Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/8d1e2b-319f-44ac-b969-e4a50f71da0c/1/ijMYKwVZbAAZrdZptviKTEZvnVY.roa
File:                     ijMYKwVZbAAZrdZptviKTEZvnVY.roa (raw, json)
Hash identifier:          OxoQD51UrXnFyvu84u1jrO2MPkgfET5BwUDpVIlTwvs=
Subject key identifier:   8A:33:18:2B:05:59:6C:00:19:AD:D6:69:B6:F8:8A:4C:46:6F:9D:56
Certificate issuer:       /CN=208fa2b8733f5318267ad13bec0794346277cf25
Certificate serial:       018CC802D09677F756FA9BE90161E6A292AE
Authority key identifier: 20:8F:A2:B8:73:3F:53:18:26:7A:D1:3B:EC:07:94:34:62:77:CF:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/II-iuHM_UxgmetE77AeUNGJ3zyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/8d1e2b-319f-44ac-b969-e4a50f71da0c/1/ijMYKwVZbAAZrdZptviKTEZvnVY.roa
Signing time:             Tue 02 Jan 2024 02:31:16 +0000
ROA not before:           Tue 02 Jan 2024 02:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215921
IP address blocks:        195.28.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/8d1e2b-319f-44ac-b969-e4a50f71da0c/1/II-iuHM_UxgmetE77AeUNGJ3zyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/8d1e2b-319f-44ac-b969-e4a50f71da0c/1/II-iuHM_UxgmetE77AeUNGJ3zyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/II-iuHM_UxgmetE77AeUNGJ3zyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 07:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d0:96:77:f7:56:fa:9b:e9:01:61:e6:a2:92:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=208fa2b8733f5318267ad13bec0794346277cf25
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a33182b05596c0019add669b6f88a4c466f9d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:10:fe:95:0b:59:a3:0e:0d:ff:e1:8e:de:68:
                    ec:65:d2:35:31:bb:cb:03:5e:48:0b:49:9b:09:03:
                    a1:89:1f:ca:6d:22:0b:aa:f2:ea:b6:b0:74:40:88:
                    c8:d1:11:12:31:12:6a:62:fc:4a:52:f8:c8:02:f4:
                    82:18:85:06:ae:08:4c:5d:6a:b9:1d:fb:e7:08:04:
                    2a:5a:6c:c9:dd:27:c4:2b:5a:f2:c2:80:72:41:43:
                    25:29:05:a4:67:49:ca:12:33:6c:8c:21:a1:fd:1c:
                    9b:7f:69:f4:59:8f:ca:c3:0c:c6:59:60:35:87:ad:
                    2b:fd:cd:54:46:6e:c3:11:a1:dd:27:e0:39:22:67:
                    35:66:40:ae:af:4e:d1:bb:99:4c:0e:60:39:f4:24:
                    ef:8c:1f:26:98:0f:7a:26:09:6f:f7:84:6b:0f:a5:
                    b1:f2:58:d6:9d:1d:b4:79:bb:89:34:94:f3:c5:f6:
                    9e:38:40:44:6f:7b:71:e0:08:fe:50:cc:60:22:66:
                    68:f6:23:1d:ad:27:b0:88:c9:1f:7d:6d:f6:df:ad:
                    3c:55:ab:d2:1a:44:d1:a0:a9:1f:7a:79:05:60:26:
                    69:81:2b:28:f9:1c:b0:8b:c0:8a:f0:eb:ef:cf:0b:
                    e9:9a:8e:41:f0:88:b4:dd:86:c4:87:43:e7:31:0f:
                    43:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:33:18:2B:05:59:6C:00:19:AD:D6:69:B6:F8:8A:4C:46:6F:9D:56
            X509v3 Authority Key Identifier:
