Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/6CQG6JSpNgTWZMbVlUt3i9elftg.roa
File:                     6CQG6JSpNgTWZMbVlUt3i9elftg.roa (raw, json)
Hash identifier:          xRgn6w+A5Qnhb9Xjij2YRI6Bt22FbADhiPmkKVbr19I=
Subject key identifier:   E8:24:06:E8:94:A9:36:04:D6:64:C6:D5:95:4B:77:8B:D7:A5:7E:D8
Certificate issuer:       /CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
Certificate serial:       018CC5001BFC994EF4C6EF9F46B6B692B545
Authority key identifier: 1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/6CQG6JSpNgTWZMbVlUt3i9elftg.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        109.232.88.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1b:fc:99:4e:f4:c6:ef:9f:46:b6:b6:92:b5:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e82406e894a93604d664c6d5954b778bd7a57ed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:60:dd:24:99:7c:a0:4a:98:4f:af:4b:31:22:
                    f5:8e:32:4d:a5:6f:55:d4:69:1a:de:69:b0:76:a3:
                    39:90:0d:77:9e:2b:84:aa:7f:e5:96:82:74:bb:d1:
                    b4:04:ac:46:1a:5d:75:1d:03:0c:45:97:88:82:4e:
                    99:8a:36:fc:f7:d3:ee:86:03:8f:2d:49:11:9e:08:
                    57:6a:8b:d4:85:d9:f7:81:eb:21:b8:ba:63:ca:ba:
                    37:57:f6:1a:bd:7e:6d:15:58:6e:eb:6f:78:7a:0e:
                    11:97:fe:4d:06:b2:4e:22:77:2c:34:d2:fe:3a:37:
                    14:37:2f:1e:22:eb:4b:f5:54:4f:cc:8f:4b:1b:35:
                    b8:45:18:3f:82:ff:1a:be:50:aa:97:10:a6:34:f6:
                    eb:65:25:65:02:47:77:a4:33:af:86:be:26:d6:6e:
                    b6:ff:99:2c:93:2a:99:e9:81:12:63:42:1f:31:bc:
                    3d:bc:49:9d:f7:ef:56:f4:27:83:52:a4:14:17:9f:
                    d8:a8:a7:ce:88:09:32:0b:17:d4:c5:e1:c9:bf:74:
                    09:62:9c:aa:8d:01:88:e1:48:8d:6f:97:1d:ba:6b:
                    dd:f7:bd:e7:bc:b0:d4:de:e4:f9:ee:c6:91:5a:16:
                    bd:fd:91:cc:57:0a:b3:1d:93:63:41:80:3b:fb:bc:
                    40:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:24:06:E8:94:A9:36:04:D6:64:C6:D5:95:4B:77:8B:D7:A5:7E:D8
            X509v3 Authority Key Identifier:
                keyid:1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/6CQG6JSpNgTWZMbVlUt3i9elftg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         06:cc:b0:da:c5:ae:f7:e8:99:b1:72:2c:67:cb:a8:4d:5e:3c:
         4b:aa:6a:6b:c2:28:5b:e8:0a:67:2f:e9:90:b8:3c:73:b8:f7:
         83:d6:a7:31:17:26:61:09:41:5d:17:3d:e0:2b:f9:f1:fb:30:
         6b:d3:48:91:98:db:42:a7:53:0f:70:c2:ef:b9:39:86:b7:4b:
         70:38:12:4c:dd:50:bd:64:ec:2e:ae:7b:40:76:88:fa:34:fa:
         cc:fd:dd:41:b8:39:9a:cc:00:4a:6b:63:a2:fe:70:0d:92:8c:
         20:95:10:d9:96:d4:b2:21:b7:96:4b:e1:57:77:c0:33:03:ff:
         d6:41:1c:21:d3:a1:f0:34:d7:7c:45:e7:b3:50:99:d8:bc:37:
         80:a9:50:b9:75:71:92:dc:26:a5:12:0e:0e:de:57:10:90:1e:
         37:87:e9:d8:16:0e:fd:0f:b4:9e:48:d8:49:77:78:b6:a1:1a:
         6d:89:92:36:76:0c:9c:40:a1:33:d4:67:03:a3:c4:ba:b4:9d:
         93:9c:03:09:7a:1c:45:74:82:c5:d0:85:05:68:49:cf:f4:81:
         d7:45:96:dc:6c:50:7e:d8:4e:eb:24:7d:e6:63:7e:df:3c:d5:
         75:a7:2d:86:bf:e2:b6:eb:77:2d:70:f9:cd:60:0b:82:cf:88:
         6a:6d:7e:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABv8mU70xu+fRra2krVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWEyZjA4M2Y0NzFkZmI5NTA3YjRjOTczY2I1YzNhY2Q0
OTc1OWQwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODI0MDZlODk0YTkzNjA0ZDY2NGM2ZDU5NTRiNzc4YmQ3YTU3ZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WDdJJl8oEqYT69LMSL1jjJNpW9V
1Gka3mmwdqM5kA13niuEqn/lloJ0u9G0BKxGGl11HQMMRZeIgk6Zijb899PuhgOP
LUkRnghXaovUhdn3geshuLpjyro3V/YavX5tFVhu6294eg4Rl/5NBrJOIncsNNL+
OjcUNy8eIutL9VRPzI9LGzW4RRg/gv8avlCqlxCmNPbrZSVlAkd3pDOvhr4m1m62
/5kskyqZ6YESY0IfMbw9vEmd9+9W9CeDUqQUF5/YqKfOiAkyCxfUxeHJv3QJYpyq
jQGI4UiNb5cdumvd973nvLDU3uT57saRWha9/ZHMVwqzHZNjQYA7+7xAaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgkBuiUqTYE1mTG1ZVLd4vXpX7YMB8GA1UdIwQY
MBaAFB6aLwg/Rx37lQe0yXPLXDrNSXWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYt
MjVkNmU4NjEzZGM0LzEvNkNRRzZKU3BOZ1RXWk1iVmxVdDNpOWVsZnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYtMjVkNmU4NjEzZGM0
LzEvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbehYMA0G
CSqGSIb3DQEBCwUAA4IBAQAGzLDaxa736Jmxcixny6hNXjxLqmprwihb6ApnL+mQ
uDxzuPeD1qcxFyZhCUFdFz3gK/nx+zBr00iRmNtCp1MPcMLvuTmGt0twOBJM3VC9
ZOwurntAdoj6NPrM/d1BuDmazABKa2Oi/nANkowglRDZltSyIbeWS+FXd8AzA//W
QRwh06HwNNd8ReezUJnYvDeAqVC5dXGS3CalEg4O3lcQkB43h+nYFg79D7SeSNhJ
d3i2oRptiZI2dgycQKEz1GcDo8S6tJ2TnAMJehxFdILF0IUFaEnP9IHXRZbcbFB+
2E7rJH3mY37fPNV1py2Gv+K263ctcPnNYAuCz4hqbX5T
-----END CERTIFICATE-----
Generated at Thu May 2 07:51:52 2024 by rpki-client on console-fra.rpki-client.org