Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/w9VbXBpTSsEWu2o1WzRk1bXc6tg.roa
File:                     w9VbXBpTSsEWu2o1WzRk1bXc6tg.roa (raw, json)
Hash identifier:          SG3bc1iRUxiUMNHhx1BVKE5QcCSpfD6SvMpZZZ0/wpU=
Subject key identifier:   C3:D5:5B:5C:1A:53:4A:C1:16:BB:6A:35:5B:34:64:D5:B5:DC:EA:D8
Certificate issuer:       /CN=0d2f81b8c17f55dcdddec54c8cceadd695d28f07
Certificate serial:       018E185A16B6C43C2E5FDC2062A0DF77317B
Authority key identifier: 0D:2F:81:B8:C1:7F:55:DC:DD:DE:C5:4C:8C:CE:AD:D6:95:D2:8F:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/w9VbXBpTSsEWu2o1WzRk1bXc6tg.roa
Signing time:             Thu 07 Mar 2024 09:59:00 +0000
ROA not before:           Thu 07 Mar 2024 09:59:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20849
IP address blocks:        194.153.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:5a:16:b6:c4:3c:2e:5f:dc:20:62:a0:df:77:31:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2f81b8c17f55dcdddec54c8cceadd695d28f07
        Validity
            Not Before: Mar  7 09:59:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3d55b5c1a534ac116bb6a355b3464d5b5dcead8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:03:81:61:57:b4:51:12:0d:7b:11:2d:ef:21:
                    aa:71:3d:e0:64:96:ab:91:f1:5a:d6:8b:1a:3e:5e:
                    be:99:f0:6c:40:08:23:9f:2d:ba:9a:7e:4c:f0:29:
                    7c:3d:c1:66:54:d5:0d:7c:11:5e:63:e0:45:19:38:
                    07:63:5c:eb:8c:77:70:fd:a4:23:dd:fb:d8:90:f5:
                    2e:20:78:05:71:70:17:25:19:b2:b3:82:23:e4:e1:
                    b6:0b:06:2a:16:f4:97:dd:f8:08:58:c5:eb:11:b0:
                    1c:c3:ee:80:85:6c:be:14:51:05:69:78:f4:ce:c5:
                    3f:1b:46:0e:87:43:07:32:05:9c:de:57:3a:8a:3e:
                    fe:90:25:86:61:ca:66:48:65:9f:71:75:ea:e6:e5:
                    cc:b3:b5:c2:db:17:0d:3a:aa:c1:26:01:13:bd:c6:
                    0c:ec:e8:de:c5:c9:10:a2:d5:71:b4:92:51:b2:41:
                    9e:a4:f4:ac:b8:15:1e:81:73:ff:44:a3:23:4b:7f:
                    ac:ee:eb:ab:d9:a0:10:12:10:7e:47:b7:6d:a2:7c:
                    12:5c:70:d6:1f:aa:f6:f9:fa:4c:e0:3a:cf:7f:7b:
                    1e:5c:27:5a:88:55:68:d2:7f:42:08:54:6e:b2:cf:
                    14:98:f1:0f:98:92:40:bd:07:98:e8:4a:d2:eb:bc:
                    b5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D5:5B:5C:1A:53:4A:C1:16:BB:6A:35:5B:34:64:D5:B5:DC:EA:D8
            X509v3 Authority Key Identifier:
                keyid:0D:2F:81:B8:C1:7F:55:DC:DD:DE:C5:4C:8C:CE:AD:D6:95:D2:8F:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/w9VbXBpTSsEWu2o1WzRk1bXc6tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:81:1a:fa:81:ac:71:0d:57:6a:c4:04:b4:5d:39:1e:d6:e1:
