Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/OtDkYggmzPlVTHQBv3fT67pUp0g.roa
File:                     OtDkYggmzPlVTHQBv3fT67pUp0g.roa (raw, json)
Hash identifier:          1XFe/LLgJEHOFTcz7i6HMSQK70FHJ3mirJbyktyr8XI=
Subject key identifier:   3A:D0:E4:62:08:26:CC:F9:55:4C:74:01:BF:77:D3:EB:BA:54:A7:48
Certificate issuer:       /CN=f3409b83d114c809211116ca2c8db38dce1680f9
Certificate serial:       019312A064373F3588AF841FD20EF63D220B
Authority key identifier: F3:40:9B:83:D1:14:C8:09:21:11:16:CA:2C:8D:B3:8D:CE:16:80:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80Cbg9EUyAkhERbKLI2zjc4WgPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/OtDkYggmzPlVTHQBv3fT67pUp0g.roa
Signing time:             Sat 09 Nov 2024 20:32:01 +0000
ROA not before:           Sat 09 Nov 2024 20:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205590
IP address blocks:        195.110.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/80Cbg9EUyAkhERbKLI2zjc4WgPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/80Cbg9EUyAkhERbKLI2zjc4WgPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80Cbg9EUyAkhERbKLI2zjc4WgPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:12:a0:64:37:3f:35:88:af:84:1f:d2:0e:f6:3d:22:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3409b83d114c809211116ca2c8db38dce1680f9
        Validity
            Not Before: Nov  9 20:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ad0e4620826ccf9554c7401bf77d3ebba54a748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d7:34:ec:94:3c:c9:35:73:ec:0a:b5:d1:77:
                    05:19:ee:45:a5:0f:f9:b1:f2:0c:fe:bd:b4:45:92:
                    6f:34:a0:d8:9c:5a:ba:68:65:d2:e1:54:8e:83:e7:
                    39:3b:a4:be:d4:fb:11:af:96:87:af:c6:0f:ec:d9:
                    f1:e4:63:44:cd:d9:ce:e0:72:43:3a:7e:56:ad:98:
                    77:05:a2:aa:f7:ec:b1:3f:68:83:82:92:a3:e7:4e:
                    22:57:9f:39:be:19:56:65:02:7e:60:b6:5f:f1:c0:
                    05:cb:4b:60:dd:62:62:43:41:c6:fb:1c:b9:0c:ff:
                    bb:94:85:fd:55:5f:56:9f:c3:07:5d:04:02:4a:2a:
                    f5:c9:bf:a0:d6:61:0f:60:18:f2:03:10:d9:86:b2:
                    d5:2c:0f:07:8e:00:81:90:f7:7c:9c:1b:ec:88:ec:
                    ba:42:26:2b:fa:a1:b4:3e:10:86:8f:91:be:23:24:
                    3b:ac:f5:cf:72:23:93:b4:f2:89:0f:71:0e:54:1e:
                    07:e5:4a:03:65:df:ed:49:fd:2d:ee:a4:d5:50:45:
                    62:4a:20:2e:78:9f:e6:8e:61:05:dd:c3:88:10:82:
                    c1:51:7c:c2:66:16:af:23:2a:56:74:a9:20:de:34:
                    f9:aa:75:fd:f1:3c:0f:6b:2e:ff:41:f4:7c:4a:eb:
                    39:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D0:E4:62:08:26:CC:F9:55:4C:74:01:BF:77:D3:EB:BA:54:A7:48
            X509v3 Authority Key Identifier:
                keyid:F3:40:9B:83:D1:14:C8:09:21:11:16:CA:2C:8D:B3:8D:CE:16:80:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80Cbg9EUyAkhERbKLI2zjc4WgPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/OtDkYggmzPlVTHQBv3fT67pUp0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/80Cbg9EUyAkhERbKLI2zjc4WgPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:96:65:20:97:99:76:d7:df:9f:4c:9b:57:2c:00:a3:ab:04:
         f2:3a:42:64:73:0f:c0:04:d1:ad:1e:b9:b5:28:5b:2e:aa:3f:
         1d:04:25:bc:71:be:e2:99:95:4a:99:a4:5f:ef:d3:96:6b:ba:
         fa:51:f3:be:f9:0c:c9:0e:f4:b6:52:99:1a:03:8f:30:32:79:
         46:f4:75:9d:5f:49:fc:8b:ce:bc:3b:be:c5:ed:8c:e4:02:70:
         e0:b0:4c:55:1d:ab:1f:a7:bf:d2:cb:fb:23:58:a5:08:63:fe:
         8d:65:f2:f1:be:aa:82:15:fb:52:bf:e8:86:02:03:45:cd:ca:
         47:cc:6a:19:a8:cb:85:06:b9:18:30:0a:f6:3c:23:26:3e:e5:
         a0:05:e2:ab:ce:c9:8d:0e:81:e0:e1:f0:37:88:51:28:f1:dd:
         8e:7c:01:0a:b5:33:56:e0:f3:d3:7e:f3:02:52:83:24:8e:13:
         8c:a4:af:b8:bd:d5:f7:af:a6:db:4c:f8:f3:35:94:97:e0:cd:
         94:06:09:24:3e:6b:51:6a:a3:a2:67:7d:19:5f:9b:87:9c:e2:
         cd:b5:8d:21:21:2e:96:20:a5:b9:74:7f:79:af:7d:b2:a5:09:
         0f:79:5b:a7:80:62:99:57:7f:bf:9a:34:21:d1:f7:51:9c:66:
         e4:f4:c4:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMSoGQ3PzWIr4Qf0g72PSILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDA5YjgzZDExNGM4MDkyMTExMTZjYTJjOGRiMzhkY2Ux
NjgwZjkwHhcNMjQxMTA5MjAzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQwZTQ2MjA4MjZjY2Y5NTU0Yzc0MDFiZjc3ZDNlYmJhNTRhNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Nc07JQ8yTVz7Aq10XcFGe5FpQ/5
sfIM/r20RZJvNKDYnFq6aGXS4VSOg+c5O6S+1PsRr5aHr8YP7Nnx5GNEzdnO4HJD
On5WrZh3BaKq9+yxP2iDgpKj504iV585vhlWZQJ+YLZf8cAFy0tg3WJiQ0HG+xy5
DP+7lIX9VV9Wn8MHXQQCSir1yb+g1mEPYBjyAxDZhrLVLA8HjgCBkPd8nBvsiOy6
QiYr+qG0PhCGj5G+IyQ7rPXPciOTtPKJD3EOVB4H5UoDZd/tSf0t7qTVUEViSiAu
eJ/mjmEF3cOIEILBUXzCZhavIypWdKkg3jT5qnX98TwPay7/QfR8Sus5IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrQ5GIIJsz5VUx0Ab930+u6VKdIMB8GA1UdIwQY
MBaAFPNAm4PRFMgJIREWyiyNs43OFoD5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBDYmc5RVV5QWtoRVJiS0xJMnpqYzRXZ1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jMGFmZDQtZTI3Zi00MWNhLWJiZTQt
ZGI3OGEwNTI1Nzk3LzEvT3REa1lnZ216UGxWVEhRQnYzZlQ2N3BVcDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9jMGFmZDQtZTI3Zi00MWNhLWJiZTQtZGI3OGEwNTI1Nzk3
LzEvODBDYmc5RVV5QWtoRVJiS0xJMnpqYzRXZ1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw24eMA0G
CSqGSIb3DQEBCwUAA4IBAQB0lmUgl5l219+fTJtXLACjqwTyOkJkcw/ABNGtHrm1
KFsuqj8dBCW8cb7imZVKmaRf79OWa7r6UfO++QzJDvS2UpkaA48wMnlG9HWdX0n8
i868O77F7YzkAnDgsExVHasfp7/Sy/sjWKUIY/6NZfLxvqqCFftSv+iGAgNFzcpH
zGoZqMuFBrkYMAr2PCMmPuWgBeKrzsmNDoHg4fA3iFEo8d2OfAEKtTNW4PPTfvMC
UoMkjhOMpK+4vdX3r6bbTPjzNZSX4M2UBgkkPmtRaqOiZ30ZX5uHnOLNtY0hIS6W
IKW5dH95r32ypQkPeVungGKZV3+/mjQh0fdRnGbk9MRU
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:02:26 2024 by rpki-client on console-ams.rpki-client.org