Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/cgwOYMZbMiIXty70J3dB3CuWWMc.roa
File:                     cgwOYMZbMiIXty70J3dB3CuWWMc.roa (raw, json)
Hash identifier:          yUvS3UBOL6gsQTpFHR5b2+KGwYp2Sj/lAv+PWZ1GuqE=
Subject key identifier:   72:0C:0E:60:C6:5B:32:22:17:B7:2E:F4:27:77:41:DC:2B:96:58:C7
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802C6319023B99B1700A2B002C80CF5
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/cgwOYMZbMiIXty70J3dB3CuWWMc.roa
Signing time:             Tue 02 Jan 2024 02:31:14 +0000
ROA not before:           Tue 02 Jan 2024 02:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39425
IP address blocks:        85.204.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:c6:31:90:23:b9:9b:17:00:a2:b0:02:c8:0c:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=720c0e60c65b322217b72ef4277741dc2b9658c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:26:dc:b0:bb:f7:9f:d3:3c:40:70:df:11:d8:
                    df:18:69:48:8d:35:2c:30:2d:5c:20:bf:7f:a4:4d:
                    3d:47:61:65:46:7c:3b:4b:a0:0e:62:bb:da:d7:cf:
                    eb:33:8d:6b:1a:f5:81:16:6b:55:f1:bf:81:ad:87:
                    77:e4:16:a9:a1:be:24:94:5e:d8:2f:22:b5:7b:18:
                    4e:51:fd:6e:db:9e:21:7d:4f:03:f5:e2:ba:77:9e:
                    99:f1:9f:f2:1c:16:30:55:ec:e9:4a:0a:4d:63:f4:
                    aa:c6:34:15:fa:d3:1b:bd:5a:9b:8a:ce:50:5f:ed:
                    42:f2:5c:be:f8:81:de:4a:b1:33:fc:88:bb:8f:67:
                    cb:21:95:8b:67:cd:b8:56:1d:43:4d:41:d5:43:2d:
                    d1:f7:4b:7a:e1:a1:d6:fe:62:cf:70:07:e9:d5:61:
                    f9:65:ba:2d:b8:5e:a3:86:bb:48:11:e6:99:12:d9:
                    c1:5a:5c:03:7d:f3:fa:1c:39:49:89:26:61:42:be:
                    b9:7e:0d:75:1a:85:7c:c1:f1:dc:39:7f:f1:55:54:
                    f0:f4:83:74:42:6e:bf:19:3a:e3:20:4e:bb:96:b1:
                    f3:b1:48:ec:8b:a2:57:99:71:9b:eb:a5:61:3b:3d:
                    87:89:03:de:14:54:f8:19:15:80:0b:95:b5:fb:01:
                    68:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0C:0E:60:C6:5B:32:22:17:B7:2E:F4:27:77:41:DC:2B:96:58:C7
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/cgwOYMZbMiIXty70J3dB3CuWWMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:8e:8b:9f:2e:db:f9:36:7e:a4:b6:bf:7c:90:4c:99:1d:83:
         27:4a:59:45:09:8f:23:1e:cb:21:6e:e1:28:99:7c:cd:c3:54:
         8f:b2:27:d0:3d:b9:aa:90:3d:fe:44:54:84:a9:79:0f:ed:86:
         82:db:d9:bf:7a:d2:0d:ca:66:9f:61:87:90:24:70:35:3f:93:
         a9:07:3b:59:56:22:86:ec:32:29:10:4b:e4:ca:77:5f:d4:c2:
         f8:2a:42:34:48:54:bf:e4:93:6e:4b:0e:c7:5b:0d:8a:0a:77:
         c2:32:2a:95:ef:b9:80:db:59:a2:eb:72:14:e1:2d:93:68:2f:
         29:31:42:e3:84:2b:d6:85:1b:3c:33:6d:1f:fd:99:d3:0e:f6:
         31:44:92:1f:11:fe:bc:ce:c0:bd:a7:0c:bb:a5:a4:6c:8f:ab:
         02:42:8e:14:2a:57:49:f5:74:2b:1e:b0:cc:4b:a3:87:42:78:
         4c:0a:22:2c:a1:e3:a4:2f:a9:e8:cd:b1:8e:e2:89:b2:71:f7:
         fd:45:db:f2:a9:85:15:43:91:d0:66:98:95:b7:01:d5:f7:b8:
         a8:9a:19:89:84:bc:02:28:5f:52:27:8e:4f:2e:00:fe:7a:f7:
         22:f1:77:98:a4:f6:3c:33:ac:c1:55:9a:4e:e2:71:bc:b4:a1:
         b6:e2:31:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAsYxkCO5mxcAorACyAz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjBjMGU2MGM2NWIzMjIyMTdiNzJlZjQyNzc3NDFkYzJiOTY1OGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCbcsLv3n9M8QHDfEdjfGGlIjTUs
MC1cIL9/pE09R2FlRnw7S6AOYrva18/rM41rGvWBFmtV8b+BrYd35Bapob4klF7Y
LyK1exhOUf1u254hfU8D9eK6d56Z8Z/yHBYwVezpSgpNY/SqxjQV+tMbvVqbis5Q
X+1C8ly++IHeSrEz/Ii7j2fLIZWLZ824Vh1DTUHVQy3R90t64aHW/mLPcAfp1WH5
ZbotuF6jhrtIEeaZEtnBWlwDffP6HDlJiSZhQr65fg11GoV8wfHcOX/xVVTw9IN0
Qm6/GTrjIE67lrHzsUjsi6JXmXGb66VhOz2HiQPeFFT4GRWAC5W1+wFoYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIMDmDGWzIiF7cu9Cd3QdwrlljHMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvY2d3T1lNWmJNaUlYdHk3MEozZEIzQ3VXV01jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcwpMA0G
CSqGSIb3DQEBCwUAA4IBAQCVjoufLtv5Nn6ktr98kEyZHYMnSllFCY8jHsshbuEo
mXzNw1SPsifQPbmqkD3+RFSEqXkP7YaC29m/etINymafYYeQJHA1P5OpBztZViKG
7DIpEEvkyndf1ML4KkI0SFS/5JNuSw7HWw2KCnfCMiqV77mA21mi63IU4S2TaC8p
MULjhCvWhRs8M20f/ZnTDvYxRJIfEf68zsC9pwy7paRsj6sCQo4UKldJ9XQrHrDM
S6OHQnhMCiIsoeOkL6nozbGO4omycff9RdvyqYUVQ5HQZpiVtwHV97iomhmJhLwC
KF9SJ45PLgD+evci8XeYpPY8M6zBVZpO4nG8tKG24jEl
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:21:29 2024 by rpki-client on console-ams.rpki-client.org