Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/eJsSKDXfggalCjJhHEKhD3U7o2U.roa
File:                     eJsSKDXfggalCjJhHEKhD3U7o2U.roa (raw, json)
Hash identifier:          okIe66iAqqAQ/MlP7OVxHffhYOvgfnK7dVYAUiQyMDM=
Subject key identifier:   78:9B:12:28:35:DF:82:06:A5:0A:32:61:1C:42:A1:0F:75:3B:A3:65
Certificate issuer:       /CN=133deed883c2a690ce54829b48f9d78cd7b25fd7
Certificate serial:       018CC94CA176FA1EF2FD96AFDF40271E9FBE
Authority key identifier: 13:3D:EE:D8:83:C2:A6:90:CE:54:82:9B:48:F9:D7:8C:D7:B2:5F:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ez3u2IPCppDOVIKbSPnXjNeyX9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/eJsSKDXfggalCjJhHEKhD3U7o2U.roa
Signing time:             Tue 02 Jan 2024 08:31:31 +0000
ROA not before:           Tue 02 Jan 2024 08:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204645
IP address blocks:        185.94.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/Ez3u2IPCppDOVIKbSPnXjNeyX9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/Ez3u2IPCppDOVIKbSPnXjNeyX9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ez3u2IPCppDOVIKbSPnXjNeyX9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a1:76:fa:1e:f2:fd:96:af:df:40:27:1e:9f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=133deed883c2a690ce54829b48f9d78cd7b25fd7
        Validity
            Not Before: Jan  2 08:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=789b122835df8206a50a32611c42a10f753ba365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:6d:6a:d3:f4:9d:68:55:b0:eb:a6:27:f0:82:
                    9c:c6:27:46:f1:b8:b6:32:0f:4a:a9:9d:4a:79:20:
                    b8:0b:e2:5b:f2:1b:2c:77:d8:5f:9a:f0:32:11:1d:
                    cc:71:4c:53:a5:90:9f:c8:10:d3:20:6c:85:3c:ec:
                    25:2d:d4:ed:63:10:1a:84:be:58:87:de:8c:ff:88:
                    de:f6:a5:8c:91:51:7b:db:c2:32:b4:ad:4c:9a:0b:
                    aa:af:de:62:e7:1c:6a:0d:80:58:15:c2:48:3e:f5:
                    53:bc:50:79:4c:8a:28:0e:50:8b:6e:50:b0:2f:73:
                    5b:cb:e6:f7:e4:ee:c2:99:46:98:e1:47:f2:6d:fe:
                    45:91:b8:d1:f6:cb:ab:91:c5:08:df:73:8d:39:a5:
                    2b:89:e2:93:b5:40:e8:c7:b3:e1:d2:fc:8a:a1:f3:
                    19:60:93:f1:48:f3:0b:f7:9f:30:2e:2c:f9:1a:79:
                    6d:8a:3e:58:91:21:b3:bc:ca:4e:b7:36:3d:a6:68:
                    65:83:f5:d4:75:b4:45:29:78:79:96:31:17:bc:13:
                    30:19:61:ed:20:d2:fa:50:c9:13:6f:59:49:b6:a6:
                    fa:12:f9:9b:69:c4:51:48:61:49:61:f4:ad:d9:96:
                    f5:43:d8:ae:84:b1:4d:3a:38:7d:d0:3e:0c:9a:f2:
                    a3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:9B:12:28:35:DF:82:06:A5:0A:32:61:1C:42:A1:0F:75:3B:A3:65
            X509v3 Authority Key Identifier:
