Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/xMwGilYyvB4z1o40r8XBWDmB1Cw.roa
File:                     xMwGilYyvB4z1o40r8XBWDmB1Cw.roa (raw, json)
Hash identifier:          8/gXLSqYaLMGJ1vZJ92gxKX/o7B07SqmUpfhjCt5qok=
Subject key identifier:   C4:CC:06:8A:56:32:BC:1E:33:D6:8E:34:AF:C5:C1:58:39:81:D4:2C
Certificate issuer:       /CN=23ee5e71409b21fd5c820f3d3ac3fdc0fce75a0b
Certificate serial:       018CC6B7FCD8533EC1F8F94BACF86C711F23
Authority key identifier: 23:EE:5E:71:40:9B:21:FD:5C:82:0F:3D:3A:C3:FD:C0:FC:E7:5A:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-5ecUCbIf1cgg89OsP9wPznWgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/xMwGilYyvB4z1o40r8XBWDmB1Cw.roa
Signing time:             Mon 01 Jan 2024 20:29:55 +0000
ROA not before:           Mon 01 Jan 2024 20:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.210.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/I-5ecUCbIf1cgg89OsP9wPznWgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/I-5ecUCbIf1cgg89OsP9wPznWgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-5ecUCbIf1cgg89OsP9wPznWgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fc:d8:53:3e:c1:f8:f9:4b:ac:f8:6c:71:1f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ee5e71409b21fd5c820f3d3ac3fdc0fce75a0b
        Validity
            Not Before: Jan  1 20:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4cc068a5632bc1e33d68e34afc5c1583981d42c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:cd:dc:79:a0:f7:7b:5c:b3:42:95:2a:90:ea:
                    78:ee:c0:38:7c:34:44:00:68:73:da:be:04:a8:a2:
                    94:69:2a:cb:1d:e8:0e:9a:66:1f:25:14:db:65:60:
                    3f:f1:58:54:f9:41:ce:9b:38:9a:82:27:ec:9b:a9:
                    12:af:03:93:d0:c0:38:c0:1b:19:0d:2c:6e:0f:0b:
                    e1:e8:27:19:b0:a1:25:f4:45:ee:dd:cc:80:ad:98:
                    83:23:5b:20:e1:8f:6f:c3:e6:80:11:2a:36:57:ad:
                    7e:b9:b1:54:32:49:80:65:fa:7f:3b:a7:4d:71:49:
                    2b:25:a2:05:7d:4e:97:eb:54:86:e7:16:fe:2a:b1:
                    88:14:90:7f:66:40:a1:c0:23:07:1a:34:62:69:3a:
                    00:8c:88:6c:17:b5:56:7b:95:a9:27:2b:e7:78:2e:
                    ba:c4:13:06:37:5f:da:3d:c3:e0:eb:13:97:be:66:
                    7d:b0:ec:6f:4d:1e:93:78:1f:eb:66:d6:0f:eb:2f:
                    d7:3d:df:83:5b:9a:3b:4d:84:84:a8:69:55:24:26:
                    08:37:4c:bc:40:1b:f1:67:b9:9a:fb:dd:7a:3e:7a:
                    fb:da:e1:50:a3:45:45:da:ad:0f:ab:06:ad:e3:2d:
                    73:68:25:aa:26:40:ac:91:82:ff:c3:d5:5b:36:a3:
                    86:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CC:06:8A:56:32:BC:1E:33:D6:8E:34:AF:C5:C1:58:39:81:D4:2C
            X509v3 Authority Key Identifier:
