Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/vxUkxvmA7LTljdocceZoKaA3rCs.roa
File:                     vxUkxvmA7LTljdocceZoKaA3rCs.roa (raw, json)
Hash identifier:          cNP+thonED5hffCF+sna4AActddDoG5OhupcpCgST0s=
Subject key identifier:   BF:15:24:C6:F9:80:EC:B4:E5:8D:DA:1C:71:E6:68:29:A0:37:AC:2B
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018CC801FFEBEC0FADAF61D2546D8567B5A9
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/vxUkxvmA7LTljdocceZoKaA3rCs.roa
Signing time:             Tue 02 Jan 2024 02:30:23 +0000
ROA not before:           Tue 02 Jan 2024 02:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16054
IP address blocks:        213.228.96.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ff:eb:ec:0f:ad:af:61:d2:54:6d:85:67:b5:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 02:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf1524c6f980ecb4e58dda1c71e66829a037ac2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:d4:5a:11:ca:fc:8d:85:ca:87:64:49:a7:
                    7a:b6:4b:c8:c7:8a:4a:90:13:7b:aa:6a:3a:72:24:
                    b9:a2:12:36:a1:c9:0e:b4:1c:2b:11:df:22:a6:a5:
                    09:4f:4f:7f:c9:e3:0c:4e:71:8b:f6:f1:73:84:81:
                    05:80:8e:37:bb:4c:62:26:95:78:bb:4c:c1:a4:f7:
                    98:be:28:e5:21:f5:31:01:83:be:4c:3e:e2:30:5b:
                    5b:42:d8:7f:7a:63:f9:24:52:3c:21:b9:34:3d:4e:
                    0d:7a:82:12:88:20:12:74:ed:27:e3:5e:b4:28:03:
                    57:f6:42:7d:bb:02:c5:14:df:3e:3f:79:ad:b8:3b:
                    c9:f1:8c:9c:b9:f7:81:37:21:6c:0a:e6:29:9d:51:
                    ff:a5:b1:b9:98:f9:23:75:f2:98:b8:ed:c9:88:b1:
                    86:2a:09:ac:61:cb:a8:4d:ae:3a:2a:10:15:62:36:
                    20:fc:48:ab:0b:f9:26:2a:25:0a:af:85:d0:aa:3e:
                    32:35:d3:0c:d0:4f:15:f6:12:23:f7:16:dd:1a:71:
                    3f:2d:f9:0e:90:9b:dc:ef:36:75:b1:6c:80:03:21:
                    8f:16:7f:86:87:56:48:31:23:62:43:c2:a1:82:74:
                    e5:ba:26:37:f4:d1:e3:7f:23:34:52:31:fe:ba:6f:
                    14:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:15:24:C6:F9:80:EC:B4:E5:8D:DA:1C:71:E6:68:29:A0:37:AC:2B
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/vxUkxvmA7LTljdocceZoKaA3rCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.228.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0d:e6:c7:25:91:d5:75:8c:a4:38:ef:1c:9c:52:ba:fe:1a:f7:
         09:fe:40:7e:e3:37:7e:f0:71:2f:ef:56:cc:5a:4b:11:7d:18:
         18:85:e5:a3:f2:15:b9:17:39:7e:bb:ca:84:c3:a4:3c:e3:73:
         22:0d:cc:f0:15:5b:a9:82:78:3d:3c:60:0f:35:71:74:f3:f8:
         15:91:bc:00:49:8f:3a:45:11:13:14:26:81:52:b9:2d:1c:1d:
         1d:0c:17:9c:bf:b3:5b:c6:a5:d8:9a:90:96:4e:14:76:b9:96:
         53:63:12:4d:06:f8:df:15:0b:77:91:d8:fa:17:1e:7c:d6:16:
         05:70:17:d7:1e:23:a5:e7:75:94:72:69:f8:44:98:3f:67:3e:
         5d:19:a7:af:e1:a0:50:39:18:f7:64:2a:db:83:ea:9f:f7:64:
         1d:60:d7:9e:15:b1:fc:67:3d:05:1c:f1:10:be:8c:e0:0e:0d:
         2c:4b:51:5d:89:9f:d1:31:13:c1:d6:36:3b:a6:7e:27:b3:e2:
         c1:b0:c5:9d:9b:30:42:58:d2:c4:88:00:d0:92:ac:00:76:05:
         d3:d9:ad:b4:06:08:70:da:a8:ba:1f:a1:35:d2:05:b8:2d:17:
         a8:4f:ea:2f:b4:ba:8f:99:81:e6:66:bf:f8:36:61:d2:1e:f8:
         9b:24:d6:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAf/r7A+tr2HSVG2FZ7WpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMTAyMDIzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjE1MjRjNmY5ODBlY2I0ZTU4ZGRhMWM3MWU2NjgyOWEwMzdhYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZXUWhHK/I2FyodkSad6tkvIx4pK
kBN7qmo6ciS5ohI2ockOtBwrEd8ipqUJT09/yeMMTnGL9vFzhIEFgI43u0xiJpV4
u0zBpPeYvijlIfUxAYO+TD7iMFtbQth/emP5JFI8Ibk0PU4NeoISiCASdO0n4160
KANX9kJ9uwLFFN8+P3mtuDvJ8YycufeBNyFsCuYpnVH/pbG5mPkjdfKYuO3JiLGG
KgmsYcuoTa46KhAVYjYg/EirC/kmKiUKr4XQqj4yNdMM0E8V9hIj9xbdGnE/LfkO
kJvc7zZ1sWyAAyGPFn+Gh1ZIMSNiQ8KhgnTluiY39NHjfyM0UjH+um8U1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8VJMb5gOy05Y3aHHHmaCmgN6wrMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvdnhVa3h2bUE3TFRsamRvY2NlWm9LYUEzckNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1eRgMA0G
CSqGSIb3DQEBCwUAA4IBAQAN5sclkdV1jKQ47xycUrr+GvcJ/kB+4zd+8HEv71bM
WksRfRgYheWj8hW5Fzl+u8qEw6Q843MiDczwFVupgng9PGAPNXF08/gVkbwASY86
RRETFCaBUrktHB0dDBecv7NbxqXYmpCWThR2uZZTYxJNBvjfFQt3kdj6Fx581hYF
cBfXHiOl53WUcmn4RJg/Zz5dGaev4aBQORj3ZCrbg+qf92QdYNeeFbH8Zz0FHPEQ
vozgDg0sS1FdiZ/RMRPB1jY7pn4ns+LBsMWdmzBCWNLEiADQkqwAdgXT2a20Bghw
2qi6H6E10gW4LReoT+ovtLqPmYHmZr/4NmHSHvibJNb9
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:57 2024 by rpki-client on console-ams.rpki-client.org