Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/w8lW2UkPq9vNZnbzq6DpdxHcfzQ.roa
File:                     w8lW2UkPq9vNZnbzq6DpdxHcfzQ.roa (raw, json)
Hash identifier:          8IHcm/BWwiod6Y2ItXuasn4bV9rnMKS6hfnNzsZasvY=
Subject key identifier:   C3:C9:56:D9:49:0F:AB:DB:CD:66:76:F3:AB:A0:E9:77:11:DC:7F:34
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A964CB9AA391CA6A9BAD1D152186D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/w8lW2UkPq9vNZnbzq6DpdxHcfzQ.roa
Signing time:             Tue 02 Jan 2024 12:33:57 +0000
ROA not before:           Tue 02 Jan 2024 12:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        212.192.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:96:4c:b9:aa:39:1c:a6:a9:ba:d1:d1:52:18:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3c956d9490fabdbcd6676f3aba0e97711dc7f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3b:15:9b:99:02:d3:c2:ba:b4:12:39:f5:18:
                    0a:d1:ed:6b:ca:9c:01:b6:28:79:be:10:ee:17:40:
                    f6:c3:38:41:c7:97:03:4a:fa:ba:d7:68:42:d9:26:
                    b7:38:db:0a:fd:18:2e:93:92:9c:73:66:80:a6:a9:
                    3f:b3:11:ae:f8:89:c3:c3:12:50:88:ec:6e:35:de:
                    92:18:f0:d4:d2:59:2f:7b:7e:c5:df:91:dd:80:71:
                    48:84:3b:d1:dd:07:f0:62:8d:1e:af:0c:58:3f:b8:
                    84:b9:cb:df:c8:ff:6b:4b:3d:66:9f:38:d7:cf:39:
                    94:b4:e5:f1:37:a9:20:29:f9:3c:a0:3d:f2:04:2c:
                    57:cf:8f:80:a2:35:01:d4:91:4c:37:25:7d:50:2e:
                    f7:3d:d6:58:9f:49:b6:44:52:3b:62:c1:9f:33:f0:
                    01:83:cc:ea:7a:71:52:1f:e3:8b:35:cd:14:bb:7e:
                    4b:8d:87:d5:9a:5d:3d:c2:c4:df:10:af:d3:ea:7b:
                    2a:9c:b0:d8:d1:bb:98:92:b2:0c:07:ec:05:37:80:
                    8a:7e:7e:9d:a1:db:e6:c7:68:a9:d5:7a:84:cc:cb:
                    44:06:2f:36:56:9e:d4:5f:fc:b7:ea:44:65:13:5f:
                    2f:76:5d:a4:55:41:7c:88:6f:5a:ae:6c:ef:39:d5:
                    b9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C9:56:D9:49:0F:AB:DB:CD:66:76:F3:AB:A0:E9:77:11:DC:7F:34
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/w8lW2UkPq9vNZnbzq6DpdxHcfzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:92:2d:5a:af:0d:8f:47:55:db:6b:e3:5c:1a:f1:11:d5:9a:
         39:19:bd:1d:4b:6d:9d:bd:b3:2f:d5:66:b2:3d:be:a9:41:cf:
         65:b4:61:cc:83:ea:41:65:07:bb:a7:df:66:6e:8b:92:18:d5:
         a4:b1:54:23:57:2e:05:b7:a7:8c:98:74:26:54:94:b7:c2:d4:
         69:de:80:72:12:b1:04:11:4d:52:92:49:b0:14:f4:0b:49:c8:
         6b:fc:88:35:3c:3b:dd:6f:7d:95:a9:58:05:24:1c:8d:61:42:
         92:f7:af:a6:d1:36:52:52:da:c0:ab:92:68:6e:7b:3c:0b:31:
         23:90:aa:e8:17:45:c5:ad:65:52:c4:d8:78:9e:3d:49:0d:16:
         c0:ad:70:3e:b0:73:b6:18:fa:54:92:e5:b6:6b:37:77:05:4b:
         f4:a8:fb:96:83:b6:64:a9:2e:42:b9:0d:30:26:d4:26:0e:e8:
         5b:70:0d:7e:7e:95:5f:87:41:9a:da:83:5e:26:5e:ee:05:8e:
         83:db:ba:64:65:c4:f4:7f:59:f9:70:51:9f:67:9f:c6:68:fd:
         98:95:ed:09:5f:94:e8:07:b7:af:50:77:e7:ad:e4:d7:83:85:
         85:d5:f7:c0:0e:14:a7:f7:a3:82:83:36:29:73:38:bb:2f:d7:
         cc:65:5a:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpZMuao5HKaputHRUhhtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2M5NTZkOTQ5MGZhYmRiY2Q2Njc2ZjNhYmEwZTk3NzExZGM3ZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDsVm5kC08K6tBI59RgK0e1rypwB
tih5vhDuF0D2wzhBx5cDSvq612hC2Sa3ONsK/Rguk5Kcc2aApqk/sxGu+InDwxJQ
iOxuNd6SGPDU0lkve37F35HdgHFIhDvR3QfwYo0erwxYP7iEucvfyP9rSz1mnzjX
zzmUtOXxN6kgKfk8oD3yBCxXz4+AojUB1JFMNyV9UC73PdZYn0m2RFI7YsGfM/AB
g8zqenFSH+OLNc0Uu35LjYfVml09wsTfEK/T6nsqnLDY0buYkrIMB+wFN4CKfn6d
odvmx2ip1XqEzMtEBi82Vp7UX/y36kRlE18vdl2kVUF8iG9armzvOdW5PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPJVtlJD6vbzWZ286ug6XcR3H80MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdzhsVzJVa1BxOXZOWm5ienE2RHBkeEhjZnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDcMA0G
CSqGSIb3DQEBCwUAA4IBAQB8ki1arw2PR1Xba+NcGvER1Zo5Gb0dS22dvbMv1Way
Pb6pQc9ltGHMg+pBZQe7p99mbouSGNWksVQjVy4Ft6eMmHQmVJS3wtRp3oByErEE
EU1SkkmwFPQLSchr/Ig1PDvdb32VqVgFJByNYUKS96+m0TZSUtrAq5Jobns8CzEj
kKroF0XFrWVSxNh4nj1JDRbArXA+sHO2GPpUkuW2azd3BUv0qPuWg7ZkqS5CuQ0w
JtQmDuhbcA1+fpVfh0Ga2oNeJl7uBY6D27pkZcT0f1n5cFGfZ5/GaP2Yle0JX5To
B7evUHfnreTXg4WF1ffADhSn96OCgzYpczi7L9fMZVrE
-----END CERTIFICATE-----
Generated at Sun May 5 19:09:46 2024 by rpki-client on console-ams.rpki-client.org