Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/1iICnsvVwJe2SxhUEgmUAsyxaR4.roa
File:                     1iICnsvVwJe2SxhUEgmUAsyxaR4.roa (raw, json)
Hash identifier:          /BrTdm8jGXvosCv+KkoJXFUB2IeMJFfFfl42llqGnbc=
Subject key identifier:   D6:22:02:9E:CB:D5:C0:97:B6:4B:18:54:12:09:94:02:CC:B1:69:1E
Certificate issuer:       /CN=3979b435a3cfefe7c33a84b22f6033009a5225c7
Certificate serial:       018CC64AC450EE9C507793D0DA31A291FBA3
Authority key identifier: 39:79:B4:35:A3:CF:EF:E7:C3:3A:84:B2:2F:60:33:00:9A:52:25:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXm0NaPP7-fDOoSyL2AzAJpSJcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/1iICnsvVwJe2SxhUEgmUAsyxaR4.roa
Signing time:             Mon 01 Jan 2024 18:30:37 +0000
ROA not before:           Mon 01 Jan 2024 18:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        195.189.252.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/OXm0NaPP7-fDOoSyL2AzAJpSJcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/OXm0NaPP7-fDOoSyL2AzAJpSJcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXm0NaPP7-fDOoSyL2AzAJpSJcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c4:50:ee:9c:50:77:93:d0:da:31:a2:91:fb:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3979b435a3cfefe7c33a84b22f6033009a5225c7
        Validity
            Not Before: Jan  1 18:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d622029ecbd5c097b64b185412099402ccb1691e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c5:56:04:1d:c5:12:0d:5a:83:29:d2:71:2c:
                    ba:38:c8:eb:ef:6c:be:7c:6c:21:09:bf:38:bf:38:
                    4e:e9:73:75:9f:d7:aa:4d:e8:58:da:d9:75:cd:eb:
                    b3:b1:3c:dc:2b:89:47:9a:21:f2:b8:58:de:5d:7d:
                    9b:d6:86:99:20:60:85:c0:d5:9a:cf:7e:16:02:a8:
                    fb:4d:e4:f4:2b:22:44:d9:2f:d8:9e:27:12:06:2f:
                    61:7e:09:7c:6c:21:54:3d:75:b2:64:f3:be:b8:03:
                    89:29:24:fd:c7:25:8b:e8:c9:99:70:98:56:40:04:
                    ac:cc:b1:46:0b:e6:99:c5:ab:85:d4:02:0f:c7:08:
                    fe:4e:d2:0a:97:50:ba:15:42:69:8a:4e:e6:f8:17:
                    94:fa:6f:93:f4:87:c3:5d:dd:7b:72:9a:60:64:34:
                    6a:76:a3:d2:ae:4f:cd:c8:82:66:d1:51:72:c3:42:
                    88:dd:0b:45:bd:12:00:a4:89:12:b8:db:97:e4:57:
                    ff:39:fc:f4:53:a5:44:4d:48:14:6b:b6:17:dd:d1:
                    b2:d8:9d:b1:99:c9:e8:48:1c:28:05:25:ab:a9:ae:
                    af:60:a0:dc:71:f8:e8:f9:6e:1e:1c:2b:4a:fd:14:
                    67:e4:0f:1f:43:a5:52:35:83:56:1f:48:7a:54:e2:
                    6f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:22:02:9E:CB:D5:C0:97:B6:4B:18:54:12:09:94:02:CC:B1:69:1E
            X509v3 Authority Key Identifier:
