Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/YYid5hq7Rw6Ufdhn62mOOwhka0E.roa
File:                     YYid5hq7Rw6Ufdhn62mOOwhka0E.roa (raw, json)
Hash identifier:          7gDT5zzL4KnPdw24o/Xvo97bsU+iet+KVIgt3FutxqE=
Subject key identifier:   61:88:9D:E6:1A:BB:47:0E:94:7D:D8:67:EB:69:8E:3B:08:64:6B:41
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018CC56F0253C23E21C0F91D43A898454E55
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/YYid5hq7Rw6Ufdhn62mOOwhka0E.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        84.247.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:02:53:c2:3e:21:c0:f9:1d:43:a8:98:45:4e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61889de61abb470e947dd867eb698e3b08646b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c7:3b:34:e8:f9:3f:4a:68:57:5f:70:bc:ab:
                    a5:43:7b:7b:53:f4:5d:5a:fe:fd:16:fb:e1:81:20:
                    a1:d3:1c:db:f3:7f:0c:aa:6a:84:7a:2e:97:69:47:
                    bd:e1:43:9e:31:bd:71:98:80:d3:4e:c5:31:b9:d2:
                    33:1b:ce:f2:d6:d6:9e:50:72:23:1c:22:a9:2c:f1:
                    8a:54:2b:ef:5c:c8:73:47:69:1d:69:0e:07:18:e0:
                    b3:a8:a0:1c:66:ee:18:c5:43:9f:66:06:da:46:9c:
                    ba:c0:12:c0:05:61:f7:d8:fe:f4:9d:72:db:4c:59:
                    6b:46:91:57:ab:cc:05:b4:b2:a5:ac:a1:70:23:80:
                    c8:06:f2:36:d7:24:94:9f:da:0d:36:5c:50:ac:c8:
                    c3:5b:89:56:ab:ac:42:bb:18:cb:f6:66:d2:a9:c6:
                    dd:e4:48:b5:a8:08:22:3f:29:be:d9:34:2d:df:68:
                    d6:df:4b:c6:a2:ca:eb:e8:6f:15:a4:43:74:3a:3e:
                    50:2f:38:5e:76:fe:a4:52:c8:b2:d1:0a:f5:b4:b3:
                    65:0c:62:42:67:e2:8f:ff:68:cb:d9:b8:a0:da:0e:
                    24:3a:85:f8:d6:ee:30:c6:b9:b9:85:8c:4d:fc:64:
                    b2:1b:a5:59:fb:bf:9f:6a:c6:9b:3e:04:ed:1d:6a:
                    46:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:88:9D:E6:1A:BB:47:0E:94:7D:D8:67:EB:69:8E:3B:08:64:6B:41
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/YYid5hq7Rw6Ufdhn62mOOwhka0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:4f:c0:a3:89:4d:29:6f:8a:a6:ed:d4:f3:d8:4f:75:a2:ad:
         de:d0:c9:25:81:3e:be:4e:20:0e:88:63:27:d9:e9:36:1a:5a:
         1c:f2:f4:87:f3:f2:64:2d:67:40:96:2d:23:25:80:bf:96:be:
         71:f8:2e:f9:c4:b1:e7:3d:db:d0:a3:3d:63:45:a4:3e:39:eb:
         6f:c0:48:8a:e5:90:86:f3:18:00:cf:29:fc:a1:66:de:74:f6:
         e1:1e:e1:50:55:af:e5:23:92:12:69:57:4d:33:4f:24:69:b2:
         92:31:91:d3:dc:b9:e6:60:05:4d:e2:2c:87:4e:9f:d8:6a:b0:
         e8:51:e8:70:ea:b0:71:0d:1c:28:35:dd:5e:f7:14:2d:07:9f:
         30:69:bc:fc:96:af:b1:3d:0e:18:26:c2:de:44:d9:66:40:8e:
         1f:69:33:1a:73:63:55:21:27:39:d1:c3:84:b5:f4:25:d1:de:
         1b:eb:11:7d:38:6d:61:ba:ef:71:bc:33:d7:19:96:d2:9e:a8:
         a7:42:bd:da:90:b3:2f:38:23:4b:d3:87:25:c5:73:44:ec:c2:
         94:2c:e2:8e:69:1a:d4:3a:9e:86:d6:d2:64:cf:f5:e0:eb:05:
         27:a2:88:4f:b2:94:4f:f7:8e:d3:8b:a9:c2:d8:e2:02:ab:3e:
         7b:9b:15:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwJTwj4hwPkdQ6iYRU5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTg4OWRlNjFhYmI0NzBlOTQ3ZGQ4NjdlYjY5OGUzYjA4NjQ2YjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8c7NOj5P0poV19wvKulQ3t7U/Rd
Wv79FvvhgSCh0xzb838MqmqEei6XaUe94UOeMb1xmIDTTsUxudIzG87y1taeUHIj
HCKpLPGKVCvvXMhzR2kdaQ4HGOCzqKAcZu4YxUOfZgbaRpy6wBLABWH32P70nXLb
TFlrRpFXq8wFtLKlrKFwI4DIBvI21ySUn9oNNlxQrMjDW4lWq6xCuxjL9mbSqcbd
5Ei1qAgiPym+2TQt32jW30vGosrr6G8VpEN0Oj5QLzhedv6kUsiy0Qr1tLNlDGJC
Z+KP/2jL2big2g4kOoX41u4wxrm5hYxN/GSyG6VZ+7+fasabPgTtHWpGoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGIneYau0cOlH3YZ+tpjjsIZGtBMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvWVlpZDVocTdSdzZVZmRobjYybU9Pd2hrYTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPc7MA0G
CSqGSIb3DQEBCwUAA4IBAQBhT8CjiU0pb4qm7dTz2E91oq3e0MklgT6+TiAOiGMn
2ek2Gloc8vSH8/JkLWdAli0jJYC/lr5x+C75xLHnPdvQoz1jRaQ+OetvwEiK5ZCG
8xgAzyn8oWbedPbhHuFQVa/lI5ISaVdNM08kabKSMZHT3LnmYAVN4iyHTp/YarDo
Uehw6rBxDRwoNd1e9xQtB58wabz8lq+xPQ4YJsLeRNlmQI4faTMac2NVISc50cOE
tfQl0d4b6xF9OG1huu9xvDPXGZbSnqinQr3akLMvOCNL04clxXNE7MKULOKOaRrU
Op6G1tJkz/Xg6wUnoohPspRP947Ti6nC2OICqz57mxVF
-----END CERTIFICATE-----
Generated at Tue Apr 30 09:17:17 2024 by rpki-client on console-fra.rpki-client.org