Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/8abb58-f30c-4f3b-b992-9becc136cc71/1/NxmRlRF0dDidLDQ-DBhT_kIO1OE.roa
File:                     NxmRlRF0dDidLDQ-DBhT_kIO1OE.roa (raw, json)
Hash identifier:          23Vq/Kdx972iy92VSE8kkmurVR4r1kb+Mla4Mlo9f9Q=
Subject key identifier:   37:19:91:95:11:74:74:38:9D:2C:34:3E:0C:18:53:FE:42:0E:D4:E1
Certificate issuer:       /CN=ece6498d174adf5c89a365c2d1e477dcf24f982e
Certificate serial:       0193166E8353DE04F50668B55D2FE9990CBC
Authority key identifier: EC:E6:49:8D:17:4A:DF:5C:89:A3:65:C2:D1:E4:77:DC:F2:4F:98:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7OZJjRdK31yJo2XC0eR33PJPmC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/8abb58-f30c-4f3b-b992-9becc136cc71/1/NxmRlRF0dDidLDQ-DBhT_kIO1OE.roa
Signing time:             Sun 10 Nov 2024 14:16:01 +0000
ROA not before:           Sun 10 Nov 2024 14:16:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        91.212.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/8abb58-f30c-4f3b-b992-9becc136cc71/1/7OZJjRdK31yJo2XC0eR33PJPmC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/8abb58-f30c-4f3b-b992-9becc136cc71/1/7OZJjRdK31yJo2XC0eR33PJPmC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7OZJjRdK31yJo2XC0eR33PJPmC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:16:6e:83:53:de:04:f5:06:68:b5:5d:2f:e9:99:0c:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ece6498d174adf5c89a365c2d1e477dcf24f982e
        Validity
            Not Before: Nov 10 14:16:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37199195117474389d2c343e0c1853fe420ed4e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:29:dc:29:47:7c:d5:ce:83:13:7a:c0:06:56:
                    b5:0b:c6:00:30:f8:18:db:6a:89:b0:1a:07:dd:8b:
                    ef:35:eb:19:58:67:e1:8f:70:db:a9:86:e5:c7:81:
                    20:63:db:55:03:cb:d8:6e:d8:dc:63:4a:ce:79:21:
                    e9:d7:6a:55:91:4b:0b:31:e6:78:dc:56:c9:9f:a7:
                    32:d1:19:2d:59:f7:a1:f2:03:8d:04:fe:cd:e2:29:
                    1c:29:f8:ad:3e:a2:02:bd:6d:7d:0e:f3:02:50:e1:
                    90:a4:e7:06:4e:44:ee:7a:48:ba:70:be:68:00:ee:
                    25:c1:99:ee:03:4c:b8:b3:8a:00:67:3d:2d:89:19:
                    58:88:70:9f:c8:b7:11:80:33:c2:63:94:3b:3a:66:
                    20:89:07:68:eb:01:51:28:83:9f:26:28:b0:f5:04:
                    92:57:6e:2f:fc:43:a7:91:7d:9f:f1:de:35:97:c4:
                    28:02:7d:07:5c:ff:db:23:8d:51:f9:47:17:06:63:
                    77:4d:90:37:1e:46:9d:fd:75:47:ee:9b:5e:86:24:
                    4c:98:89:e5:15:83:a0:56:3e:8f:9e:ea:16:85:1c:
                    3b:dd:ce:65:be:8b:3d:fd:26:90:4d:b6:16:80:04:
                    49:77:ea:8e:7c:cf:26:9f:cb:14:fa:00:17:94:da:
                    96:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:19:91:95:11:74:74:38:9D:2C:34:3E:0C:18:53:FE:42:0E:D4:E1
            X509v3 Authority Key Identifier:
