Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/99848b-c4f8-46ab-8923-1304454bf29d/1/InCQM9lV9snDThcSoUKp740lO4k.roa
File:                     InCQM9lV9snDThcSoUKp740lO4k.roa (raw, json)
Hash identifier:          A5rKKbUSxesDTvSI0y0Kh4mSbjLFC/EryAGd7Gc8T3s=
Subject key identifier:   22:70:90:33:D9:55:F6:C9:C3:4E:17:12:A1:42:A9:EF:8D:25:3B:89
Certificate issuer:       /CN=fa3c481607619c835d09f2471d976d7cf74a0439
Certificate serial:       018CC56F0554D618F4F3BA9547C11A00EBBC
Authority key identifier: FA:3C:48:16:07:61:9C:83:5D:09:F2:47:1D:97:6D:7C:F7:4A:04:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-jxIFgdhnINdCfJHHZdtfPdKBDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/99848b-c4f8-46ab-8923-1304454bf29d/1/InCQM9lV9snDThcSoUKp740lO4k.roa
Signing time:             Mon 01 Jan 2024 14:30:36 +0000
ROA not before:           Mon 01 Jan 2024 14:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12917
IP address blocks:        85.159.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/99848b-c4f8-46ab-8923-1304454bf29d/1/1-jxIFgdhnINdCfJHHZdtfPdKBDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/99848b-c4f8-46ab-8923-1304454bf29d/1/1-jxIFgdhnINdCfJHHZdtfPdKBDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-jxIFgdhnINdCfJHHZdtfPdKBDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:05:54:d6:18:f4:f3:ba:95:47:c1:1a:00:eb:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3c481607619c835d09f2471d976d7cf74a0439
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22709033d955f6c9c34e1712a142a9ef8d253b89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:72:2a:e9:03:5a:d5:be:f7:30:49:e8:cd:94:
                    24:eb:b6:05:6e:ac:cd:0d:a8:db:97:e0:e5:b4:3b:
                    fe:6d:e7:f1:89:e6:c6:b8:96:f1:5f:5a:d3:9b:ab:
                    94:28:1f:18:a5:a9:04:76:89:57:3d:50:10:7c:97:
                    1c:37:3d:b1:c6:7d:bc:3c:67:a7:f8:9f:a4:a1:67:
                    37:3c:68:bd:33:b6:86:78:2d:eb:53:d6:6d:9a:7d:
                    a4:65:44:6b:1a:83:87:40:10:47:9b:72:f6:e3:17:
                    e2:f2:34:85:f3:17:01:2c:96:e1:98:23:8e:6d:c7:
                    72:bc:2c:41:99:71:1a:50:2e:27:ab:75:3c:f5:c3:
                    b2:94:f4:12:e8:ba:a9:90:34:bc:6a:d7:8c:29:a9:
                    b1:d9:4f:a8:64:01:cb:2a:01:53:ac:ff:0b:84:09:
                    e0:d8:36:4d:92:6b:13:09:50:2b:15:21:9d:90:9c:
                    de:b3:99:c8:7a:de:95:26:e1:62:b0:26:06:18:f8:
                    0a:06:87:1b:7a:05:b8:d0:3f:1b:e3:66:ce:0a:0c:
                    bf:e9:bc:3a:38:6a:f6:e4:43:20:68:02:bb:d0:54:
                    cf:51:08:8b:3f:6a:52:3c:61:92:20:09:13:17:85:
                    63:fc:9d:16:7f:b9:01:1b:7f:33:ab:b4:5a:f6:90:
                    83:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:70:90:33:D9:55:F6:C9:C3:4E:17:12:A1:42:A9:EF:8D:25:3B:89
            X509v3 Authority Key Identifier:
