Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/QI1Z1gW7fSrMJE0WEmoklw4nVY8.roa
File:                     QI1Z1gW7fSrMJE0WEmoklw4nVY8.roa (raw, json)
Hash identifier:          yiHNGf5C94GAE8omjdB0coIpDFZl8svokmdyFmBiAlg=
Subject key identifier:   40:8D:59:D6:05:BB:7D:2A:CC:24:4D:16:12:6A:24:97:0E:27:55:8F
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       018CCA99286422BDC0DE8BFD811122D2FDD0
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/QI1Z1gW7fSrMJE0WEmoklw4nVY8.roa
Signing time:             Tue 02 Jan 2024 14:34:44 +0000
ROA not before:           Tue 02 Jan 2024 14:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.221.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:28:64:22:bd:c0:de:8b:fd:81:11:22:d2:fd:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jan  2 14:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=408d59d605bb7d2acc244d16126a24970e27558f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f7:a1:8e:2c:e1:f4:27:ba:f4:ae:94:95:08:
                    7d:2e:5b:f9:db:b4:36:71:5c:c6:64:ea:6e:b5:94:
                    39:d7:af:66:f6:5b:9d:23:a8:f0:b5:c2:6f:2a:b3:
                    0c:6d:02:4e:82:32:d2:7e:a3:ea:1f:df:19:2d:d4:
                    71:dd:68:60:81:9c:b3:47:2b:26:17:5b:ac:0a:97:
                    76:2d:87:36:0c:af:04:2c:02:a5:06:b8:fe:cc:6d:
                    1e:7e:c9:e8:6d:26:18:83:b3:d2:13:fd:90:07:0a:
                    78:40:89:a2:9d:eb:f1:5f:43:9e:ec:64:93:e7:da:
                    f9:7c:ad:54:9f:3b:e6:c7:85:a2:3b:5c:97:40:98:
                    5d:e5:1e:e6:cc:9f:54:82:ef:b4:86:2e:6c:ac:af:
                    b2:32:c0:d9:ac:85:1a:21:7d:0f:f7:6f:a3:f1:73:
                    72:0e:a2:29:e1:dc:45:ab:40:84:02:92:e5:7c:4a:
                    3b:c4:d7:f4:31:e2:ce:7a:c1:0e:6a:6d:e2:26:68:
                    4d:b4:a4:3d:2a:45:ec:43:4d:08:68:ab:7e:c2:1f:
                    f2:09:dc:f0:ec:72:9a:79:ce:9e:05:e0:63:fd:fc:
                    01:23:db:77:36:b8:52:3b:08:15:2a:fd:e8:ba:6a:
                    38:bc:ad:d2:24:dc:ec:13:9b:8f:e1:59:67:f1:d9:
                    c1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8D:59:D6:05:BB:7D:2A:CC:24:4D:16:12:6A:24:97:0E:27:55:8F
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/QI1Z1gW7fSrMJE0WEmoklw4nVY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:45:eb:d6:82:a3:ac:97:0b:6b:21:12:2d:f6:69:c9:0f:5c:
         6a:14:35:3b:19:1e:91:25:7a:31:46:8c:bb:8a:f3:6f:50:39:
         41:76:69:f7:90:a4:12:81:fe:15:e5:52:58:66:3c:de:ec:0f:
         33:1c:2c:57:b4:d0:96:4b:4b:b2:7e:31:88:d2:d5:a7:5b:05:
         bf:8a:1a:d7:f7:6a:38:a1:75:01:7a:58:57:4b:42:c6:89:6a:
         7e:e1:dc:95:55:e0:54:43:8a:be:c1:1d:8d:7b:a7:6e:b8:1c:
         3d:f6:99:f0:9f:84:af:1e:3e:81:30:95:f2:2b:54:4d:ac:1c:
         8a:67:b4:43:b8:e9:ed:15:1a:6d:e2:db:57:3c:39:45:48:3e:
         1a:bf:46:27:cb:60:35:27:67:77:fd:41:91:73:cc:ad:f0:ea:
         98:e1:d5:c8:ef:4e:bc:c7:80:4c:97:1a:af:b7:1a:87:ca:4d:
         6b:b2:4e:e2:5d:34:b0:23:db:cc:e5:a0:a7:39:2a:23:96:be:
         20:dd:1d:d0:dc:6f:87:6c:15:f6:1e:87:c3:ca:53:6a:c3:62:
         49:3d:ad:b0:43:b4:8f:a1:bd:95:d6:01:66:64:2e:52:1d:e2:
         48:a0:97:87:aa:be:c3:da:f6:e3:74:bb:15:83:65:e0:91:87:
         9a:fd:e5:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmShkIr3A3ov9gREi0v3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjQwMTAyMTQzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhkNTlkNjA1YmI3ZDJhY2MyNDRkMTYxMjZhMjQ5NzBlMjc1NThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/ehjizh9Ce69K6UlQh9Llv527Q2
cVzGZOputZQ5169m9ludI6jwtcJvKrMMbQJOgjLSfqPqH98ZLdRx3WhggZyzRysm
F1usCpd2LYc2DK8ELAKlBrj+zG0efsnobSYYg7PSE/2QBwp4QIminevxX0Oe7GST
59r5fK1Unzvmx4WiO1yXQJhd5R7mzJ9Ugu+0hi5srK+yMsDZrIUaIX0P92+j8XNy
DqIp4dxFq0CEApLlfEo7xNf0MeLOesEOam3iJmhNtKQ9KkXsQ00IaKt+wh/yCdzw
7HKaec6eBeBj/fwBI9t3NrhSOwgVKv3oumo4vK3SJNzsE5uP4Vln8dnBFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECNWdYFu30qzCRNFhJqJJcOJ1WPMB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvUUkxWjFnVzdmU3JNSkUwV0Vtb2tsdzRuVlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3aMA0G
CSqGSIb3DQEBCwUAA4IBAQBBRevWgqOslwtrIRIt9mnJD1xqFDU7GR6RJXoxRoy7
ivNvUDlBdmn3kKQSgf4V5VJYZjze7A8zHCxXtNCWS0uyfjGI0tWnWwW/ihrX92o4
oXUBelhXS0LGiWp+4dyVVeBUQ4q+wR2Ne6duuBw99pnwn4SvHj6BMJXyK1RNrByK
Z7RDuOntFRpt4ttXPDlFSD4av0Yny2A1J2d3/UGRc8yt8OqY4dXI7068x4BMlxqv
txqHyk1rsk7iXTSwI9vM5aCnOSojlr4g3R3Q3G+HbBX2HofDylNqw2JJPa2wQ7SP
ob2V1gFmZC5SHeJIoJeHqr7D2vbjdLsVg2XgkYea/eUI
-----END CERTIFICATE-----
Generated at Wed May 8 13:15:19 2024 by rpki-client on console-ams.rpki-client.org