                keyid:39:79:B4:35:A3:CF:EF:E7:C3:3A:84:B2:2F:60:33:00:9A:52:25:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXm0NaPP7-fDOoSyL2AzAJpSJcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/1iICnsvVwJe2SxhUEgmUAsyxaR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/OXm0NaPP7-fDOoSyL2AzAJpSJcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:9f:30:57:20:81:02:cb:1c:fe:3f:a7:24:da:22:f9:dc:81:
         a8:33:3c:08:45:84:e8:51:86:3d:64:52:8e:8b:fe:c9:6f:75:
         9d:e4:50:2a:e7:38:09:09:24:53:b4:13:f7:4f:51:68:b1:11:
         08:fe:4f:12:7c:70:89:4b:c4:4e:bf:37:18:28:39:b9:2f:6a:
         18:71:5d:9a:99:98:62:5f:69:1e:82:e2:71:0c:e9:46:2f:63:
         01:5e:f4:05:cb:d0:f1:22:a2:b9:c3:84:55:96:90:87:86:7e:
         43:5b:55:48:1d:1d:a8:e5:02:3f:56:d3:d6:73:e6:02:d0:2a:
         6d:18:b6:91:83:06:d6:f3:a5:56:62:79:a6:22:99:44:a6:bf:
         17:d3:b2:9f:25:4b:55:a7:13:59:ef:ad:f7:95:74:81:34:34:
         b3:a1:40:16:50:08:b7:af:6c:2c:be:66:cb:34:9b:f5:30:db:
         ec:39:b2:92:28:36:03:fe:37:f0:f3:5b:7a:a2:ea:c1:25:36:
         30:bd:cd:85:a6:41:ff:50:db:db:a2:02:1b:30:fd:b7:74:17:
         d1:09:53:f1:32:8e:5e:c6:53:4c:3a:87:9f:11:97:1e:da:7d:
         59:04:40:39:d6:ce:2f:b3:33:47:8c:96:ba:20:b6:82:f2:e6:
         32:07:44:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSsRQ7pxQd5PQ2jGikfujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzliNDM1YTNjZmVmZTdjMzNhODRiMjJmNjAzMzAwOWE1
MjI1YzcwHhcNMjQwMTAxMTgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjIyMDI5ZWNiZDVjMDk3YjY0YjE4NTQxMjA5OTQwMmNjYjE2OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcVWBB3FEg1agynScSy6OMjr72y+
fGwhCb84vzhO6XN1n9eqTehY2tl1zeuzsTzcK4lHmiHyuFjeXX2b1oaZIGCFwNWa
z34WAqj7TeT0KyJE2S/YnicSBi9hfgl8bCFUPXWyZPO+uAOJKST9xyWL6MmZcJhW
QASszLFGC+aZxauF1AIPxwj+TtIKl1C6FUJpik7m+BeU+m+T9IfDXd17cppgZDRq
dqPSrk/NyIJm0VFyw0KI3QtFvRIApIkSuNuX5Ff/Ofz0U6VETUgUa7YX3dGy2J2x
mcnoSBwoBSWrqa6vYKDccfjo+W4eHCtK/RRn5A8fQ6VSNYNWH0h6VOJvNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYiAp7L1cCXtksYVBIJlALMsWkeMB8GA1UdIwQY
MBaAFDl5tDWjz+/nwzqEsi9gMwCaUiXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1htME5hUFA3LWZET29TeUwyQXpBSnBTSmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83M2E3MWUtNDQ2ZC00MWZmLWFhYmYt
ZDViYzIzOWY2YTk4LzEvMWlJQ25zdlZ3SmUyU3hoVUVnbVVBc3l4YVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83M2E3MWUtNDQ2ZC00MWZmLWFhYmYtZDViYzIzOWY2YTk4
LzEvT1htME5hUFA3LWZET29TeUwyQXpBSnBTSmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw738MA0G
CSqGSIb3DQEBCwUAA4IBAQCTnzBXIIECyxz+P6ck2iL53IGoMzwIRYToUYY9ZFKO
i/7Jb3Wd5FAq5zgJCSRTtBP3T1FosREI/k8SfHCJS8ROvzcYKDm5L2oYcV2amZhi
X2keguJxDOlGL2MBXvQFy9DxIqK5w4RVlpCHhn5DW1VIHR2o5QI/VtPWc+YC0Cpt
GLaRgwbW86VWYnmmIplEpr8X07KfJUtVpxNZ7633lXSBNDSzoUAWUAi3r2wsvmbL
NJv1MNvsObKSKDYD/jfw81t6ourBJTYwvc2FpkH/UNvbogIbMP23dBfRCVPxMo5e
xlNMOoefEZce2n1ZBEA51s4vszNHjJa6ILaC8uYyB0Qu
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:42:49 2024 by rpki-client on console-fra.rpki-client.org