                keyid:20:8F:A2:B8:73:3F:53:18:26:7A:D1:3B:EC:07:94:34:62:77:CF:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/II-iuHM_UxgmetE77AeUNGJ3zyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/8d1e2b-319f-44ac-b969-e4a50f71da0c/1/ijMYKwVZbAAZrdZptviKTEZvnVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/8d1e2b-319f-44ac-b969-e4a50f71da0c/1/II-iuHM_UxgmetE77AeUNGJ3zyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.28.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1b:f6:c4:c5:9d:ee:d1:5e:1b:df:cf:f8:6c:cc:d9:a9:55:
         93:87:d3:5b:e0:35:9e:37:38:a5:5b:d8:55:01:18:e2:6a:cb:
         ed:c1:21:fd:bc:fa:2f:3e:9c:21:37:21:16:43:b0:50:ce:86:
         dc:ea:52:f1:8c:17:64:17:82:e6:0b:ac:d3:a8:15:4f:0e:05:
         9c:35:2f:9d:5f:32:b2:92:58:be:7a:05:09:d2:87:47:d8:44:
         5f:54:34:89:dc:bf:34:d9:fe:ae:01:44:86:61:cc:d0:26:28:
         bc:a8:c0:38:de:36:01:09:3d:12:09:e7:ca:82:ed:85:5c:a2:
         31:cf:d1:2c:e9:97:94:78:19:e7:3c:7b:42:9c:20:b3:b8:24:
         d4:c8:91:c1:2f:dc:e1:41:96:e5:a3:c9:6a:7e:54:be:0c:af:
         7b:06:e7:22:3d:61:eb:f7:4c:9a:87:33:48:86:e0:ea:b6:53:
         48:e0:a5:a9:e0:f5:26:6c:b9:59:f4:01:ae:58:29:b7:13:44:
         ad:fd:ca:f8:3b:14:0a:37:fe:e1:41:06:73:f9:24:3b:e0:60:
         fe:7a:49:a8:0c:f0:5e:fe:51:3b:b6:bc:3c:b3:f3:00:36:0e:
         c3:48:c3:a7:b4:2a:53:db:77:18:82:da:61:6d:d1:57:18:3e:
         2c:fd:e4:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAtCWd/dW+pvpAWHmopKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwOGZhMmI4NzMzZjUzMTgyNjdhZDEzYmVjMDc5NDM0NjI3
N2NmMjUwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTMzMTgyYjA1NTk2YzAwMTlhZGQ2NjliNmY4OGE0YzQ2NmY5ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxD+lQtZow4N/+GO3mjsZdI1MbvL
A15IC0mbCQOhiR/KbSILqvLqtrB0QIjI0RESMRJqYvxKUvjIAvSCGIUGrghMXWq5
HfvnCAQqWmzJ3SfEK1rywoByQUMlKQWkZ0nKEjNsjCGh/Rybf2n0WY/KwwzGWWA1
h60r/c1URm7DEaHdJ+A5Imc1ZkCur07Ru5lMDmA59CTvjB8mmA96Jglv94RrD6Wx
8ljWnR20ebuJNJTzxfaeOEBEb3tx4Aj+UMxgImZo9iMdrSewiMkffW323608VavS
GkTRoKkfenkFYCZpgSso+Rywi8CK8Ovvzwvpmo5B8Ii03YbEh0PnMQ9DeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIozGCsFWWwAGa3Wabb4ikxGb51WMB8GA1UdIwQY
MBaAFCCPorhzP1MYJnrRO+wHlDRid88lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUktaXVITV9VeGdtZXRFNzdBZVVOR0ozenlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84ZDFlMmItMzE5Zi00NGFjLWI5Njkt
ZTRhNTBmNzFkYTBjLzEvaWpNWUt3VlpiQUFacmRacHR2aUtURVp2blZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84ZDFlMmItMzE5Zi00NGFjLWI5NjktZTRhNTBmNzFkYTBj
LzEvSUktaXVITV9VeGdtZXRFNzdBZVVOR0ozenlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxy8MA0G
CSqGSIb3DQEBCwUAA4IBAQAtG/bExZ3u0V4b38/4bMzZqVWTh9Nb4DWeNzilW9hV
ARjiasvtwSH9vPovPpwhNyEWQ7BQzobc6lLxjBdkF4LmC6zTqBVPDgWcNS+dXzKy
kli+egUJ0odH2ERfVDSJ3L802f6uAUSGYczQJii8qMA43jYBCT0SCefKgu2FXKIx
z9Es6ZeUeBnnPHtCnCCzuCTUyJHBL9zhQZblo8lqflS+DK97BuciPWHr90yahzNI
huDqtlNI4KWp4PUmbLlZ9AGuWCm3E0St/cr4OxQKN/7hQQZz+SQ74GD+ekmoDPBe
/lE7trw8s/MANg7DSMOntCpT23cYgtphbdFXGD4s/eQH
-----END CERTIFICATE-----
Generated at Sat May 11 13:08:51 2024 by rpki-client on console-ams.rpki-client.org