Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/PfuIQJWGnoXGniszOGoPQXpH8Cw.roa
File:                     PfuIQJWGnoXGniszOGoPQXpH8Cw.roa (raw, json)
Hash identifier:          HLrae4M2pNt3W33D6G4C8E1K2PZcSc3Mg/Q3RdLjONk=
Subject key identifier:   3D:FB:88:40:95:86:9E:85:C6:9E:2B:33:38:6A:0F:41:7A:47:F0:2C
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018CC94D87F4B61D79B9D57708DB64507432
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/PfuIQJWGnoXGniszOGoPQXpH8Cw.roa
Signing time:             Tue 02 Jan 2024 08:32:30 +0000
ROA not before:           Tue 02 Jan 2024 08:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42979
IP address blocks:        45.95.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:37:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:87:f4:b6:1d:79:b9:d5:77:08:db:64:50:74:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 08:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dfb884095869e85c69e2b33386a0f417a47f02c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:84:ca:df:58:5b:1a:67:93:65:16:09:2f:55:
                    ea:ba:d9:78:4d:6d:be:cb:c5:8d:f2:fa:31:d9:65:
                    4d:95:12:df:da:36:42:b4:20:bb:73:6b:b5:24:e1:
                    59:9f:07:b4:20:0c:66:12:1c:cb:28:dd:e4:93:90:
                    12:d8:1e:c6:ec:bc:69:18:2a:66:27:ae:bf:cb:dd:
                    2e:fc:fa:33:4e:6b:2d:66:b2:1c:f0:c2:30:dc:56:
                    09:de:b9:b2:06:ac:a0:9f:c8:a7:14:da:32:e8:53:
                    1b:2a:89:b3:fc:e4:b8:a3:cf:f6:3b:3b:60:ef:4e:
                    6d:e6:f5:cf:32:97:11:de:92:8e:bb:dc:88:d2:f3:
                    0f:ce:dc:73:4e:bf:54:1c:f7:99:ef:1a:37:48:f1:
                    ea:5e:0a:06:8f:bd:47:d8:82:73:87:c6:b3:95:cd:
                    27:68:e5:b1:60:e4:0f:c2:74:fd:33:5b:08:6c:cc:
                    ad:8f:4e:77:8b:da:87:22:71:01:1a:5d:22:5a:ca:
                    ee:43:94:b7:7e:fb:52:67:92:e3:b2:de:0a:47:4c:
                    c4:9e:57:7b:5b:c5:b8:99:74:9c:f0:c4:45:40:2b:
                    1a:8a:ef:64:b0:0d:28:27:3c:06:2e:ec:a0:f5:2d:
                    76:fa:34:7b:47:e6:0e:7b:cd:34:1c:2f:d5:8a:de:
                    2f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:FB:88:40:95:86:9E:85:C6:9E:2B:33:38:6A:0F:41:7A:47:F0:2C
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/PfuIQJWGnoXGniszOGoPQXpH8Cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:b9:59:7a:56:60:cc:d6:50:19:ef:7d:7b:bb:8c:8f:fc:4d:
         ce:f4:bb:29:e4:3d:4d:df:7f:60:2c:a9:e8:67:13:17:4c:52:
         da:73:8d:49:97:08:5b:41:a7:12:29:c1:39:c2:d1:19:4f:ef:
         17:35:71:95:8b:3b:3b:a5:a2:fa:c4:9c:f7:e7:75:ab:21:5d:
         c6:58:11:87:19:5f:61:1f:6c:63:33:58:16:b6:99:16:0a:ab:
         46:e7:2b:3f:89:92:8e:e4:5f:e0:7a:4e:31:3d:b8:6b:6a:1e:
         59:36:98:f6:c9:5d:2f:8c:cf:63:a8:f0:d6:e7:35:7a:30:d1:
         75:45:7f:7e:42:69:a8:2f:28:ee:c7:7f:07:4d:bc:97:16:c2:
         5d:e5:35:b3:0b:ac:fc:b9:0c:f3:15:1c:34:aa:e0:b6:f0:78:
         68:e9:54:78:24:22:31:8e:4f:f5:10:51:f2:06:d1:8a:9c:5c:
         ef:c5:ce:c8:5b:5d:80:af:34:48:80:b8:92:a5:2d:2f:50:05:
         36:e7:90:85:3b:6f:76:e8:3b:90:a8:37:2c:6d:57:98:db:8d:
         16:44:31:67:50:fe:ac:fd:2b:4d:41:37:f1:bf:f7:b4:fc:e3:
         16:cd:8a:b1:a6:00:2d:4e:bf:1e:44:10:0c:68:d1:78:81:52:
         eb:24:c3:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYf0th15udV3CNtkUHQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwMTAyMDgzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGZiODg0MDk1ODY5ZTg1YzY5ZTJiMzMzODZhMGY0MTdhNDdmMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYTK31hbGmeTZRYJL1Xqutl4TW2+
y8WN8vox2WVNlRLf2jZCtCC7c2u1JOFZnwe0IAxmEhzLKN3kk5AS2B7G7LxpGCpm
J66/y90u/PozTmstZrIc8MIw3FYJ3rmyBqygn8inFNoy6FMbKomz/OS4o8/2Oztg
705t5vXPMpcR3pKOu9yI0vMPztxzTr9UHPeZ7xo3SPHqXgoGj71H2IJzh8azlc0n
aOWxYOQPwnT9M1sIbMytj053i9qHInEBGl0iWsruQ5S3fvtSZ5Ljst4KR0zEnld7
W8W4mXSc8MRFQCsaiu9ksA0oJzwGLuyg9S12+jR7R+YOe800HC/Vit4vHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD37iECVhp6Fxp4rMzhqD0F6R/AsMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvUGZ1SVFKV0dub1hHbmlzek9Hb1BRWHBIOEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8hMA0G
CSqGSIb3DQEBCwUAA4IBAQCyuVl6VmDM1lAZ7317u4yP/E3O9Lsp5D1N339gLKno
ZxMXTFLac41JlwhbQacSKcE5wtEZT+8XNXGVizs7paL6xJz353WrIV3GWBGHGV9h
H2xjM1gWtpkWCqtG5ys/iZKO5F/gek4xPbhrah5ZNpj2yV0vjM9jqPDW5zV6MNF1
RX9+QmmoLyjux38HTbyXFsJd5TWzC6z8uQzzFRw0quC28Hho6VR4JCIxjk/1EFHy
BtGKnFzvxc7IW12ArzRIgLiSpS0vUAU255CFO2926DuQqDcsbVeY240WRDFnUP6s
/StNQTfxv/e0/OMWzYqxpgAtTr8eRBAMaNF4gVLrJMNj
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:22:27 2024 by rpki-client on console-ams.rpki-client.org