                keyid:13:3D:EE:D8:83:C2:A6:90:CE:54:82:9B:48:F9:D7:8C:D7:B2:5F:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ez3u2IPCppDOVIKbSPnXjNeyX9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/eJsSKDXfggalCjJhHEKhD3U7o2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/Ez3u2IPCppDOVIKbSPnXjNeyX9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:de:a8:0d:82:85:5c:02:d7:3b:84:3b:92:ca:6a:2f:5d:ba:
         1f:a3:fe:4f:49:74:b7:70:5d:a0:ff:d3:b1:2d:cc:56:a5:df:
         41:22:fb:e4:10:5c:70:e9:fb:ec:48:33:39:fe:71:db:d7:62:
         f9:f2:01:a8:69:18:f2:29:84:dc:73:1c:0b:9f:5f:48:cd:94:
         24:9b:c3:6b:74:d4:b3:5c:16:fe:ac:da:b9:9d:5d:90:92:7d:
         7a:aa:67:09:af:3d:54:bb:7d:67:02:c4:98:4e:f9:6a:c3:24:
         55:8d:fc:44:3b:fd:61:50:5d:dc:09:23:9b:82:98:11:61:a5:
         3b:91:9c:4a:a7:5b:55:5b:d5:8d:36:2b:d0:24:5e:9c:47:70:
         1c:62:aa:ae:fe:4e:91:06:19:17:99:31:11:eb:42:36:d0:6e:
         38:23:b4:17:c7:a0:19:45:c4:bf:9f:1a:53:f9:14:0b:5d:e8:
         cb:80:b1:3e:50:ec:e4:a9:a2:01:fa:d9:cb:51:a4:e4:94:0a:
         d2:fb:b4:71:7b:0e:e1:e4:fc:14:1e:9a:05:11:ad:92:4f:6a:
         30:86:2d:c0:0a:62:7c:6b:5b:12:c9:f0:ab:19:90:7c:a0:9d:
         ca:69:19:a1:ca:6b:f2:a9:e7:d8:33:80:cf:e0:e4:f7:c5:5d:
         2d:80:ef:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKF2+h7y/Zav30AnHp++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzM2RlZWQ4ODNjMmE2OTBjZTU0ODI5YjQ4ZjlkNzhjZDdi
MjVmZDcwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODliMTIyODM1ZGY4MjA2YTUwYTMyNjExYzQyYTEwZjc1M2JhMzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgm1q0/SdaFWw66Yn8IKcxidG8bi2
Mg9KqZ1KeSC4C+Jb8hssd9hfmvAyER3McUxTpZCfyBDTIGyFPOwlLdTtYxAahL5Y
h96M/4je9qWMkVF728IytK1Mmguqr95i5xxqDYBYFcJIPvVTvFB5TIooDlCLblCw
L3Nby+b35O7CmUaY4Ufybf5FkbjR9surkcUI33ONOaUrieKTtUDox7Ph0vyKofMZ
YJPxSPML958wLiz5Gnltij5YkSGzvMpOtzY9pmhlg/XUdbRFKXh5ljEXvBMwGWHt
INL6UMkTb1lJtqb6EvmbacRRSGFJYfSt2Zb1Q9iuhLFNOjh90D4MmvKjlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHibEig134IGpQoyYRxCoQ91O6NlMB8GA1UdIwQY
MBaAFBM97tiDwqaQzlSCm0j514zXsl/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXozdTJJUENwcERPVklLYlNQblhqTmV5WDljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jNDQ0MDktYTY1ZC00YjhhLWJmZWEt
NGJlZGQzYmQ2ZWExLzEvZUpzU0tEWGZnZ2FsQ2pKaEhFS2hEM1U3bzJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jNDQ0MDktYTY1ZC00YjhhLWJmZWEtNGJlZGQzYmQ2ZWEx
LzEvRXozdTJJUENwcERPVklLYlNQblhqTmV5WDljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV7cMA0G
CSqGSIb3DQEBCwUAA4IBAQC13qgNgoVcAtc7hDuSymovXbofo/5PSXS3cF2g/9Ox
LcxWpd9BIvvkEFxw6fvsSDM5/nHb12L58gGoaRjyKYTccxwLn19IzZQkm8NrdNSz
XBb+rNq5nV2Qkn16qmcJrz1Uu31nAsSYTvlqwyRVjfxEO/1hUF3cCSObgpgRYaU7
kZxKp1tVW9WNNivQJF6cR3AcYqqu/k6RBhkXmTER60I20G44I7QXx6AZRcS/nxpT
+RQLXejLgLE+UOzkqaIB+tnLUaTklArS+7Rxew7h5PwUHpoFEa2ST2owhi3ACmJ8
a1sSyfCrGZB8oJ3KaRmhymvyqefYM4DP4OT3xV0tgO9a
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:16:23 2024 by rpki-client on console-ams.rpki-client.org