Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/IJsICHs0Ot41UU3GJ8tdfOM2xko.roa
File:                     IJsICHs0Ot41UU3GJ8tdfOM2xko.roa (raw, json)
Hash identifier:          ItB96PxWAFRR72IzdJxz0YVu22y1skr/GCxnLjkSa5c=
Subject key identifier:   20:9B:08:08:7B:34:3A:DE:35:51:4D:C6:27:CB:5D:7C:E3:36:C6:4A
Certificate issuer:       /CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
Certificate serial:       018CC94BDCCFE297523D0366A38D66647686
Authority key identifier: E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/IJsICHs0Ot41UU3GJ8tdfOM2xko.roa
Signing time:             Tue 02 Jan 2024 08:30:41 +0000
ROA not before:           Tue 02 Jan 2024 08:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47857
IP address blocks:        185.25.8.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:dc:cf:e2:97:52:3d:03:66:a3:8d:66:64:76:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
        Validity
            Not Before: Jan  2 08:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=209b08087b343ade35514dc627cb5d7ce336c64a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f5:6a:2f:9e:c8:bc:8f:2d:1d:25:e2:02:ed:
                    74:33:26:0b:01:00:2f:f9:f1:2b:49:4a:ca:f8:c9:
                    30:8e:74:81:d1:e2:4d:c0:09:48:55:ec:37:b6:c8:
                    6c:d2:ed:6f:1c:30:fd:c2:68:90:e5:04:cd:8c:02:
                    dc:1f:5a:60:7e:eb:fb:5b:b5:24:2e:38:c5:52:ff:
                    d2:dd:36:83:b1:63:77:03:92:be:ab:10:0d:34:40:
                    68:91:85:0a:b0:fa:7e:93:64:95:b8:fb:ab:90:dd:
                    df:12:46:f3:ec:36:61:9a:d3:e2:5b:0b:67:53:1b:
                    8b:30:90:83:40:e0:a9:27:b0:ef:de:83:a7:fb:51:
                    53:4f:aa:cd:16:c4:82:a4:50:4a:f7:d9:ef:18:37:
                    cd:67:50:68:2b:27:80:c6:eb:ea:31:92:1b:e8:cd:
                    cc:22:b6:37:82:dd:0a:12:b1:ec:fa:ec:75:42:a8:
                    5c:1a:c8:22:81:00:de:94:e6:36:b7:50:a2:3e:62:
                    a8:ce:52:99:25:16:32:6c:27:14:d6:ed:a6:d9:b1:
                    ea:9f:c8:60:83:a3:05:26:17:44:40:71:9f:73:cd:
                    25:09:4f:4c:09:ea:fc:15:c6:83:73:80:ce:71:31:
                    74:ad:c7:99:57:57:ac:f7:b0:61:33:5e:8d:c1:24:
                    88:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:9B:08:08:7B:34:3A:DE:35:51:4D:C6:27:CB:5D:7C:E3:36:C6:4A
            X509v3 Authority Key Identifier:
                keyid:E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/IJsICHs0Ot41UU3GJ8tdfOM2xko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:93:4d:58:03:1b:37:45:8d:3e:c7:41:7e:b5:79:13:f7:17:
         af:78:fc:53:cf:45:9b:68:74:d6:5f:64:29:11:5f:d0:cc:b0:
         fd:71:98:62:01:50:03:81:fb:27:ab:b8:fe:58:3c:42:18:73:
         c5:71:97:c6:63:2f:48:f8:5d:1d:21:3b:3e:04:94:16:dd:cb:
         ef:16:b3:19:2b:b2:42:92:04:cb:0c:88:5c:f3:0a:64:4a:2a:
         de:79:f1:12:4e:05:26:d8:7d:c9:86:2e:24:63:4e:2f:73:8b:
         36:93:d4:27:47:e9:26:5d:fd:f9:43:2d:d5:62:b8:64:99:73:
         a8:07:b3:39:06:71:77:d6:9c:e4:7a:b4:cc:18:ec:65:08:9c:
         e8:a3:63:21:19:8d:49:03:f6:23:ba:2c:09:86:61:72:94:dc:
         60:d3:bc:a3:5a:3c:ab:e7:77:d1:41:a7:76:a1:d1:2f:41:f3:
         64:1e:bb:5d:55:2d:99:7f:48:67:94:c2:0f:8d:e2:f8:58:61:
         45:47:41:65:bf:df:b3:cb:9a:73:47:dc:ef:38:ea:47:e7:3b:
         a4:a4:9b:ae:de:b0:ac:60:87:31:e7:e4:45:d9:56:1e:9b:90:
         ef:fb:28:28:c1:03:b7:d2:d2:2e:57:3f:22:1b:5d:f6:c8:9b:
         94:be:72:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS9zP4pdSPQNmo41mZHaGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTgzYjQwYjNmNGQ3ZDMxZmIzMzY4ZGFmYWNhMTE5OWE0
NDk4OTIwHhcNMjQwMTAyMDgzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDliMDgwODdiMzQzYWRlMzU1MTRkYzYyN2NiNWQ3Y2UzMzZjNjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPVqL57IvI8tHSXiAu10MyYLAQAv
+fErSUrK+MkwjnSB0eJNwAlIVew3tshs0u1vHDD9wmiQ5QTNjALcH1pgfuv7W7Uk
LjjFUv/S3TaDsWN3A5K+qxANNEBokYUKsPp+k2SVuPurkN3fEkbz7DZhmtPiWwtn
UxuLMJCDQOCpJ7Dv3oOn+1FTT6rNFsSCpFBK99nvGDfNZ1BoKyeAxuvqMZIb6M3M
IrY3gt0KErHs+ux1QqhcGsgigQDelOY2t1CiPmKozlKZJRYybCcU1u2m2bHqn8hg
g6MFJhdEQHGfc80lCU9MCer8FcaDc4DOcTF0rceZV1es97BhM16NwSSITQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCbCAh7NDreNVFNxifLXXzjNsZKMB8GA1UdIwQY
MBaAFOWoO0Cz9NfTH7M2ja+soRmaRJiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEt
M2QzODg2MDZkYTEyLzEvSUpzSUNIczBPdDQxVVUzR0o4dGRmT00yeGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEtM2QzODg2MDZkYTEy
LzEvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRkIMA0G
CSqGSIb3DQEBCwUAA4IBAQBbk01YAxs3RY0+x0F+tXkT9xevePxTz0WbaHTWX2Qp
EV/QzLD9cZhiAVADgfsnq7j+WDxCGHPFcZfGYy9I+F0dITs+BJQW3cvvFrMZK7JC
kgTLDIhc8wpkSireefESTgUm2H3Jhi4kY04vc4s2k9QnR+kmXf35Qy3VYrhkmXOo
B7M5BnF31pzkerTMGOxlCJzoo2MhGY1JA/YjuiwJhmFylNxg07yjWjyr53fRQad2
odEvQfNkHrtdVS2Zf0hnlMIPjeL4WGFFR0Flv9+zy5pzR9zvOOpH5zukpJuu3rCs
YIcx5+RF2VYem5Dv+ygowQO30tIuVz8iG132yJuUvnJ+
-----END CERTIFICATE-----
Generated at Sun Sep 29 04:46:08 2024 by rpki-client on console-fra.rpki-client.org