Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/P9gryuvTRUEI-wZAAwxeDANxHs0.roa
File:                     P9gryuvTRUEI-wZAAwxeDANxHs0.roa (raw, json)
Hash identifier:          NqedYOdZuFNMrOqJwXaWHGuhg/CC6heJwovl0AAXq5A=
Subject key identifier:   3F:D8:2B:CA:EB:D3:45:41:08:FB:06:40:03:0C:5E:0C:03:71:1E:CD
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       019138854896C848B5F28B8A14FA818FA039
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/P9gryuvTRUEI-wZAAwxeDANxHs0.roa
Signing time:             Fri 09 Aug 2024 19:02:24 +0000
ROA not before:           Fri 09 Aug 2024 19:02:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.140.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:38:85:48:96:c8:48:b5:f2:8b:8a:14:fa:81:8f:a0:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Aug  9 19:02:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fd82bcaebd3454108fb0640030c5e0c03711ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0b:20:a9:81:09:c0:f9:d5:1e:e3:51:78:1b:
                    e9:34:ec:2c:e3:95:3f:21:01:39:44:da:3e:9e:3f:
                    ad:55:79:b3:f7:ad:40:b3:3d:1e:fc:45:ac:af:14:
                    63:2c:93:50:86:7f:1f:e6:17:9f:69:f7:08:3a:00:
                    43:09:f2:81:af:5c:17:21:51:37:fa:8e:76:65:5c:
                    79:dc:82:81:ce:b6:9a:3e:64:07:19:48:ce:22:e5:
                    24:ff:f7:e5:02:af:60:22:7d:3c:bd:98:24:79:f8:
                    e6:57:b4:0f:6a:cb:66:f2:01:9e:14:92:2f:7f:be:
                    18:5e:32:09:85:b7:4f:a0:6d:30:c2:9b:35:b4:6e:
                    dd:81:b6:ed:3a:5a:f5:21:9c:e6:7d:14:2a:22:fb:
                    65:3a:cc:b5:b6:9d:98:b5:72:89:be:09:4b:d0:d3:
                    cc:3e:ce:3e:e8:94:72:0d:29:d9:15:00:98:b9:5a:
                    c0:3b:d8:b5:bb:aa:1f:62:a5:ad:dd:ec:d3:31:4a:
                    28:bf:9c:33:a8:89:aa:91:62:8d:ad:02:3b:dc:ce:
                    e7:92:8f:71:5a:f7:cb:20:85:0c:37:7b:d1:53:e6:
                    14:95:97:b9:ce:ef:ae:32:9c:56:af:db:83:a2:11:
                    f6:27:93:5c:5b:64:86:9a:2a:34:89:1a:0b:9c:e6:
                    f9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D8:2B:CA:EB:D3:45:41:08:FB:06:40:03:0C:5E:0C:03:71:1E:CD
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/P9gryuvTRUEI-wZAAwxeDANxHs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:01:7e:ec:15:33:b3:b0:4b:11:5c:42:42:96:70:db:65:8d:
         f1:e2:eb:6f:55:bf:7e:36:9b:a5:45:c4:53:4a:6e:52:3a:fc:
         2d:78:27:57:59:01:8f:b4:13:08:6b:ec:76:c2:ec:d6:bd:63:
         a4:78:ed:e4:04:b6:66:2c:82:11:9b:30:86:1f:45:2d:ab:0a:
         2e:bc:1a:a9:0a:30:67:5d:9b:3a:bd:c0:cb:5c:9e:1e:11:60:
         7b:ef:01:e6:93:b2:28:41:d7:93:a2:2c:10:c6:85:2f:59:30:
         19:f7:77:e6:05:9a:0c:b3:a6:e2:36:e6:b7:a4:8c:8d:3d:d6:
         fb:dc:e5:bc:a7:b2:ec:33:f4:f6:06:b8:9a:46:62:86:2c:63:
         b2:40:c9:d4:99:ab:ed:7d:2e:0f:2e:44:c0:33:d8:2b:ce:fb:
         1f:43:17:02:1b:3e:02:4f:9c:32:6f:a8:ae:c7:21:e5:12:a6:
         a5:8f:5a:22:af:8d:c2:03:a8:ab:3e:4a:a1:6e:71:7b:78:d7:
         00:ba:78:c9:cb:62:a4:58:9d:1f:3d:cf:ea:2c:5e:2b:fe:52:
         1b:fc:72:43:2c:12:b3:e5:c3:b6:74:b0:40:63:64:bb:7a:bf:
         80:69:90:a7:69:15:7a:bd:d7:4f:9e:59:67:48:4f:88:23:07:
         44:2b:f3:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE4hUiWyEi18ouKFPqBj6A5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjQwODA5MTkwMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ4MmJjYWViZDM0NTQxMDhmYjA2NDAwMzBjNWUwYzAzNzExZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgsgqYEJwPnVHuNReBvpNOws45U/
IQE5RNo+nj+tVXmz961Asz0e/EWsrxRjLJNQhn8f5hefafcIOgBDCfKBr1wXIVE3
+o52ZVx53IKBzraaPmQHGUjOIuUk//flAq9gIn08vZgkefjmV7QPastm8gGeFJIv
f74YXjIJhbdPoG0wwps1tG7dgbbtOlr1IZzmfRQqIvtlOsy1tp2YtXKJvglL0NPM
Ps4+6JRyDSnZFQCYuVrAO9i1u6ofYqWt3ezTMUoov5wzqImqkWKNrQI73M7nko9x
WvfLIIUMN3vRU+YUlZe5zu+uMpxWr9uDohH2J5NcW2SGmio0iRoLnOb5NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/YK8rr00VBCPsGQAMMXgwDcR7NMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvUDlncnl1dlRSVUVJLXdaQUF3eGVEQU54SHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYz3MA0G
CSqGSIb3DQEBCwUAA4IBAQB+AX7sFTOzsEsRXEJClnDbZY3x4utvVb9+NpulRcRT
Sm5SOvwteCdXWQGPtBMIa+x2wuzWvWOkeO3kBLZmLIIRmzCGH0UtqwouvBqpCjBn
XZs6vcDLXJ4eEWB77wHmk7IoQdeToiwQxoUvWTAZ93fmBZoMs6biNua3pIyNPdb7
3OW8p7LsM/T2BriaRmKGLGOyQMnUmavtfS4PLkTAM9grzvsfQxcCGz4CT5wyb6iu
xyHlEqalj1oir43CA6irPkqhbnF7eNcAunjJy2KkWJ0fPc/qLF4r/lIb/HJDLBKz
5cO2dLBAY2S7er+AaZCnaRV6vddPnllnSE+IIwdEK/NG
-----END CERTIFICATE-----
Generated at Tue Oct 22 19:02:13 2024 by rpki-client on console-ams.rpki-client.org