:be:c6:1b:86:92:c5:
                    6e:20:e8:58:0c:bb:aa:c0:71:c6:5a:4b:3e:b1:b8:
                    b7:67:d8:b5:cb:0e:22:78:c6:a9:b4:c5:72:c0:40:
                    ef:3d:1b:16:41:cd:74:ab:f9:2e:96:55:56:64:4e:
                    00:53:73:31:b4:61:44:34:41:9a:f1:f0:0e:56:2d:
                    62:95:ed:98:4b:6d:60:fc:81:f1:84:79:dc:62:42:
                    ed:34:26:40:90:48:d0:9d:94:28:d2:6b:8b:17:74:
                    62:2c:a2:ec:c3:a0:fd:c3:26:ed:95:ca:b6:98:ef:
                    a5:fd:0c:cb:ef:ac:b9:a4:ce:df:e0:58:11:ac:19:
                    ad:4a:ae:a3:11:30:90:91:64:da:b5:97:85:77:db:
                    36:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:5D:18:E5:36:80:7C:6A:4D:78:5D:CE:63:DF:63:74:32:85:ED:DE
            X509v3 Authority Key Identifier:
                keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/_10Y5TaAfGpNeF3OY99jdDKF7d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.12.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:bb:ec:8e:f6:6f:80:a1:ab:12:82:c3:47:f4:54:45:50:bb:
         ec:bf:5b:69:00:4d:19:8e:57:5a:b2:2d:16:40:70:19:f4:a4:
         f3:fb:10:e4:c6:d4:76:3d:22:e4:e4:f8:19:d9:16:0b:db:25:
         e3:1d:9e:65:8c:8a:87:f7:ed:11:00:0f:74:9e:d0:ce:d7:1f:
         b5:26:cb:a9:59:e4:00:a2:e1:fc:ae:5b:c3:6a:3d:92:b0:4f:
         85:78:0d:80:36:49:83:05:f9:55:d5:ae:3f:15:02:1c:41:7a:
         68:0a:31:12:1c:90:2f:66:9f:18:88:79:4a:fc:5b:c0:88:b5:
         66:28:ff:00:84:fa:86:5f:0e:7b:3c:84:63:e9:da:cc:0e:96:
         c6:63:04:c8:5c:3b:ea:e5:d4:c0:dc:f9:87:cc:e7:17:24:1a:
         95:28:cf:92:03:1e:83:0e:cb:a7:b3:aa:9e:b6:17:5e:10:a8:
         82:d3:04:5d:9f:a2:e5:9a:eb:3d:c1:df:ef:b8:f0:ce:4e:4d:
         c4:01:40:2e:a9:5f:97:b3:c2:1a:e5:c2:1c:fd:17:f6:0c:47:
         ab:e6:76:f0:02:12:1a:1d:bb:9f:32:e6:13:8a:b4:0e:4b:98:
         f5:23:4a:91:89:0e:81:71:be:9f:84:88:57:b1:e3:91:d7:21:
         1a:6b:fd:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69No1epbSPyLjhTxPcdf5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZlZmZiNTc2ZTQxMWRlNTExODcxZGMxZTBiZDdhMjBl
MmM0ZDcwHhcNMjQwNDA4MTAxNzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjVkMThlNTM2ODA3YzZhNGQ3ODVkY2U2M2RmNjM3NDMyODVlZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJPSzUExMvHLaus1oNjNbtfeYrnx
sEXLL7ssn7un+FJOZaTcjjvNda3GflR9H5N4qslbLY5uoCxr/5G083M8a+zfJ7TY
M9Oi+P6Ga9WmU+HHhL6BpKrMaReylUkgqYRj/bFuqVL1qu1X5sDg9Apqwy6+xhuG
ksVuIOhYDLuqwHHGWks+sbi3Z9i1yw4ieMaptMVywEDvPRsWQc10q/kullVWZE4A
U3MxtGFENEGa8fAOVi1ile2YS21g/IHxhHncYkLtNCZAkEjQnZQo0muLF3RiLKLs
w6D9wybtlcq2mO+l/QzL76y5pM7f4FgRrBmtSq6jETCQkWTatZeFd9s2vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9dGOU2gHxqTXhdzmPfY3Qyhe3eMB8GA1UdIwQY
MBaAFEJP7/tXbkEd5RGHHcHgvXog4sTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjct
ODMxZjdlNmY1Y2NkLzEvXzEwWTVUYUFmR3BOZUYzT1k5OWpkREtGN2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjctODMxZjdlNmY1Y2Nk
LzEvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAogzMMA0G
CSqGSIb3DQEBCwUAA4IBAQBnu+yO9m+AoasSgsNH9FRFULvsv1tpAE0Zjldasi0W
QHAZ9KTz+xDkxtR2PSLk5PgZ2RYL2yXjHZ5ljIqH9+0RAA90ntDO1x+1JsupWeQA
ouH8rlvDaj2SsE+FeA2ANkmDBflV1a4/FQIcQXpoCjESHJAvZp8YiHlK/FvAiLVm
KP8AhPqGXw57PIRj6drMDpbGYwTIXDvq5dTA3PmHzOcXJBqVKM+SAx6DDsuns6qe
thdeEKiC0wRdn6Llmus9wd/vuPDOTk3EAUAuqV+Xs8Ia5cIc/Rf2DEer5nbwAhIa
HbufMuYTirQOS5j1I0qRiQ6Bcb6fhIhXseOR1yEaa/13
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:47:00 2024 by rpki-client on console-ams.rpki-client.org