Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/YYkTznf1u0ZIkQSoR2qCwbNszQM.roa
File:                     YYkTznf1u0ZIkQSoR2qCwbNszQM.roa (raw, json)
Hash identifier:          OxoJk0jJo3r/Ef0LHBGckTWuc1YBKbzRltikGahk9k4=
Subject key identifier:   61:89:13:CE:77:F5:BB:46:48:91:04:A8:47:6A:82:C1:B3:6C:CD:03
Certificate issuer:       /CN=836a73bed75aa4efa577ed90ad3562e21951d1b2
Certificate serial:       018CC64AEAC63EF5C22CA036AB13B87C011F
Authority key identifier: 83:6A:73:BE:D7:5A:A4:EF:A5:77:ED:90:AD:35:62:E2:19:51:D1:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2pzvtdapO-ld-2QrTVi4hlR0bI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/YYkTznf1u0ZIkQSoR2qCwbNszQM.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200797
IP address blocks:        185.95.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/g2pzvtdapO-ld-2QrTVi4hlR0bI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/g2pzvtdapO-ld-2QrTVi4hlR0bI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2pzvtdapO-ld-2QrTVi4hlR0bI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ea:c6:3e:f5:c2:2c:a0:36:ab:13:b8:7c:01:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=836a73bed75aa4efa577ed90ad3562e21951d1b2
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=618913ce77f5bb46489104a8476a82c1b36ccd03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:46:19:9f:8a:3c:97:16:3c:26:ff:37:b4:3a:
                    7e:c5:88:ec:a8:98:41:26:60:bf:eb:80:30:dd:08:
                    ab:96:53:a3:31:df:c6:f5:d4:c0:38:b0:aa:29:cc:
                    15:1a:c0:d2:48:ac:ad:16:2b:c0:ac:27:51:97:b4:
                    e8:bc:50:b9:d8:b6:5b:08:98:87:68:1d:a7:58:5c:
                    3c:d1:eb:7a:7e:c9:10:07:8b:44:5f:63:1b:19:87:
                    b1:96:cc:be:81:fa:d6:d9:42:55:85:75:a6:93:3a:
                    49:07:fd:7e:83:ae:54:2b:ec:54:ed:7d:dd:d0:05:
                    ba:c3:4d:d0:9e:1a:f9:00:4c:cf:0e:b3:83:d2:d7:
                    7d:9e:ca:36:0e:e5:b3:c6:27:3a:82:f3:9b:c8:17:
                    21:83:3f:be:5c:55:62:46:49:49:64:b6:6d:43:52:
                    c6:d9:b2:78:5d:af:b4:33:93:3a:c3:7b:d9:e6:2c:
                    cb:f9:ff:a0:be:19:75:8c:70:19:80:20:73:1c:18:
                    fc:9d:6b:c9:cc:81:9c:58:3e:9c:ef:4c:fb:8f:18:
                    5d:39:a9:10:e0:7a:3b:e7:dc:d6:83:69:39:35:16:
                    2e:4d:a6:1b:9d:e8:dd:00:32:7b:76:7a:d9:61:c6:
                    58:c4:21:81:df:78:94:cd:2d:cd:94:8a:a8:57:92:
                    77:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:89:13:CE:77:F5:BB:46:48:91:04:A8:47:6A:82:C1:B3:6C:CD:03
            X509v3 Authority Key Identifier:
                keyid:83:6A:73:BE:D7:5A:A4:EF:A5:77:ED:90:AD:35:62:E2:19:51:D1:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2pzvtdapO-ld-2QrTVi4hlR0bI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/YYkTznf1u0ZIkQSoR2qCwbNszQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/g2pzvtdapO-ld-2QrTVi4hlR0bI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c2:61:6e:1d:c3:a2:da:03:63:12:56:1c:ce:e7:80:77:69:b4:
         7e:7b:77:e6:6c:ed:37:ca:51:ae:95:25:70:0e:5c:e0:89:6d:
         26:df:84:8c:b9:cc:10:60:4d:f3:eb:d1:65:d9:68:d7:f4:5a:
         51:c6:96:e6:91:3b:0e:ed:4f:8b:64:3e:b9:6b:3c:87:fc:e0:
         e9:f5:7b:5c:dd:52:19:08:3a:40:45:3c:a3:20:82:22:c8:24:
         01:d5:c3:ed:ba:dc:c9:e1:3d:bb:df:bd:8a:b4:d6:92:04:63:
         dd:7b:c0:b1:36:09:55:dc:87:70:a3:e2:4a:1d:f7:45:ff:37:
         8f:96:be:11:af:be:5a:8c:30:64:8b:8f:2f:8d:4e:ce:5a:22:
         ce:92:95:d0:5e:7f:8c:c0:ef:ad:ac:a1:f6:c8:8c:e3:b0:73:
         72:6e:23:a2:c1:d1:79:da:cd:5a:c3:5a:a4:2e:b1:bd:cb:35:
         ef:2a:84:3f:a3:34:0b:c7:7f:54:c6:a3:8a:4b:8b:62:6d:8f:
         d8:2a:ad:29:6f:19:69:d6:ca:fa:10:b0:88:6e:e0:72:c2:67:
         c0:72:3b:20:6c:b3:91:53:2d:25:65:e6:33:f0:c8:c0:63:81:
         6e:b6:15:4a:de:b7:e6:9e:33:f9:37:f8:69:57:51:4f:37:4d:
         17:88:51:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSurGPvXCLKA2qxO4fAEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNmE3M2JlZDc1YWE0ZWZhNTc3ZWQ5MGFkMzU2MmUyMTk1
MWQxYjIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTg5MTNjZTc3ZjViYjQ2NDg5MTA0YTg0NzZhODJjMWIzNmNjZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEYZn4o8lxY8Jv83tDp+xYjsqJhB
JmC/64Aw3QirllOjMd/G9dTAOLCqKcwVGsDSSKytFivArCdRl7TovFC52LZbCJiH
aB2nWFw80et6fskQB4tEX2MbGYexlsy+gfrW2UJVhXWmkzpJB/1+g65UK+xU7X3d
0AW6w03Qnhr5AEzPDrOD0td9nso2DuWzxic6gvObyBchgz++XFViRklJZLZtQ1LG
2bJ4Xa+0M5M6w3vZ5izL+f+gvhl1jHAZgCBzHBj8nWvJzIGcWD6c70z7jxhdOakQ
4Ho759zWg2k5NRYuTaYbnejdADJ7dnrZYcZYxCGB33iUzS3NlIqoV5J3IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGJE8539btGSJEEqEdqgsGzbM0DMB8GA1UdIwQY
MBaAFINqc77XWqTvpXftkK01YuIZUdGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJwenZ0ZGFwTy1sZC0yUXJUVmk0aGxSMGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hYjM0YWQtOWU5YS00Mjg5LTg3Mjct
YjFhY2Q3NTAxOGMzLzEvWVlrVHpuZjF1MFpJa1FTb1IycUN3Yk5zelFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hYjM0YWQtOWU5YS00Mjg5LTg3MjctYjFhY2Q3NTAxOGMz
LzEvZzJwenZ0ZGFwTy1sZC0yUXJUVmk0aGxSMGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV/UMA0G
CSqGSIb3DQEBCwUAA4IBAQDCYW4dw6LaA2MSVhzO54B3abR+e3fmbO03ylGulSVw
DlzgiW0m34SMucwQYE3z69Fl2WjX9FpRxpbmkTsO7U+LZD65azyH/ODp9Xtc3VIZ
CDpARTyjIIIiyCQB1cPtutzJ4T27372KtNaSBGPde8CxNglV3Idwo+JKHfdF/zeP
lr4Rr75ajDBki48vjU7OWiLOkpXQXn+MwO+trKH2yIzjsHNybiOiwdF52s1aw1qk
LrG9yzXvKoQ/ozQLx39UxqOKS4tibY/YKq0pbxlp1sr6ELCIbuBywmfAcjsgbLOR
Uy0lZeYz8MjAY4FuthVK3rfmnjP5N/hpV1FPN00XiFH+
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:42:23 2024 by rpki-client on console-ams.rpki-client.org