                keyid:23:EE:5E:71:40:9B:21:FD:5C:82:0F:3D:3A:C3:FD:C0:FC:E7:5A:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-5ecUCbIf1cgg89OsP9wPznWgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/xMwGilYyvB4z1o40r8XBWDmB1Cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/I-5ecUCbIf1cgg89OsP9wPznWgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ca:d2:6f:bb:32:c1:18:5b:12:e4:6e:d2:ef:66:9b:72:e5:
         63:28:21:33:69:cb:79:36:7f:b5:bd:6e:55:18:c4:2b:5c:ab:
         5c:ce:7e:eb:b8:89:d0:4c:04:a2:e4:ce:91:59:e7:98:2c:32:
         1d:16:02:8c:c3:97:f5:12:79:17:1e:b7:73:f5:50:05:ff:29:
         77:2b:23:3e:49:16:99:bd:4c:6b:1e:74:35:da:cb:19:d5:c2:
         74:22:3e:a8:d2:db:21:ab:74:ee:3b:1e:21:d1:fd:bf:4f:31:
         ac:5e:57:af:4a:2b:dd:7e:36:df:12:d3:31:1b:33:39:58:bd:
         b2:c5:8c:fd:90:ed:4e:57:18:cd:c6:18:10:2c:d1:99:46:5a:
         b1:1f:a5:02:50:4b:39:42:9e:ad:35:8d:8d:5a:60:64:8a:b3:
         ec:2b:37:ad:a0:52:4b:a0:b2:30:b6:2b:b2:0e:5d:2e:a4:ae:
         54:02:28:07:64:13:21:e4:6d:28:7b:d2:d2:c3:eb:b0:3f:16:
         25:fb:c9:d2:88:2d:b7:e9:9a:11:f7:b9:ae:76:a4:e1:b4:80:
         f9:87:4b:23:e1:79:84:87:14:7b:ab:7b:3e:24:69:4b:76:b3:
         75:1c:73:a8:67:5a:5d:b8:0d:1f:17:a2:92:a0:e0:f5:b0:3d:
         a7:ae:10:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/zYUz7B+PlLrPhscR8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZWU1ZTcxNDA5YjIxZmQ1YzgyMGYzZDNhYzNmZGMwZmNl
NzVhMGIwHhcNMjQwMTAxMjAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGNjMDY4YTU2MzJiYzFlMzNkNjhlMzRhZmM1YzE1ODM5ODFkNDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM3ceaD3e1yzQpUqkOp47sA4fDRE
AGhz2r4EqKKUaSrLHegOmmYfJRTbZWA/8VhU+UHOmziagifsm6kSrwOT0MA4wBsZ
DSxuDwvh6CcZsKEl9EXu3cyArZiDI1sg4Y9vw+aAESo2V61+ubFUMkmAZfp/O6dN
cUkrJaIFfU6X61SG5xb+KrGIFJB/ZkChwCMHGjRiaToAjIhsF7VWe5WpJyvneC66
xBMGN1/aPcPg6xOXvmZ9sOxvTR6TeB/rZtYP6y/XPd+DW5o7TYSEqGlVJCYIN0y8
QBvxZ7ma+916Pnr72uFQo0VF2q0Pqwat4y1zaCWqJkCskYL/w9VbNqOGXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTMBopWMrweM9aONK/FwVg5gdQsMB8GA1UdIwQY
MBaAFCPuXnFAmyH9XIIPPTrD/cD851oLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS01ZWNVQ2JJZjFjZ2c4OU9zUDl3UHpuV2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zNGI5M2MtYTAzZC00YWRhLTgzZmMt
YmM2MzdhODUxMmIxLzEveE13R2lsWXl2QjR6MW80MHI4WEJXRG1CMUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zNGI5M2MtYTAzZC00YWRhLTgzZmMtYmM2MzdhODUxMmIx
LzEvSS01ZWNVQ2JJZjFjZ2c4OU9zUDl3UHpuV2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudKcMA0G
CSqGSIb3DQEBCwUAA4IBAQBoytJvuzLBGFsS5G7S72abcuVjKCEzact5Nn+1vW5V
GMQrXKtczn7ruInQTASi5M6RWeeYLDIdFgKMw5f1EnkXHrdz9VAF/yl3KyM+SRaZ
vUxrHnQ12ssZ1cJ0Ij6o0tshq3TuOx4h0f2/TzGsXlevSivdfjbfEtMxGzM5WL2y
xYz9kO1OVxjNxhgQLNGZRlqxH6UCUEs5Qp6tNY2NWmBkirPsKzetoFJLoLIwtiuy
Dl0upK5UAigHZBMh5G0oe9LSw+uwPxYl+8nSiC236ZoR97mudqThtID5h0sj4XmE
hxR7q3s+JGlLdrN1HHOoZ1pduA0fF6KSoOD1sD2nrhAj
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:59:53 2024 by rpki-client on console-fra.rpki-client.org