                keyid:EC:E6:49:8D:17:4A:DF:5C:89:A3:65:C2:D1:E4:77:DC:F2:4F:98:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7OZJjRdK31yJo2XC0eR33PJPmC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8abb58-f30c-4f3b-b992-9becc136cc71/1/NxmRlRF0dDidLDQ-DBhT_kIO1OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8abb58-f30c-4f3b-b992-9becc136cc71/1/7OZJjRdK31yJo2XC0eR33PJPmC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:a2:33:e3:2d:93:9f:c6:6d:99:6d:17:14:db:31:75:0e:c6:
         04:a1:34:85:66:a6:e7:b9:56:0c:6a:5e:f7:8c:dc:ac:94:a1:
         40:3c:87:4d:b0:73:f5:d8:8c:77:4b:45:06:bc:95:54:9f:87:
         4b:f3:1b:03:84:f8:65:78:20:33:b8:74:69:07:c2:b8:53:90:
         ad:06:80:9e:d8:65:f9:02:d8:bc:96:48:53:00:c7:21:62:d1:
         23:9d:dd:eb:69:1d:98:b3:74:7f:c5:37:c0:58:7b:e6:c6:0f:
         07:64:46:0c:36:b6:65:b8:f4:4f:70:e7:1d:5f:e3:05:3e:c3:
         82:8e:df:4a:25:d2:d7:fe:0b:44:b7:c0:af:a9:10:09:ed:ef:
         e9:d1:76:54:ce:ea:ce:cf:65:64:7a:3d:c0:8e:d6:ad:a9:ee:
         fd:67:9a:28:e2:15:6b:b8:73:1a:42:3b:db:15:f6:f8:72:62:
         58:f7:6e:25:34:26:d8:b8:21:64:35:94:00:c1:20:d2:87:3d:
         f0:da:8a:75:eb:d7:94:1b:f1:d1:5f:14:f4:fb:24:87:db:f4:
         51:bc:eb:83:b0:2d:13:7c:ec:43:95:5c:b4:1a:41:9b:3c:8a:
         bb:6b:de:53:26:e5:c9:68:52:70:e5:80:3f:d4:5f:14:53:c1:
         5a:87:4e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMWboNT3gT1Bmi1XS/pmQy8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZTY0OThkMTc0YWRmNWM4OWEzNjVjMmQxZTQ3N2RjZjI0
Zjk4MmUwHhcNMjQxMTEwMTQxNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzE5OTE5NTExNzQ3NDM4OWQyYzM0M2UwYzE4NTNmZTQyMGVkNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyncKUd81c6DE3rABla1C8YAMPgY
22qJsBoH3YvvNesZWGfhj3DbqYblx4EgY9tVA8vYbtjcY0rOeSHp12pVkUsLMeZ4
3FbJn6cy0RktWfeh8gONBP7N4ikcKfitPqICvW19DvMCUOGQpOcGTkTueki6cL5o
AO4lwZnuA0y4s4oAZz0tiRlYiHCfyLcRgDPCY5Q7OmYgiQdo6wFRKIOfJiiw9QSS
V24v/EOnkX2f8d41l8QoAn0HXP/bI41R+UcXBmN3TZA3Hkad/XVH7ptehiRMmInl
FYOgVj6PnuoWhRw73c5lvos9/SaQTbYWgARJd+qOfM8mn8sU+gAXlNqWHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcZkZURdHQ4nSw0PgwYU/5CDtThMB8GA1UdIwQY
MBaAFOzmSY0XSt9ciaNlwtHkd9zyT5guMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN09aSmpSZEszMXlKbzJYQzBlUjMzUEpQbUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy84YWJiNTgtZjMwYy00ZjNiLWI5OTIt
OWJlY2MxMzZjYzcxLzEvTnhtUmxSRjBkRGlkTERRLURCaFRfa0lPMU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy84YWJiNTgtZjMwYy00ZjNiLWI5OTItOWJlY2MxMzZjYzcx
LzEvN09aSmpSZEszMXlKbzJYQzBlUjMzUEpQbUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9S9MA0G
CSqGSIb3DQEBCwUAA4IBAQAFojPjLZOfxm2ZbRcU2zF1DsYEoTSFZqbnuVYMal73
jNyslKFAPIdNsHP12Ix3S0UGvJVUn4dL8xsDhPhleCAzuHRpB8K4U5CtBoCe2GX5
Ati8lkhTAMchYtEjnd3raR2Ys3R/xTfAWHvmxg8HZEYMNrZluPRPcOcdX+MFPsOC
jt9KJdLX/gtEt8CvqRAJ7e/p0XZUzurOz2Vkej3Ajtatqe79Z5oo4hVruHMaQjvb
Ffb4cmJY924lNCbYuCFkNZQAwSDShz3w2op169eUG/HRXxT0+ySH2/RRvOuDsC0T
fOxDlVy0GkGbPIq7a95TJuXJaFJw5YA/1F8UU8Fah06L
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:53:32 2024 by rpki-client on console-fra.rpki-client.org