Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/jsgLkfgxBptAvj17kkDR4qjAyLk.roa
File:                     jsgLkfgxBptAvj17kkDR4qjAyLk.roa (raw, json)
Hash identifier:          6lWgM9untHlAdvo2Avy6egquV0IHp63V7w7n9lOYQu0=
Subject key identifier:   8E:C8:0B:91:F8:31:06:9B:40:BE:3D:7B:92:40:D1:E2:A8:C0:C8:B9
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018CCA2BDE83B0C6FD072F97413220521113
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/jsgLkfgxBptAvj17kkDR4qjAyLk.roa
Signing time:             Tue 02 Jan 2024 12:35:21 +0000
ROA not before:           Tue 02 Jan 2024 12:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        91.193.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:de:83:b0:c6:fd:07:2f:97:41:32:20:52:11:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  2 12:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ec80b91f831069b40be3d7b9240d1e2a8c0c8b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1e:e5:cc:91:dd:be:33:45:9c:ec:c8:0d:6a:
                    0a:3c:9d:58:f2:14:bd:ec:b4:95:c9:75:73:d9:ae:
                    45:36:30:e7:de:fe:5a:27:2b:0d:13:0a:7a:7c:97:
                    cd:b3:59:f0:9d:80:50:51:69:12:77:2f:69:c8:c4:
                    43:c1:d9:4f:82:4f:bd:e3:f8:6e:03:d9:e2:57:a9:
                    32:68:db:dd:00:ae:68:56:d0:95:76:8e:42:9e:2b:
                    3f:53:40:fc:3a:97:d7:a4:8a:dc:cd:da:b2:fb:fe:
                    57:80:ca:18:93:2f:d0:08:2c:52:ab:dc:68:29:7e:
                    8c:ce:c3:4c:31:5d:8c:50:00:84:5e:a0:4d:2f:95:
                    14:84:c0:00:84:ff:2d:6b:49:3f:91:16:4d:ea:e0:
                    8f:df:d4:4b:d4:4b:2d:1a:38:3e:ba:78:c2:74:43:
                    6c:28:1d:e6:de:3f:8d:e9:8a:9b:30:66:90:2f:b1:
                    8b:4f:5d:f0:ae:e0:7c:b9:64:46:b2:5b:60:47:99:
                    1e:3f:6a:ef:74:d5:94:18:83:ed:01:6b:e4:7a:62:
                    c1:d3:c4:39:06:9b:0c:ab:8b:06:41:c9:14:3a:03:
                    03:9e:f9:dc:19:b0:e9:96:14:ab:5b:01:ea:03:6d:
                    fa:20:7f:6e:a1:29:00:61:40:15:a0:c5:99:95:34:
                    dd:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:C8:0B:91:F8:31:06:9B:40:BE:3D:7B:92:40:D1:E2:A8:C0:C8:B9
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/jsgLkfgxBptAvj17kkDR4qjAyLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:0e:99:06:ed:87:ed:16:ff:35:75:5c:6f:c9:fa:ad:aa:f6:
         41:e7:37:03:d1:2d:38:60:3e:a1:e1:48:6e:2c:5a:8d:95:b1:
         53:64:ef:3b:06:8c:1b:31:59:b1:04:53:92:e1:77:1c:97:08:
         c6:68:d4:2f:79:51:6b:8f:14:eb:4e:6f:ca:19:e9:94:36:ad:
         37:24:f7:3e:e5:e7:2b:21:87:44:04:ab:71:db:8d:0b:29:b6:
         14:91:cc:d7:93:44:30:1e:bf:6c:84:41:46:54:db:f6:8f:ef:
         d6:76:49:9b:cf:2c:04:03:94:9f:9c:a4:5f:74:16:33:a9:41:
         1c:60:83:d4:8b:1e:65:a5:d5:94:88:8f:4c:05:b3:9c:04:eb:
         03:6f:f1:fc:21:71:2e:bd:2b:69:20:32:83:c3:28:a3:c9:3a:
         77:5d:36:31:91:cc:f9:69:0c:08:45:16:ee:a2:d6:75:6b:b8:
         b4:92:63:28:95:af:37:6b:ad:a9:31:71:93:5d:30:1a:09:74:
         e0:05:d8:6e:55:55:3d:eb:37:f3:8f:b5:a3:90:b3:b1:60:1f:
         a3:af:b7:6b:96:90:dc:4d:9d:ed:1d:b5:6f:f8:98:75:94:31:
         06:9e:00:62:0c:12:d9:6a:e7:4b:0e:0f:bb:9d:aa:57:72:30:
         7d:ff:db:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK96DsMb9By+XQTIgUhETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMTAyMTIzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWM4MGI5MWY4MzEwNjliNDBiZTNkN2I5MjQwZDFlMmE4YzBjOGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhR7lzJHdvjNFnOzIDWoKPJ1Y8hS9
7LSVyXVz2a5FNjDn3v5aJysNEwp6fJfNs1nwnYBQUWkSdy9pyMRDwdlPgk+94/hu
A9niV6kyaNvdAK5oVtCVdo5Cnis/U0D8OpfXpIrczdqy+/5XgMoYky/QCCxSq9xo
KX6MzsNMMV2MUACEXqBNL5UUhMAAhP8ta0k/kRZN6uCP39RL1EstGjg+unjCdENs
KB3m3j+N6YqbMGaQL7GLT13wruB8uWRGsltgR5keP2rvdNWUGIPtAWvkemLB08Q5
BpsMq4sGQckUOgMDnvncGbDplhSrWwHqA236IH9uoSkAYUAVoMWZlTTdkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7IC5H4MQabQL49e5JA0eKowMi5MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvanNnTGtmZ3hCcHRBdmoxN2trRFI0cWpBeUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8HoMA0G
CSqGSIb3DQEBCwUAA4IBAQAcDpkG7YftFv81dVxvyfqtqvZB5zcD0S04YD6h4Uhu
LFqNlbFTZO87BowbMVmxBFOS4XcclwjGaNQveVFrjxTrTm/KGemUNq03JPc+5ecr
IYdEBKtx240LKbYUkczXk0QwHr9shEFGVNv2j+/WdkmbzywEA5SfnKRfdBYzqUEc
YIPUix5lpdWUiI9MBbOcBOsDb/H8IXEuvStpIDKDwyijyTp3XTYxkcz5aQwIRRbu
otZ1a7i0kmMola83a62pMXGTXTAaCXTgBdhuVVU96zfzj7WjkLOxYB+jr7drlpDc
TZ3tHbVv+Jh1lDEGngBiDBLZaudLDg+7napXcjB9/9s8
-----END CERTIFICATE-----
Generated at Mon May 6 07:58:46 2024 by rpki-client on console-fra.rpki-client.org