         ac:3c:c9:99:10:4e:54:af:2d:f4:8b:f1:9d:c2:98:82:8f:7f:
         06:e6:50:3b:13:d3:3c:dd:5b:55:50:ea:8f:0c:0c:a9:0c:60:
         28:cd:39:90:37:bf:79:3f:82:f8:44:4e:6a:24:ad:b7:a0:4d:
         64:c0:c9:61:11:24:17:97:ae:dc:12:f0:f4:53:d7:77:3c:ce:
         d3:88:9e:df:07:cd:7c:55:0b:7e:25:0c:ad:a4:43:03:1a:3d:
         9c:8e:d3:46:c6:a2:0e:cc:14:1c:65:cf:e7:a7:7e:4e:39:ca:
         b7:7b:79:79:26:97:b4:d9:da:52:ae:38:f8:50:d5:64:ba:5c:
         7b:87:63:de:3c:3b:b4:72:6f:ee:f1:87:f5:4a:d4:ae:8a:b5:
         2e:7e:9f:07:74:de:5b:4b:9d:62:ec:5e:73:e5:f6:13:ef:41:
         85:5a:51:3e:93:a7:5c:ad:96:aa:2d:01:14:88:b3:5d:1a:64:
         bb:2a:1c:f7:00:0b:bf:11:9d:31:36:2f:ca:94:7c:94:02:22:
         b3:71:76:cc:24:ae:f2:77:d4:e6:17:74:70:38:98:79:45:6c:
         e3:1e:8f:69:a6:da:dd:70:fb:83:f5:1e:f0:a1:44:55:a6:ec:
         e3:40:f1:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4YWha2xDwuX9wgYqDfdzF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMmY4MWI4YzE3ZjU1ZGNkZGRlYzU0YzhjY2VhZGQ2OTVk
MjhmMDcwHhcNMjQwMzA3MDk1OTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q1NWI1YzFhNTM0YWMxMTZiYjZhMzU1YjM0NjRkNWI1ZGNlYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigOBYVe0URINexEt7yGqcT3gZJar
kfFa1osaPl6+mfBsQAgjny26mn5M8Cl8PcFmVNUNfBFeY+BFGTgHY1zrjHdw/aQj
3fvYkPUuIHgFcXAXJRmys4Ij5OG2CwYqFvSX3fgIWMXrEbAcw+6AhWy+FFEFaXj0
zsU/G0YOh0MHMgWc3lc6ij7+kCWGYcpmSGWfcXXq5uXMs7XC2xcNOqrBJgETvcYM
7OjexckQotVxtJJRskGepPSsuBUegXP/RKMjS3+s7uur2aAQEhB+R7dtonwSXHDW
H6r2+fpM4DrPf3seXCdaiFVo0n9CCFRuss8UmPEPmJJAvQeY6ErS67y1IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPVW1waU0rBFrtqNVs0ZNW13OrYMB8GA1UdIwQY
MBaAFA0vgbjBf1Xc3d7FTIzOrdaV0o8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFMtQnVNRl9WZHpkM3NWTWpNNnQxcFhTandjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZjE5YTAtN2NiZi00MDc4LWE5ODct
NjhmMmZhMDAxZmE3LzEvdzlWYlhCcFRTc0VXdTJvMVd6UmsxYlhjNnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZjE5YTAtN2NiZi00MDc4LWE5ODctNjhmMmZhMDAxZmE3
LzEvRFMtQnVNRl9WZHpkM3NWTWpNNnQxcFhTandjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpmSMA0G
CSqGSIb3DQEBCwUAA4IBAQAXgRr6gaxxDVdqxAS0XTke1uGsPMmZEE5Ury30i/Gd
wpiCj38G5lA7E9M83VtVUOqPDAypDGAozTmQN795P4L4RE5qJK23oE1kwMlhESQX
l67cEvD0U9d3PM7TiJ7fB818VQt+JQytpEMDGj2cjtNGxqIOzBQcZc/np35OOcq3
e3l5Jpe02dpSrjj4UNVkulx7h2PePDu0cm/u8Yf1StSuirUufp8HdN5bS51i7F5z
5fYT70GFWlE+k6dcrZaqLQEUiLNdGmS7Khz3AAu/EZ0xNi/KlHyUAiKzcXbMJK7y
d9TmF3RwOJh5RWzjHo9pptrdcPuD9R7woURVpuzjQPHi
-----END CERTIFICATE-----
Generated at Wed Nov 27 04:51:09 2024 by rpki-client on console-ams.rpki-client.org