Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/t9lgDSKYhyaVAMJdXDlDEbL5zME.roa
File:                     t9lgDSKYhyaVAMJdXDlDEbL5zME.roa (raw, json)
Hash identifier:          /0ieAYIMmgSbwxaU/kRwK5f38iMXKAWYAAcPUzY+eZs=
Subject key identifier:   B7:D9:60:0D:22:98:87:26:95:00:C2:5D:5C:39:43:11:B2:F9:CC:C1
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       01920AE3B8A01DE1CD952501CCE97DFD426D
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/t9lgDSKYhyaVAMJdXDlDEbL5zME.roa
Signing time:             Thu 19 Sep 2024 15:25:48 +0000
ROA not before:           Thu 19 Sep 2024 15:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        195.211.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0a:e3:b8:a0:1d:e1:cd:95:25:01:cc:e9:7d:fd:42:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: Sep 19 15:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7d9600d229887269500c25d5c394311b2f9ccc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:41:58:e2:9d:00:87:77:99:79:60:02:80:5b:
                    da:0d:5a:47:21:13:3c:03:1e:9d:db:fa:12:3e:9c:
                    c1:c4:d0:3a:c7:6a:df:77:44:1a:25:e6:f1:3a:33:
                    99:ce:e1:43:bf:54:43:57:2d:32:21:7e:a7:82:07:
                    97:86:ff:64:17:32:36:6e:da:1f:02:66:19:19:8f:
                    68:70:45:05:59:ff:e4:56:09:37:3c:ad:1b:9d:fc:
                    72:49:7b:e5:10:fe:03:00:62:a2:12:36:5e:48:b6:
                    55:8c:de:2b:ba:a5:70:15:d5:02:3f:40:8b:d4:e8:
                    fa:6d:c1:18:11:56:6e:5d:7a:29:58:b1:ad:25:d5:
                    73:9c:8c:35:28:41:35:ec:bb:37:16:7a:1c:b7:f8:
                    a2:ff:39:b8:38:84:2e:55:3d:9a:b9:cc:ac:1d:75:
                    a5:07:31:62:55:51:2d:43:b6:75:60:8c:1a:d0:18:
                    19:32:d7:e3:92:1e:ec:c5:75:f7:2d:94:bd:7d:86:
                    98:7b:a0:b2:91:89:20:4c:ec:3f:2b:b0:cd:14:b4:
                    ef:2f:60:0d:c2:66:d5:1c:02:f6:40:4e:19:17:c2:
                    04:1a:4e:00:a4:f2:3d:15:da:2c:1a:e2:40:37:d8:
                    21:0e:a4:47:e7:7f:a0:7d:27:92:d6:94:7c:c7:b1:
                    3a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:D9:60:0D:22:98:87:26:95:00:C2:5D:5C:39:43:11:B2:F9:CC:C1
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/t9lgDSKYhyaVAMJdXDlDEbL5zME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:9d:bf:a2:bb:6e:ba:03:a3:4f:f7:36:1b:7f:77:53:10:66:
         9e:a1:31:01:e9:2c:45:50:c1:18:67:11:ab:e6:2a:53:d9:16:
         1c:6e:99:a4:2c:30:e8:80:86:1e:76:2d:fd:0d:83:20:2f:9e:
         c9:5a:cf:0e:f8:20:2c:72:5e:f5:d7:e5:b8:fa:2b:0c:dd:7b:
         ef:0f:3a:e5:e0:71:74:5f:b7:2d:18:33:3c:c9:a8:4c:82:34:
         f2:fb:ae:a5:98:00:5e:81:a1:82:6d:67:d1:cb:42:6a:ae:5d:
         52:df:7c:74:4d:a1:ec:cf:1e:4e:c6:c4:c6:70:15:5c:b7:e8:
         88:a2:75:0d:cc:0f:56:4f:62:74:43:41:9d:f3:ab:73:dd:ed:
         a3:96:45:8d:14:eb:03:c0:1a:48:58:11:14:12:a4:c6:8c:e0:
         fb:f8:7c:83:a6:d9:bf:d2:0d:e6:53:77:bc:71:77:b7:90:22:
         5e:d5:06:de:39:55:e2:91:d8:bb:49:3e:91:f3:2b:57:b2:5f:
         8a:34:91:72:1a:9e:82:87:d2:5c:7c:26:7b:b9:28:28:f3:06:
         65:65:32:12:27:69:3d:27:f4:fc:15:44:5f:97:a4:78:ad:46:
         6f:d7:24:a8:c2:be:51:b6:93:f0:89:25:e6:2f:05:50:8b:69:
         3c:19:ec:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIK47igHeHNlSUBzOl9/UJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjQwOTE5MTUyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2Q5NjAwZDIyOTg4NzI2OTUwMGMyNWQ1YzM5NDMxMWIyZjljY2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0FY4p0Ah3eZeWACgFvaDVpHIRM8
Ax6d2/oSPpzBxNA6x2rfd0QaJebxOjOZzuFDv1RDVy0yIX6nggeXhv9kFzI2btof
AmYZGY9ocEUFWf/kVgk3PK0bnfxySXvlEP4DAGKiEjZeSLZVjN4ruqVwFdUCP0CL
1Oj6bcEYEVZuXXopWLGtJdVznIw1KEE17Ls3Fnoct/ii/zm4OIQuVT2aucysHXWl
BzFiVVEtQ7Z1YIwa0BgZMtfjkh7sxXX3LZS9fYaYe6CykYkgTOw/K7DNFLTvL2AN
wmbVHAL2QE4ZF8IEGk4ApPI9FdosGuJAN9ghDqRH53+gfSeS1pR8x7E6fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfZYA0imIcmlQDCXVw5QxGy+czBMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEvdDlsZ0RTS1loeWFWQU1KZFhEbERFYkw1ek1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9N0MA0G
CSqGSIb3DQEBCwUAA4IBAQB/nb+iu266A6NP9zYbf3dTEGaeoTEB6SxFUMEYZxGr
5ipT2RYcbpmkLDDogIYedi39DYMgL57JWs8O+CAscl711+W4+isM3XvvDzrl4HF0
X7ctGDM8yahMgjTy+66lmABegaGCbWfRy0Jqrl1S33x0TaHszx5OxsTGcBVct+iI
onUNzA9WT2J0Q0Gd86tz3e2jlkWNFOsDwBpIWBEUEqTGjOD7+HyDptm/0g3mU3e8
cXe3kCJe1QbeOVXikdi7ST6R8ytXsl+KNJFyGp6Ch9JcfCZ7uSgo8wZlZTISJ2k9
J/T8FURfl6R4rUZv1ySowr5RtpPwiSXmLwVQi2k8GezZ
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:32:33 2024 by rpki-client on console-ams.rpki-client.org