Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/MEwZAINHttCbwOm1HK8SW3Bcz2c.roa
File:                     MEwZAINHttCbwOm1HK8SW3Bcz2c.roa (raw, json)
Hash identifier:          sgD0xpC5xd1sfGT27hw+1jVoY1X4CQMEyphFcHx2YW0=
Subject key identifier:   30:4C:19:00:83:47:B6:D0:9B:C0:E9:B5:1C:AF:12:5B:70:5C:CF:67
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018CC8020AF5C70682EBD4148AF1929E143A
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/MEwZAINHttCbwOm1HK8SW3Bcz2c.roa
Signing time:             Tue 02 Jan 2024 02:30:26 +0000
ROA not before:           Tue 02 Jan 2024 02:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207548
IP address blocks:        109.108.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:0a:f5:c7:06:82:eb:d4:14:8a:f1:92:9e:14:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 02:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=304c19008347b6d09bc0e9b51caf125b705ccf67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:61:fe:68:33:9e:ce:f4:71:a9:3c:67:93:91:
                    1c:ad:95:b5:a5:af:1a:1e:8f:28:5a:fa:9c:e7:4e:
                    54:9c:9f:30:e6:42:0f:f3:7d:59:c2:5e:a5:7e:32:
                    9b:34:69:24:46:a0:23:90:16:f5:ee:5b:e9:88:d0:
                    18:a6:4a:53:c6:28:4a:5e:1d:79:ed:33:5a:d3:a5:
                    56:7e:aa:f8:aa:54:90:8a:2f:d4:a7:49:53:32:97:
                    3b:2b:b7:69:ea:85:74:94:76:14:b1:52:c6:7d:77:
                    05:68:25:f3:63:7f:fe:c0:c3:99:90:11:f7:f2:c3:
                    df:43:73:b0:ed:23:e5:d4:f7:cc:11:18:ef:2d:f9:
                    14:3d:8f:e3:73:84:a7:02:e1:c7:ef:1e:7c:0b:39:
                    34:10:3d:49:45:6c:ff:e9:9a:9e:3a:5b:48:ed:83:
                    35:6c:ee:ba:bb:0b:fe:2f:f4:7b:3f:ff:65:bf:f7:
                    24:26:21:50:1d:89:e9:4f:39:4a:1c:8b:fc:f7:be:
                    c1:1a:98:46:30:84:12:83:65:a4:fb:94:f9:53:08:
                    d1:9c:12:ca:21:9a:9b:85:41:50:30:25:f8:a2:97:
                    dc:65:e5:50:77:ee:c1:7c:10:08:03:68:95:62:4c:
                    c0:5f:52:63:b7:90:26:42:ee:c6:60:e2:43:c3:be:
                    14:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:4C:19:00:83:47:B6:D0:9B:C0:E9:B5:1C:AF:12:5B:70:5C:CF:67
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/MEwZAINHttCbwOm1HK8SW3Bcz2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.108.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b2:a0:8c:de:a7:8b:0b:23:87:15:f2:c2:98:ca:b2:4f:19:
         20:20:7d:53:05:48:5b:20:75:b2:d1:bd:de:dc:25:89:45:75:
         76:2b:f3:7f:c3:c7:89:96:1d:e6:9a:e3:ec:a1:8d:a1:a3:0c:
         94:9a:54:b3:ce:fa:91:d3:8d:bb:fc:80:1a:25:2b:d7:f2:02:
         ee:99:04:ff:cf:50:84:78:c5:1a:95:7e:1b:e7:2c:cc:85:a5:
         f0:fd:55:59:bc:01:d9:00:3e:4c:ed:6e:6f:59:72:1a:11:e1:
         d4:7e:66:ef:b6:f2:07:54:5a:71:81:ab:ef:27:6c:40:4e:89:
         ca:80:00:61:8e:66:fb:b2:a4:64:03:2e:42:e7:ab:ca:b4:e4:
         5e:78:4c:de:fc:b4:b8:3c:74:6b:7d:69:29:b3:94:73:73:ee:
         be:dd:e6:d7:82:8c:b4:83:2c:c8:0b:0f:86:7e:4a:f2:fa:e2:
         6b:2d:e9:95:00:d6:c9:9a:46:ee:a7:c8:b3:a8:80:fc:e6:38:
         b0:53:72:8e:97:8a:53:e0:35:e1:2d:d5:48:08:9a:37:da:e5:
         a2:84:a1:2d:58:19:22:ed:1e:9e:59:15:16:20:c8:56:11:bd:
         b5:1f:a8:06:58:68:6d:da:96:a6:ee:1c:55:b2:c7:b9:37:c3:
         27:86:89:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAgr1xwaC69QUivGSnhQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMTAyMDIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDRjMTkwMDgzNDdiNmQwOWJjMGU5YjUxY2FmMTI1YjcwNWNjZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmH+aDOezvRxqTxnk5EcrZW1pa8a
Ho8oWvqc505UnJ8w5kIP831Zwl6lfjKbNGkkRqAjkBb17lvpiNAYpkpTxihKXh15
7TNa06VWfqr4qlSQii/Up0lTMpc7K7dp6oV0lHYUsVLGfXcFaCXzY3/+wMOZkBH3
8sPfQ3Ow7SPl1PfMERjvLfkUPY/jc4SnAuHH7x58Czk0ED1JRWz/6ZqeOltI7YM1
bO66uwv+L/R7P/9lv/ckJiFQHYnpTzlKHIv8977BGphGMIQSg2Wk+5T5UwjRnBLK
IZqbhUFQMCX4opfcZeVQd+7BfBAIA2iVYkzAX1Jjt5AmQu7GYOJDw74UWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBMGQCDR7bQm8DptRyvEltwXM9nMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvTUV3WkFJTkh0dENid09tMUhLOFNXM0JjejJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWwoMA0G
CSqGSIb3DQEBCwUAA4IBAQApsqCM3qeLCyOHFfLCmMqyTxkgIH1TBUhbIHWy0b3e
3CWJRXV2K/N/w8eJlh3mmuPsoY2howyUmlSzzvqR0427/IAaJSvX8gLumQT/z1CE
eMUalX4b5yzMhaXw/VVZvAHZAD5M7W5vWXIaEeHUfmbvtvIHVFpxgavvJ2xATonK
gABhjmb7sqRkAy5C56vKtOReeEze/LS4PHRrfWkps5Rzc+6+3ebXgoy0gyzICw+G
fkry+uJrLemVANbJmkbup8izqID85jiwU3KOl4pT4DXhLdVICJo32uWihKEtWBki
7R6eWRUWIMhWEb21H6gGWGht2pam7hxVsse5N8Mnhom/
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:56 2024 by rpki-client on console-ams.rpki-client.org