Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ut0GWWrjpXgJBXhNZsL1nQJtzXQ.roa
File:                     Ut0GWWrjpXgJBXhNZsL1nQJtzXQ.roa (raw, json)
Hash identifier:          YhATTWjiuMXY5dXW7m2vmgONAPrYPIoCr94lFRWz2Js=
Subject key identifier:   52:DD:06:59:6A:E3:A5:78:09:05:78:4D:66:C2:F5:9D:02:6D:CD:74
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6C2D0CD499F4DE3A5C7462C78CDB5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ut0GWWrjpXgJBXhNZsL1nQJtzXQ.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        88.209.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c2:d0:cd:49:9f:4d:e3:a5:c7:46:2c:78:cd:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52dd06596ae3a5780905784d66c2f59d026dcd74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:96:7c:2d:4b:08:e0:08:49:47:7f:56:95:3d:
                    f1:88:d5:91:60:9b:bd:cb:05:09:b8:f9:76:be:14:
                    9d:1a:5b:f0:18:1f:36:ad:31:31:7a:86:d8:82:a9:
                    1d:70:4f:ae:a5:dc:19:8a:05:64:12:ed:84:d5:da:
                    be:a4:44:d6:68:b8:9a:37:2c:4e:43:fa:7e:9c:a6:
                    a8:6d:42:20:2f:ed:97:80:5c:6c:2d:9a:72:65:81:
                    e4:b8:af:d7:84:d6:52:e1:e3:5e:eb:e3:57:ee:fc:
                    e6:42:ea:85:5b:4d:0b:d8:21:62:65:dc:fc:b8:70:
                    64:50:27:34:95:ff:1e:74:7d:9b:a2:b7:6f:58:16:
                    be:87:92:0d:f1:9e:57:a8:a8:5f:86:de:ff:f0:53:
                    33:e3:43:b1:72:f7:08:3a:aa:2d:f7:64:74:86:28:
                    7b:f3:c1:77:d0:69:17:81:bc:6d:06:34:50:5f:8a:
                    5f:1f:35:dd:39:86:ae:b7:ba:79:00:1c:95:18:ff:
                    2b:8d:1d:5c:87:15:ed:60:46:72:f5:20:02:cd:a1:
                    5e:40:db:0b:da:85:bf:e6:98:c1:6c:0e:7f:a6:cf:
                    6b:bc:a5:63:a2:5a:40:48:74:9a:11:1d:ba:4e:ab:
                    dc:ea:47:bc:36:33:b9:05:f9:bb:9a:0a:1f:14:06:
                    6c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:DD:06:59:6A:E3:A5:78:09:05:78:4D:66:C2:F5:9D:02:6D:CD:74
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ut0GWWrjpXgJBXhNZsL1nQJtzXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:59:03:98:e6:a6:04:3b:c1:65:e9:7d:3e:b0:e1:ef:0f:34:
         69:19:0a:3c:79:e2:f9:de:b1:6a:91:42:cc:bb:14:e2:45:33:
         22:ff:c1:c1:84:fd:9f:4d:f0:b3:95:a8:44:14:b1:4a:86:94:
         5d:af:8b:3b:59:00:2c:3b:a8:0a:ba:72:82:1b:28:bd:60:57:
         93:12:cc:e5:c9:55:8b:93:fc:65:56:ea:a8:15:35:ea:b6:cf:
         e5:9a:89:7b:19:da:1f:bf:c0:90:dc:07:a3:11:dd:84:37:95:
         01:f9:e9:a1:05:10:f5:69:40:26:71:38:18:a4:d9:b5:38:6a:
         3f:86:f0:5a:b7:84:a2:46:2e:e0:68:10:20:8b:a3:3f:69:aa:
         58:28:1d:36:00:bd:41:01:f4:ee:49:2e:cd:55:a9:75:88:db:
         98:44:8b:af:2d:61:89:83:6c:1a:6f:e9:ec:97:16:f9:23:09:
         e0:ad:6b:d4:14:bb:32:d6:c6:57:bd:04:08:57:bd:a4:2f:4c:
         a1:cb:53:2e:72:6c:88:0f:3d:af:6f:e4:62:e3:0f:0d:96:f9:
         33:39:50:48:db:27:34:56:58:55:21:47:2b:0a:66:92:8f:a2:
         ca:86:91:ce:eb:05:6a:97:96:a8:eb:0f:18:47:80:d5:df:6e:
         45:9d:13:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsLQzUmfTeOlx0YseM21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmRkMDY1OTZhZTNhNTc4MDkwNTc4NGQ2NmMyZjU5ZDAyNmRjZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJZ8LUsI4AhJR39WlT3xiNWRYJu9
ywUJuPl2vhSdGlvwGB82rTExeobYgqkdcE+updwZigVkEu2E1dq+pETWaLiaNyxO
Q/p+nKaobUIgL+2XgFxsLZpyZYHkuK/XhNZS4eNe6+NX7vzmQuqFW00L2CFiZdz8
uHBkUCc0lf8edH2bordvWBa+h5IN8Z5XqKhfht7/8FMz40OxcvcIOqot92R0hih7
88F30GkXgbxtBjRQX4pfHzXdOYaut7p5AByVGP8rjR1chxXtYEZy9SACzaFeQNsL
2oW/5pjBbA5/ps9rvKVjolpASHSaER26Tqvc6ke8NjO5Bfm7mgofFAZsmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLdBllq46V4CQV4TWbC9Z0Cbc10MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVXQwR1dXcmpwWGdKQlhoTlpzTDFuUUp0elhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHnMA0G
CSqGSIb3DQEBCwUAA4IBAQA8WQOY5qYEO8Fl6X0+sOHvDzRpGQo8eeL53rFqkULM
uxTiRTMi/8HBhP2fTfCzlahEFLFKhpRdr4s7WQAsO6gKunKCGyi9YFeTEszlyVWL
k/xlVuqoFTXqts/lmol7Gdofv8CQ3AejEd2EN5UB+emhBRD1aUAmcTgYpNm1OGo/
hvBat4SiRi7gaBAgi6M/aapYKB02AL1BAfTuSS7NVal1iNuYRIuvLWGJg2wab+ns
lxb5IwngrWvUFLsy1sZXvQQIV72kL0yhy1MucmyIDz2vb+Ri4w8NlvkzOVBI2yc0
VlhVIUcrCmaSj6LKhpHO6wVql5ao6w8YR4DV325FnRPg
-----END CERTIFICATE-----
Generated at Fri May 3 03:42:35 2024 by rpki-client on console-ams.rpki-client.org