                keyid:FA:3C:48:16:07:61:9C:83:5D:09:F2:47:1D:97:6D:7C:F7:4A:04:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-jxIFgdhnINdCfJHHZdtfPdKBDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/99848b-c4f8-46ab-8923-1304454bf29d/1/InCQM9lV9snDThcSoUKp740lO4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/99848b-c4f8-46ab-8923-1304454bf29d/1/1-jxIFgdhnINdCfJHHZdtfPdKBDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.159.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:07:95:e1:41:f0:e7:b5:0b:de:5d:50:ad:aa:98:28:52:5a:
         87:8d:bf:51:83:61:7a:4c:5d:97:a6:c4:c2:8e:ae:59:9b:fa:
         3f:94:af:84:19:5b:06:e2:be:d5:7f:f0:33:3d:93:93:40:bf:
         ab:01:0e:f8:5e:53:89:99:78:79:24:65:86:47:cf:d6:be:df:
         47:20:7e:7c:3d:2c:8f:66:94:f6:3e:5d:72:14:7b:97:98:56:
         57:80:49:4c:20:35:d7:b6:be:99:2a:9d:61:d5:61:19:bc:f3:
         e2:d7:a8:45:83:0b:e0:f3:d7:06:97:dc:2e:60:89:67:b5:cd:
         b3:20:21:b4:f9:49:d9:e0:3b:4b:65:18:77:e5:8a:a6:c2:cd:
         a6:e5:1b:cf:25:0f:5a:e0:03:bd:8d:d9:a0:fc:49:bd:fc:91:
         7d:ae:07:74:4c:db:2d:79:ff:63:8e:42:91:65:7a:92:25:94:
         7b:c8:2b:48:8f:f0:5e:00:7f:99:47:e8:cd:ca:9c:cf:5c:5b:
         a6:e5:e8:1d:ae:88:c0:f8:59:e7:46:91:92:69:63:ae:c3:b5:
         26:75:2e:84:6e:3a:58:98:c9:ca:ae:6b:b3:42:fe:b6:4c:31:
         f9:d0:90:20:58:65:69:69:fe:67:62:af:1f:0e:5e:33:80:f9:
         32:6c:40:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbwVU1hj087qVR8EaAOu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2M0ODE2MDc2MTljODM1ZDA5ZjI0NzFkOTc2ZDdjZjc0
YTA0MzkwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjcwOTAzM2Q5NTVmNmM5YzM0ZTE3MTJhMTQyYTllZjhkMjUzYjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunIq6QNa1b73MEnozZQk67YFbqzN
Dajbl+DltDv+befxiebGuJbxX1rTm6uUKB8YpakEdolXPVAQfJccNz2xxn28PGen
+J+koWc3PGi9M7aGeC3rU9Ztmn2kZURrGoOHQBBHm3L24xfi8jSF8xcBLJbhmCOO
bcdyvCxBmXEaUC4nq3U89cOylPQS6LqpkDS8ateMKamx2U+oZAHLKgFTrP8LhAng
2DZNkmsTCVArFSGdkJzes5nIet6VJuFisCYGGPgKBocbegW40D8b42bOCgy/6bw6
OGr25EMgaAK70FTPUQiLP2pSPGGSIAkTF4Vj/J0Wf7kBG38zq7Ra9pCD6wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCJwkDPZVfbJw04XEqFCqe+NJTuJMB8GA1UdIwQY
MBaAFPo8SBYHYZyDXQnyRx2XbXz3SgQ5MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qeElGZ2RobklOZENmSkhIWmR0ZlBkS0JEay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTk4NDhiLWM0ZjgtNDZhYi04OTIz
LTEzMDQ0NTRiZjI5ZC8xL0luQ1FNOWxWOXNuRFRoY1NvVUtwNzQwbE80ay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTk4NDhiLWM0ZjgtNDZhYi04OTIzLTEzMDQ0NTRiZjI5
ZC8xLzEtanhJRmdkaG5JTmRDZkpISFpkdGZQZEtCRGsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABVn2sw
DQYJKoZIhvcNAQELBQADggEBABEHleFB8Oe1C95dUK2qmChSWoeNv1GDYXpMXZem
xMKOrlmb+j+Ur4QZWwbivtV/8DM9k5NAv6sBDvheU4mZeHkkZYZHz9a+30cgfnw9
LI9mlPY+XXIUe5eYVleASUwgNde2vpkqnWHVYRm88+LXqEWDC+Dz1waX3C5giWe1
zbMgIbT5SdngO0tlGHfliqbCzablG88lD1rgA72N2aD8Sb38kX2uB3RM2y15/2OO
QpFlepIllHvIK0iP8F4Af5lH6M3KnM9cW6bl6B2uiMD4WedGkZJpY67DtSZ1LoRu
OliYycqua7NC/rZMMfnQkCBYZWlp/mdirx8OXjOA+TJsQIQ=
-----END CERTIFICATE-----
Generated at Fri May 17 21:00:38 2024 by rpki-client on console-fra.rpki-client.org