Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/S3s2qzYLis1VkTB0eoEpMzUC1xI.roa
File:                     S3s2qzYLis1VkTB0eoEpMzUC1xI.roa (raw, json)
Hash identifier:          ZZzeLVRtAR18f/NB2Gnd7C12n1sK9+b/V/QRjz4xnWI=
Subject key identifier:   4B:7B:36:AB:36:0B:8A:CD:55:91:30:74:7A:81:29:33:35:02:D7:12
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       0191EC5AF2DFB5CA65FD3BEBDB9B40F7FD2E
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/S3s2qzYLis1VkTB0eoEpMzUC1xI.roa
Signing time:             Fri 13 Sep 2024 17:07:48 +0000
ROA not before:           Fri 13 Sep 2024 17:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49372
IP address blocks:        185.165.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ec:5a:f2:df:b5:ca:65:fd:3b:eb:db:9b:40:f7:fd:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Sep 13 17:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b7b36ab360b8acd559130747a8129333502d712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b9:0a:48:a6:9f:fb:8b:ee:bb:b4:7d:9a:dd:
                    df:95:93:da:03:f2:29:b5:02:ad:9c:db:9f:81:98:
                    d2:da:91:6b:74:5a:15:32:ad:23:96:4c:1c:35:70:
                    67:af:22:df:0f:63:c6:9d:6d:66:b3:78:94:fb:25:
                    ab:3e:25:d8:3f:59:88:d7:94:41:ab:bc:bf:39:a7:
                    c3:86:10:ad:d2:ee:60:13:a3:48:96:09:54:40:f4:
                    1c:8f:a1:d4:3a:91:3f:38:aa:63:80:3c:fb:27:9b:
                    ce:b1:96:58:9f:db:5f:34:04:36:9c:3d:7b:96:43:
                    9a:5c:fc:b8:97:0a:c3:52:81:1d:e8:c7:4f:c4:42:
                    f4:a6:c8:03:8b:51:08:5e:f3:f9:b1:5b:3d:26:c0:
                    fd:e5:58:47:ea:69:02:c6:20:36:e1:44:39:a0:24:
                    2f:bd:59:7d:de:bd:69:26:e9:96:49:61:31:f6:dc:
                    bb:96:58:98:11:f9:4a:00:c8:58:7f:39:ff:5f:18:
                    a2:41:a3:4e:aa:96:1e:4e:1a:f8:66:c3:23:9e:67:
                    af:2f:5c:36:ef:75:80:be:9a:33:47:05:e2:31:de:
                    f2:4b:cd:35:dc:33:eb:e3:37:cc:9a:20:86:4f:34:
                    b9:23:10:ad:69:96:9a:9c:67:24:06:54:68:5e:7a:
                    2e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7B:36:AB:36:0B:8A:CD:55:91:30:74:7A:81:29:33:35:02:D7:12
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/S3s2qzYLis1VkTB0eoEpMzUC1xI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:11:33:94:5b:70:87:d9:a0:5f:ed:d2:57:e9:68:2f:29:54:
         f9:f6:b3:64:8a:6e:81:50:74:20:c9:ee:7c:1c:09:41:de:be:
         06:29:5f:fc:7a:17:1a:08:60:10:cf:f1:e4:03:f9:a3:af:be:
         25:43:20:1a:c8:5f:54:8f:14:98:14:31:8b:53:64:43:dc:a8:
         b5:c3:81:64:5f:da:14:0a:f8:06:87:db:b8:35:bc:e1:e3:23:
         35:d9:9d:a9:41:6b:ee:6c:11:13:26:47:85:4d:fa:40:2b:4d:
         ba:05:d5:17:57:91:f0:90:5d:1b:fd:d0:7e:f8:00:60:76:70:
         90:6a:96:41:94:e9:a0:97:66:a5:16:02:69:2d:e1:1d:34:b4:
         63:d6:86:3d:02:16:1c:38:95:ec:59:d4:c8:a2:e3:bd:ca:66:
         0a:a0:4f:94:36:a8:79:1e:a9:e0:41:e6:ff:1a:a2:40:bb:a0:
         a8:b5:7c:c4:43:83:41:e5:64:e0:16:bd:c6:bd:b9:84:cd:45:
         1f:14:63:49:e8:49:81:7d:1f:70:d4:b9:fa:90:a4:f0:69:f4:
         63:0b:fd:c4:17:e6:f7:64:f6:ea:1f:7c:22:b4:91:52:39:e2:
         fe:28:01:90:2f:16:68:98:d1:0b:e9:cd:6a:33:dd:5a:a5:36:
         70:23:d5:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHsWvLftcpl/Tvr25tA9/0uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwOTEzMTcwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdiMzZhYjM2MGI4YWNkNTU5MTMwNzQ3YTgxMjkzMzM1MDJkNzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLkKSKaf+4vuu7R9mt3flZPaA/Ip
tQKtnNufgZjS2pFrdFoVMq0jlkwcNXBnryLfD2PGnW1ms3iU+yWrPiXYP1mI15RB
q7y/OafDhhCt0u5gE6NIlglUQPQcj6HUOpE/OKpjgDz7J5vOsZZYn9tfNAQ2nD17
lkOaXPy4lwrDUoEd6MdPxEL0psgDi1EIXvP5sVs9JsD95VhH6mkCxiA24UQ5oCQv
vVl93r1pJumWSWEx9ty7lliYEflKAMhYfzn/XxiiQaNOqpYeThr4ZsMjnmevL1w2
73WAvpozRwXiMd7yS8013DPr4zfMmiCGTzS5IxCtaZaanGckBlRoXnouvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEt7Nqs2C4rNVZEwdHqBKTM1AtcSMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvUzNzMnF6WUxpczFWa1RCMGVvRXBNelVDMXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaWaMA0G
CSqGSIb3DQEBCwUAA4IBAQB6ETOUW3CH2aBf7dJX6WgvKVT59rNkim6BUHQgye58
HAlB3r4GKV/8ehcaCGAQz/HkA/mjr74lQyAayF9UjxSYFDGLU2RD3Ki1w4FkX9oU
CvgGh9u4Nbzh4yM12Z2pQWvubBETJkeFTfpAK026BdUXV5HwkF0b/dB++ABgdnCQ
apZBlOmgl2alFgJpLeEdNLRj1oY9AhYcOJXsWdTIouO9ymYKoE+UNqh5HqngQeb/
GqJAu6CotXzEQ4NB5WTgFr3GvbmEzUUfFGNJ6EmBfR9w1Ln6kKTwafRjC/3EF+b3
ZPbqH3witJFSOeL+KAGQLxZomNEL6c1qM91apTZwI9WU
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:30:26 2024 by rpki-client on console-ams.rpki-client.org