Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/M70cuy9V9EyYk2nobkeBUfH2s4Y.roa
File:                     M70cuy9V9EyYk2nobkeBUfH2s4Y.roa (raw, json)
Hash identifier:          3vMZWQKovzfFQ+s2kOXkaCGWvNjeKtwH8XccCZZeBhI=
Subject key identifier:   33:BD:1C:BB:2F:55:F4:4C:98:93:69:E8:6E:47:81:51:F1:F6:B3:86
Certificate issuer:       /CN=ba99d4db12e4f0b002f60e92cc533e6f882d1508
Certificate serial:       018CC42547E85423137F06D56D42CF2520E5
Authority key identifier: BA:99:D4:DB:12:E4:F0:B0:02:F6:0E:92:CC:53:3E:6F:88:2D:15:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upnU2xLk8LAC9g6SzFM-b4gtFQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/M70cuy9V9EyYk2nobkeBUfH2s4Y.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.69.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/upnU2xLk8LAC9g6SzFM-b4gtFQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/upnU2xLk8LAC9g6SzFM-b4gtFQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/upnU2xLk8LAC9g6SzFM-b4gtFQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:47:e8:54:23:13:7f:06:d5:6d:42:cf:25:20:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba99d4db12e4f0b002f60e92cc533e6f882d1508
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33bd1cbb2f55f44c989369e86e478151f1f6b386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:49:75:38:75:2c:f4:61:15:48:a6:5a:16:f5:
                    77:ce:f9:8d:55:7e:2b:11:ed:31:c9:c1:41:ca:7c:
                    56:09:9a:e9:f7:f6:6d:3e:c5:23:3f:29:7d:37:26:
                    41:3d:4c:91:83:6d:9b:6d:52:b3:bd:95:7c:2b:ff:
                    31:ed:d8:cd:f7:76:0f:46:b7:75:6e:d8:c3:93:98:
                    d0:30:4c:cf:30:71:6d:dc:5c:02:3b:df:73:65:c4:
                    7a:7e:a5:e5:4f:b7:db:8d:34:3c:3b:da:fd:b3:e9:
                    96:93:34:d4:b8:82:93:76:19:b9:65:5c:a5:a3:17:
                    73:e5:65:c0:63:52:c0:b2:bc:93:c7:62:eb:17:c3:
                    20:6b:47:12:28:85:89:31:15:ea:06:14:b5:7b:83:
                    03:2d:ae:f7:d4:e0:d8:60:f0:c3:f3:b2:33:d1:d0:
                    55:9e:be:36:0d:b1:4a:11:a1:a5:75:d2:6f:eb:ab:
                    e9:95:52:b6:84:5b:d8:44:33:39:6c:7d:48:72:f1:
                    8f:bb:c6:03:5d:de:8b:05:ed:dd:81:cd:71:4f:79:
                    ee:36:c9:40:13:6c:bc:92:a3:9d:24:cc:81:05:45:
                    9e:47:7a:fc:3a:d7:1d:6e:cc:2d:47:67:7d:28:8c:
                    2c:af:76:51:9a:bc:7c:f3:f1:87:38:c8:9c:5d:20:
                    a7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:BD:1C:BB:2F:55:F4:4C:98:93:69:E8:6E:47:81:51:F1:F6:B3:86
            X509v3 Authority Key Identifier:
