Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/AQMKEV4wTSBmzM25042bJ2XiIOs.roa
File:                     AQMKEV4wTSBmzM25042bJ2XiIOs.roa (raw, json)
Hash identifier:          3HAAPtixI8VC2Uz1BVfP/oRuB9QnjlV21EVnejVDmQY=
Subject key identifier:   01:03:0A:11:5E:30:4D:20:66:CC:CD:B9:D3:8D:9B:27:65:E2:20:EB
Certificate issuer:       /CN=eaeea20bbbdb9a5d1cdc7114e2af518e76b1426e
Certificate serial:       018CC56F02A66CF5712FEA403FC6DE724DAB
Authority key identifier: EA:EE:A2:0B:BB:DB:9A:5D:1C:DC:71:14:E2:AF:51:8E:76:B1:42:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6u6iC7vbml0c3HEU4q9RjnaxQm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/AQMKEV4wTSBmzM25042bJ2XiIOs.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2.57.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/6u6iC7vbml0c3HEU4q9RjnaxQm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/6u6iC7vbml0c3HEU4q9RjnaxQm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6u6iC7vbml0c3HEU4q9RjnaxQm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:02:a6:6c:f5:71:2f:ea:40:3f:c6:de:72:4d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaeea20bbbdb9a5d1cdc7114e2af518e76b1426e
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01030a115e304d2066cccdb9d38d9b2765e220eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bf:1d:08:fb:69:95:da:c9:a3:39:99:f6:44:
                    e8:f4:8b:7b:00:33:8d:94:53:a0:39:8e:ff:78:09:
                    ac:15:06:36:ee:ca:d0:83:4a:06:4c:d9:e6:ee:95:
                    74:5e:6f:fa:3c:a1:65:cb:e3:a5:94:d8:ed:6a:1e:
                    d4:b7:08:27:e8:c0:fa:9b:15:6e:c8:0f:57:16:97:
                    af:52:33:ea:89:59:e2:67:85:7a:5c:75:73:c3:89:
                    37:81:24:b6:db:2a:3b:a2:e8:95:8e:9d:41:09:9d:
                    a3:08:05:0d:0c:f1:2a:03:8d:94:35:58:4a:28:24:
                    f2:0a:ba:05:e1:d3:f2:b4:0d:b2:7f:d3:fe:49:7b:
                    c9:04:6d:2b:d6:a0:e0:14:92:32:33:f3:7f:21:3b:
                    7f:91:6d:5b:f6:5c:d9:27:bc:f4:e0:1d:f9:d9:93:
                    7e:e0:bd:d9:1d:ba:6e:fe:6c:e7:de:9c:dd:3e:05:
                    c6:31:35:94:f2:06:5c:7c:f6:6f:5c:9b:f8:1a:3e:
                    46:95:83:b1:6d:b8:43:76:c5:09:44:2b:85:78:73:
                    ef:4f:2c:96:8d:d1:aa:b1:cf:9e:a1:63:45:fb:eb:
                    37:48:84:c0:20:85:30:42:2b:0f:c9:25:16:98:98:
                    f4:b3:81:9d:d1:44:cc:3a:32:32:74:21:f6:df:9d:
                    72:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:03:0A:11:5E:30:4D:20:66:CC:CD:B9:D3:8D:9B:27:65:E2:20:EB
            X509v3 Authority Key Identifier:
