Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/yb18tdrYD8nLOGJ7_0rCLAvm8Z8.roa
File:                     yb18tdrYD8nLOGJ7_0rCLAvm8Z8.roa (raw, json)
Hash identifier:          Vz60rZZ368/i00GQfmzLeZqsOnaqSolitLIThTcsr7U=
Subject key identifier:   C9:BD:7C:B5:DA:D8:0F:C9:CB:38:62:7B:FF:4A:C2:2C:0B:E6:F1:9F
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802C93AB5C5073F82E1533D679F0241
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/yb18tdrYD8nLOGJ7_0rCLAvm8Z8.roa
Signing time:             Tue 02 Jan 2024 02:31:14 +0000
ROA not before:           Tue 02 Jan 2024 02:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44289
IP address blocks:        85.204.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:c9:3a:b5:c5:07:3f:82:e1:53:3d:67:9f:02:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9bd7cb5dad80fc9cb38627bff4ac22c0be6f19f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4b:06:fa:e7:0e:6c:0f:70:97:d2:96:f5:81:
                    37:00:4a:2b:34:ca:4c:c0:63:24:6e:4d:88:4a:6d:
                    65:e2:59:38:2b:e6:32:7e:dc:3e:6a:2f:30:cf:04:
                    f2:56:dd:4a:12:b4:2b:02:ff:88:60:04:87:64:36:
                    47:60:cf:7c:86:8a:43:e9:ff:80:37:bf:73:f7:53:
                    05:37:88:da:98:d0:59:2b:5a:00:de:a1:0f:c0:c9:
                    50:4f:b7:84:01:d9:d4:e1:81:2b:00:66:fa:99:ad:
                    f0:59:cf:48:2f:fa:b0:09:e3:69:18:3d:d6:d5:18:
                    78:7e:a3:ec:04:f8:cf:5d:e4:1e:25:30:2a:a0:f3:
                    da:72:dd:ee:e2:b0:56:c0:ff:e9:b2:4b:a7:e0:b1:
                    57:f9:76:8b:45:87:8b:34:4e:b3:d7:95:1d:08:f7:
                    22:d7:7b:de:75:1e:a7:1d:d8:f1:97:f0:b0:ba:0c:
                    bb:7a:b7:f4:89:ac:bc:56:4f:94:24:c4:3c:d8:66:
                    59:9f:ff:69:1b:57:32:60:10:83:53:e8:31:d8:10:
                    21:82:a0:84:d1:6a:95:0b:96:46:c5:a3:7e:59:21:
                    6e:d2:af:53:3f:8e:be:6f:a3:9e:d0:0a:e2:6d:50:
                    18:cb:58:ad:67:81:ed:fb:a6:2b:57:70:ca:98:58:
                    69:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:BD:7C:B5:DA:D8:0F:C9:CB:38:62:7B:FF:4A:C2:2C:0B:E6:F1:9F
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/yb18tdrYD8nLOGJ7_0rCLAvm8Z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:42:67:14:b0:d8:4a:a7:c1:ef:10:80:bc:72:ef:1c:50:fe:
         0e:3d:0d:a1:22:f1:8f:66:05:87:09:99:ff:65:29:2e:5b:a7:
         79:23:78:f8:76:6a:81:04:50:8b:2f:6e:d4:4d:e6:5c:e4:70:
         94:a4:5c:a4:f3:68:16:ca:3c:52:58:dd:7f:2a:ac:fc:ab:14:
         6f:c4:a6:69:68:cf:4c:aa:61:d2:7f:d3:97:c7:7d:4d:9c:51:
         d6:c2:96:b9:2c:95:55:b2:88:f0:b2:61:95:29:f7:a7:b5:6f:
         26:3d:8b:6a:2c:36:98:85:87:af:37:ca:71:42:13:f6:4b:74:
         6c:3b:20:d7:3a:46:89:b3:40:8d:4e:69:d3:1c:a3:35:57:7f:
         c5:ce:3d:5f:38:e5:51:ae:5b:1e:d8:ba:68:31:57:9f:92:a0:
         e9:57:c6:b0:02:8a:ec:b8:0e:41:fb:46:3d:e0:45:9b:97:44:
         08:16:0a:1a:ae:10:ab:e3:5a:2b:49:02:d1:d8:21:96:95:ce:
         fe:ae:bf:59:65:10:bd:42:b3:6c:e3:26:a5:2b:9d:02:da:82:
         72:5e:06:34:be:dc:3b:ac:3f:bd:58:74:a1:76:3f:8c:54:73:
         c7:59:6e:f2:d8:58:fb:d8:0a:e1:ee:fe:d0:0c:bd:0c:86:6c:
         0c:db:41:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAsk6tcUHP4LhUz1nnwJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWJkN2NiNWRhZDgwZmM5Y2IzODYyN2JmZjRhYzIyYzBiZTZmMTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEsG+ucObA9wl9KW9YE3AEorNMpM
wGMkbk2ISm1l4lk4K+Yyftw+ai8wzwTyVt1KErQrAv+IYASHZDZHYM98hopD6f+A
N79z91MFN4jamNBZK1oA3qEPwMlQT7eEAdnU4YErAGb6ma3wWc9IL/qwCeNpGD3W
1Rh4fqPsBPjPXeQeJTAqoPPact3u4rBWwP/pskun4LFX+XaLRYeLNE6z15UdCPci
13vedR6nHdjxl/Cwugy7erf0iay8Vk+UJMQ82GZZn/9pG1cyYBCDU+gx2BAhgqCE
0WqVC5ZGxaN+WSFu0q9TP46+b6Oe0AribVAYy1itZ4Ht+6YrV3DKmFhpBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMm9fLXa2A/Jyzhie/9KwiwL5vGfMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEveWIxOHRkcllEOG5MT0dKN18wckNMQXZtOFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcxEMA0G
CSqGSIb3DQEBCwUAA4IBAQAnQmcUsNhKp8HvEIC8cu8cUP4OPQ2hIvGPZgWHCZn/
ZSkuW6d5I3j4dmqBBFCLL27UTeZc5HCUpFyk82gWyjxSWN1/Kqz8qxRvxKZpaM9M
qmHSf9OXx31NnFHWwpa5LJVVsojwsmGVKfentW8mPYtqLDaYhYevN8pxQhP2S3Rs
OyDXOkaJs0CNTmnTHKM1V3/Fzj1fOOVRrlse2LpoMVefkqDpV8awAorsuA5B+0Y9
4EWbl0QIFgoarhCr41orSQLR2CGWlc7+rr9ZZRC9QrNs4yalK50C2oJyXgY0vtw7
rD+9WHShdj+MVHPHWW7y2Fj72Arh7v7QDL0MhmwM20Hl
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:37:20 2024 by rpki-client on console-fra.rpki-client.org