                keyid:BA:99:D4:DB:12:E4:F0:B0:02:F6:0E:92:CC:53:3E:6F:88:2D:15:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upnU2xLk8LAC9g6SzFM-b4gtFQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/M70cuy9V9EyYk2nobkeBUfH2s4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/upnU2xLk8LAC9g6SzFM-b4gtFQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:4f:04:cc:fd:73:7e:19:fe:35:96:3b:95:d9:2d:f9:77:e4:
         91:56:fa:22:2b:64:ec:06:a6:29:93:ce:64:f3:ba:35:9b:dd:
         f8:bd:19:5a:61:3a:25:86:8e:39:3b:cf:90:ac:b2:48:ad:d4:
         0c:95:df:32:71:ca:8a:af:4b:91:2a:c4:1e:0d:4b:40:77:7b:
         95:79:5b:0a:94:ab:cb:ca:4f:48:5f:79:a3:b1:94:e0:5b:44:
         2c:7d:bc:b1:ad:67:08:a2:c2:a5:3b:29:a8:f5:1b:2a:29:c7:
         f6:33:b6:4b:36:e6:16:42:4b:d1:57:8d:86:0f:5a:15:a2:42:
         d2:df:48:ce:23:9e:87:c7:b9:28:d4:50:e4:c0:8a:c8:42:08:
         23:11:b4:28:26:b4:e8:88:6b:20:5a:9d:ef:ab:11:85:11:36:
         b2:d7:32:ba:27:32:93:7d:ab:0c:14:93:0a:60:b6:fc:68:d9:
         7f:49:f6:49:7a:ce:8a:68:02:4a:63:1f:0d:98:69:25:4c:25:
         d2:35:50:18:1f:14:33:16:e5:ed:50:6f:2f:6e:9b:ec:d6:69:
         74:fd:74:f2:99:fe:84:09:f1:0e:2c:66:a3:8b:f3:e5:38:a7:
         62:9f:11:b8:b2:aa:43:8d:17:33:0b:ca:a0:a3:6e:18:85:4b:
         1a:2a:9b:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUfoVCMTfwbVbULPJSDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOTlkNGRiMTJlNGYwYjAwMmY2MGU5MmNjNTMzZTZmODgy
ZDE1MDgwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2JkMWNiYjJmNTVmNDRjOTg5MzY5ZTg2ZTQ3ODE1MWYxZjZiMzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0l1OHUs9GEVSKZaFvV3zvmNVX4r
Ee0xycFBynxWCZrp9/ZtPsUjPyl9NyZBPUyRg22bbVKzvZV8K/8x7djN93YPRrd1
btjDk5jQMEzPMHFt3FwCO99zZcR6fqXlT7fbjTQ8O9r9s+mWkzTUuIKTdhm5ZVyl
oxdz5WXAY1LAsryTx2LrF8Mga0cSKIWJMRXqBhS1e4MDLa731ODYYPDD87Iz0dBV
nr42DbFKEaGlddJv66vplVK2hFvYRDM5bH1IcvGPu8YDXd6LBe3dgc1xT3nuNslA
E2y8kqOdJMyBBUWeR3r8OtcdbswtR2d9KIwsr3ZRmrx88/GHOMicXSCnMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDO9HLsvVfRMmJNp6G5HgVHx9rOGMB8GA1UdIwQY
MBaAFLqZ1NsS5PCwAvYOksxTPm+ILRUIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXBuVTJ4TGs4TEFDOWc2U3pGTS1iNGd0RlFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yZjUxNmQtOTZjOS00YmYyLTgxYzgt
OGI0OGYzZjQwNjI1LzEvTTcwY3V5OVY5RXlZazJub2JrZUJVZkgyczRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yZjUxNmQtOTZjOS00YmYyLTgxYzgtOGI0OGYzZjQwNjI1
LzEvdXBuVTJ4TGs4TEFDOWc2U3pGTS1iNGd0RlFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUUBMA0G
CSqGSIb3DQEBCwUAA4IBAQBsTwTM/XN+Gf41ljuV2S35d+SRVvoiK2TsBqYpk85k
87o1m934vRlaYTolho45O8+QrLJIrdQMld8yccqKr0uRKsQeDUtAd3uVeVsKlKvL
yk9IX3mjsZTgW0QsfbyxrWcIosKlOymo9RsqKcf2M7ZLNuYWQkvRV42GD1oVokLS
30jOI56Hx7ko1FDkwIrIQggjEbQoJrToiGsgWp3vqxGFETay1zK6JzKTfasMFJMK
YLb8aNl/SfZJes6KaAJKYx8NmGklTCXSNVAYHxQzFuXtUG8vbpvs1ml0/XTymf6E
CfEOLGaji/PlOKdinxG4sqpDjRczC8qgo24YhUsaKptV
-----END CERTIFICATE-----
Generated at Thu May 2 19:37:32 2024 by rpki-client on console-fra.rpki-client.org