                keyid:EA:EE:A2:0B:BB:DB:9A:5D:1C:DC:71:14:E2:AF:51:8E:76:B1:42:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6u6iC7vbml0c3HEU4q9RjnaxQm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/AQMKEV4wTSBmzM25042bJ2XiIOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/6u6iC7vbml0c3HEU4q9RjnaxQm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:03:b1:9b:e7:32:c0:20:88:41:2c:45:db:94:07:84:ea:cd:
         66:7f:67:b9:e6:6c:9f:5c:21:84:a2:d6:d4:47:fb:ae:16:32:
         07:ba:7d:d0:c0:6d:0a:d4:fe:b9:68:d4:f5:fb:fe:48:72:1f:
         9d:00:2f:5d:28:f7:1a:44:52:25:ed:eb:17:98:ef:88:ce:1d:
         cd:2f:5c:e4:00:fe:0b:00:09:bc:cc:a6:ff:b2:73:05:79:0f:
         32:4f:24:f8:df:e7:0f:db:d5:bd:75:42:8d:5e:a7:3f:90:07:
         ff:29:b4:b8:26:e6:21:53:8e:7b:4d:46:e8:48:e4:33:33:91:
         6f:1e:f4:f7:c8:b7:0c:aa:17:8e:e2:ac:99:4d:fa:a7:47:06:
         64:20:39:69:84:17:46:4d:15:5f:43:4c:23:c3:53:51:a9:c5:
         b6:3e:f0:0e:d5:4e:71:1f:e8:26:60:ce:31:ff:97:e7:b6:7b:
         3d:af:9f:21:0d:c2:aa:33:1d:c3:5b:88:c5:f6:42:62:15:26:
         a4:92:d4:f8:63:b0:1b:be:ef:63:be:5f:f4:35:73:2e:7d:b9:
         ec:15:8d:cb:34:63:6f:57:04:77:a8:57:ee:32:76:9a:87:b5:
         1c:fd:92:38:d4:e2:79:7a:d4:28:85:1a:2c:0c:2b:4b:82:68:
         37:b5:97:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwKmbPVxL+pAP8beck2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZWVhMjBiYmJkYjlhNWQxY2RjNzExNGUyYWY1MThlNzZi
MTQyNmUwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTAzMGExMTVlMzA0ZDIwNjZjY2NkYjlkMzhkOWIyNzY1ZTIyMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2r8dCPtpldrJozmZ9kTo9It7ADON
lFOgOY7/eAmsFQY27srQg0oGTNnm7pV0Xm/6PKFly+OllNjtah7Utwgn6MD6mxVu
yA9XFpevUjPqiVniZ4V6XHVzw4k3gSS22yo7ouiVjp1BCZ2jCAUNDPEqA42UNVhK
KCTyCroF4dPytA2yf9P+SXvJBG0r1qDgFJIyM/N/ITt/kW1b9lzZJ7z04B352ZN+
4L3ZHbpu/mzn3pzdPgXGMTWU8gZcfPZvXJv4Gj5GlYOxbbhDdsUJRCuFeHPvTyyW
jdGqsc+eoWNF++s3SITAIIUwQisPySUWmJj0s4Gd0UTMOjIydCH2351yJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAEDChFeME0gZszNudONmydl4iDrMB8GA1UdIwQY
MBaAFOruogu725pdHNxxFOKvUY52sUJuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnU2aUM3dmJtbDBjM0hFVTRxOVJqbmF4UW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83ZGY4NTktMjg1MS00M2MzLWEzMmIt
YWIwNDcyMDkzMGNmLzEvQVFNS0VWNHdUU0Jtek0yNTA0MmJKMlhpSU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83ZGY4NTktMjg1MS00M2MzLWEzMmItYWIwNDcyMDkzMGNm
LzEvNnU2aUM3dmJtbDBjM0hFVTRxOVJqbmF4UW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkMMA0G
CSqGSIb3DQEBCwUAA4IBAQApA7Gb5zLAIIhBLEXblAeE6s1mf2e55myfXCGEotbU
R/uuFjIHun3QwG0K1P65aNT1+/5Ich+dAC9dKPcaRFIl7esXmO+Izh3NL1zkAP4L
AAm8zKb/snMFeQ8yTyT43+cP29W9dUKNXqc/kAf/KbS4JuYhU457TUboSOQzM5Fv
HvT3yLcMqheO4qyZTfqnRwZkIDlphBdGTRVfQ0wjw1NRqcW2PvAO1U5xH+gmYM4x
/5fntns9r58hDcKqMx3DW4jF9kJiFSakktT4Y7Abvu9jvl/0NXMufbnsFY3LNGNv
VwR3qFfuMnaah7Uc/ZI41OJ5etQohRosDCtLgmg3tZcq
-----END CERTIFICATE-----
Generated at Thu May 2 16:08:01 2024 by rpki-client on console-ams.rpki-client.org