Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/kN2VgqJGJyUNyGD1XjSgQAWu3Cc.roa
File:                     kN2VgqJGJyUNyGD1XjSgQAWu3Cc.roa (raw, json)
Hash identifier:          cjh7VyJqAOw1ImxNJTKg02L56RDHZ71xwzM3m5O4T3Y=
Subject key identifier:   90:DD:95:82:A2:46:27:25:0D:C8:60:F5:5E:34:A0:40:05:AE:DC:27
Certificate issuer:       /CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
Certificate serial:       018CC26D06B76223A67BA30C5391583F620F
Authority key identifier: EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/kN2VgqJGJyUNyGD1XjSgQAWu3Cc.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210512
IP address blocks:        185.236.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 10:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:06:b7:62:23:a6:7b:a3:0c:53:91:58:3f:62:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90dd9582a24627250dc860f55e34a04005aedc27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1b:8a:b1:d0:1a:a4:81:83:0d:43:ab:2c:67:
                    fd:43:43:96:cb:fe:eb:83:8f:f6:71:04:4c:4c:b4:
                    4e:26:ba:68:be:ac:fb:93:6d:dd:a1:f9:67:ac:fc:
                    82:a5:47:3e:ad:82:b4:eb:d8:48:45:5d:db:90:46:
                    70:04:24:18:a0:2f:5f:fa:9c:e7:db:b1:63:81:f7:
                    06:80:04:c7:d9:2f:80:ca:8c:39:0f:0d:9f:83:34:
                    6d:91:cd:9a:3d:3f:25:8b:07:34:cf:d3:49:d4:2a:
                    9e:88:3c:86:64:5b:fe:26:52:88:27:b6:84:54:6d:
                    7f:23:6f:23:af:72:0a:e6:4e:13:f5:0b:35:ad:03:
                    6f:cd:4f:d2:ba:60:77:eb:d4:fd:be:21:07:db:85:
                    68:b8:ea:21:e3:31:37:e2:b6:07:73:34:41:a0:f0:
                    1e:66:cd:0e:0e:89:a2:45:85:b0:72:1d:88:8e:9a:
                    a0:e5:c8:fa:8e:b1:88:d2:4d:1c:74:ec:ea:55:f0:
                    a2:46:09:e1:1d:ca:99:39:74:7a:3a:d7:71:77:46:
                    fa:4d:be:d3:5e:84:81:9c:31:c4:ed:47:e8:82:21:
                    f0:68:89:13:c9:0d:ac:be:a8:9f:f9:7e:d9:82:e1:
                    d3:03:ff:a5:6c:61:00:91:ed:cc:aa:14:7a:c7:f4:
                    c4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:DD:95:82:A2:46:27:25:0D:C8:60:F5:5E:34:A0:40:05:AE:DC:27
            X509v3 Authority Key Identifier:
                keyid:EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/kN2VgqJGJyUNyGD1XjSgQAWu3Cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:1d:23:36:d4:ec:9b:c8:22:97:cb:10:4b:0a:41:41:6a:5a:
         3f:bf:e2:79:5d:c6:69:33:45:b1:99:fe:50:6b:14:26:c2:19:
         e2:98:ee:eb:75:e9:e3:da:3c:e7:86:04:6c:0d:7c:d6:16:77:
         28:17:2d:f1:53:56:52:41:3c:50:79:d8:f4:f5:05:1b:9b:5b:
         3d:8b:b6:42:da:62:04:29:a8:e1:4e:bd:81:3b:18:55:50:14:
         52:29:e3:4f:d9:21:ca:19:b5:8b:85:bd:5a:24:b6:55:41:9f:
         34:7b:26:67:6a:81:96:e7:72:ec:7c:62:57:34:09:98:4b:2e:
         58:38:76:5f:0f:ed:de:5a:72:fb:f2:a6:1c:c5:b3:80:5b:a1:
         90:9f:4a:2c:09:1d:da:f2:ca:8d:41:8c:20:60:fa:47:fb:2d:
         aa:4d:b9:36:4a:fc:ee:81:38:12:57:98:0b:70:46:26:07:c6:
         3b:4e:53:74:70:c6:17:b3:23:47:4c:c8:a0:83:46:9e:30:b9:
         06:6e:c9:1d:90:76:d7:61:83:5a:29:b7:1d:34:f2:f8:a7:0c:
         be:6a:c8:a4:9e:66:7c:a3:f3:6e:ab:b3:d7:a0:ec:30:e9:10:
         b8:67:d4:c0:09:8c:e0:5a:d4:35:b1:5c:68:5c:ad:33:40:ac:
         5c:5f:58:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQa3YiOme6MMU5FYP2IPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjdjYTlmZmFmZTcyYTMwOTY2ZjdlNDNkOTJiNThlNzc0
Y2U3NDEwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGRkOTU4MmEyNDYyNzI1MGRjODYwZjU1ZTM0YTA0MDA1YWVkYzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBuKsdAapIGDDUOrLGf9Q0OWy/7r
g4/2cQRMTLROJrpovqz7k23doflnrPyCpUc+rYK069hIRV3bkEZwBCQYoC9f+pzn
27FjgfcGgATH2S+Ayow5Dw2fgzRtkc2aPT8liwc0z9NJ1CqeiDyGZFv+JlKIJ7aE
VG1/I28jr3IK5k4T9Qs1rQNvzU/SumB369T9viEH24VouOoh4zE34rYHczRBoPAe
Zs0ODomiRYWwch2Ijpqg5cj6jrGI0k0cdOzqVfCiRgnhHcqZOXR6Otdxd0b6Tb7T
XoSBnDHE7UfogiHwaIkTyQ2svqif+X7ZguHTA/+lbGEAke3MqhR6x/TEBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDdlYKiRiclDchg9V40oEAFrtwnMB8GA1UdIwQY
MBaAFOz3yp/6/nKjCWb35D2StY53TOdBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUt
OTgxZmJiMzQ0MmRkLzEva04yVmdxSkdKeVVOeUdEMVhqU2dRQVd1M0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUtOTgxZmJiMzQ0MmRk
LzEvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuewUMA0G
CSqGSIb3DQEBCwUAA4IBAQAwHSM21OybyCKXyxBLCkFBalo/v+J5XcZpM0Wxmf5Q
axQmwhnimO7rdenj2jznhgRsDXzWFncoFy3xU1ZSQTxQedj09QUbm1s9i7ZC2mIE
KajhTr2BOxhVUBRSKeNP2SHKGbWLhb1aJLZVQZ80eyZnaoGW53LsfGJXNAmYSy5Y
OHZfD+3eWnL78qYcxbOAW6GQn0osCR3a8sqNQYwgYPpH+y2qTbk2SvzugTgSV5gL
cEYmB8Y7TlN0cMYXsyNHTMigg0aeMLkGbskdkHbXYYNaKbcdNPL4pwy+asiknmZ8
o/Nuq7PXoOww6RC4Z9TACYzgWtQ1sVxoXK0zQKxcX1iC
-----END CERTIFICATE-----
Generated at Fri May 24 18:30:27 2024 by rpki-client on console-ams.rpki-client.org