Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/u1nzbmJlHanwi550hpGS3Ome9L0.roa
File:                     u1nzbmJlHanwi550hpGS3Ome9L0.roa (raw, json)
Hash identifier:          XMajDyqBCKkX9KuBNec3ZveKETO74oJnseFatDGN770=
Subject key identifier:   BB:59:F3:6E:62:65:1D:A9:F0:8B:9E:74:86:91:92:DC:E9:9E:F4:BD
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018CC94D88D07E70476514F70F1EFA0DCBE9
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/u1nzbmJlHanwi550hpGS3Ome9L0.roa
Signing time:             Tue 02 Jan 2024 08:32:30 +0000
ROA not before:           Tue 02 Jan 2024 08:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        45.95.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:88:d0:7e:70:47:65:14:f7:0f:1e:fa:0d:cb:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 08:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb59f36e62651da9f08b9e74869192dce99ef4bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:48:1e:14:9d:75:be:ed:5e:ca:a3:97:35:8a:
                    46:d3:fe:c3:94:09:39:42:c0:ca:48:06:90:a0:63:
                    b3:0c:8e:8b:98:b6:ff:9e:39:b6:9f:e0:21:fa:8d:
                    05:40:3e:b4:f5:4a:13:95:28:e7:59:bd:dd:23:b0:
                    0a:cc:27:ec:b6:6b:e8:b1:cf:ed:16:e7:da:be:56:
                    34:d3:d8:77:a9:ea:9d:38:4f:92:37:8c:ff:5e:44:
                    99:9a:ce:7d:7c:e5:93:35:c0:c4:93:7d:55:bb:43:
                    8a:02:b2:e4:c0:b5:83:08:83:7c:ea:87:2f:58:07:
                    c4:ac:53:6d:07:82:e9:e2:23:7a:7e:a9:c9:96:ed:
                    03:07:6a:f4:08:2b:f6:3c:a8:5e:9f:af:66:ac:f2:
                    72:e5:36:10:f0:fc:7c:a7:22:57:fd:ca:b0:f6:09:
                    aa:a5:35:9e:c9:31:9d:5d:b7:49:85:eb:4b:b8:7c:
                    cd:60:83:a5:1c:97:58:ba:f2:56:4d:49:41:03:0e:
                    43:4c:6d:ea:98:ef:60:17:75:ad:af:70:8e:d1:6d:
                    03:65:93:e5:1c:16:8a:51:0d:12:9f:15:57:a2:a9:
                    a8:d3:6b:42:04:8f:fb:f0:83:d1:bf:f9:b4:3e:f0:
                    fd:46:58:2e:c6:09:b0:8e:02:95:63:e2:e3:18:3e:
                    3c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:59:F3:6E:62:65:1D:A9:F0:8B:9E:74:86:91:92:DC:E9:9E:F4:BD
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/u1nzbmJlHanwi550hpGS3Ome9L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:39:b0:d0:b0:6a:d7:90:05:7c:27:78:eb:72:14:60:8d:f6:
         2f:ba:ea:32:8b:74:ad:7d:a4:41:fc:95:63:5a:83:c4:65:93:
         32:5d:34:a3:87:f1:da:01:62:2d:7e:56:a7:5b:b7:8a:c4:98:
         e1:d6:b2:0f:2c:a4:22:80:5b:9c:f6:d0:6b:4d:dd:64:7e:b5:
         66:48:dd:33:c5:51:ed:b6:15:e0:4e:b7:53:03:4d:bd:e7:47:
         31:1f:48:f2:96:f0:89:8f:b2:28:b2:1b:b1:b8:4d:f0:b3:95:
         9f:a0:fe:93:94:8d:a3:19:ba:1c:0f:ae:32:85:96:aa:94:05:
         77:18:7a:af:25:af:46:c9:1d:8a:82:a2:81:04:29:d1:f2:d1:
         67:64:2d:21:02:fd:a2:21:74:cb:01:5a:5e:ab:bb:cf:47:fe:
         15:32:66:67:17:f8:66:03:70:00:e8:fb:2f:66:64:ec:00:fa:
         1f:70:16:57:23:4d:ea:c9:e9:c0:56:c3:fe:b2:1f:a7:45:43:
         65:20:29:a6:13:1f:37:d0:c7:60:68:1d:d4:47:78:88:33:d8:
         10:be:21:03:7d:30:9a:d5:b4:e8:0f:84:c3:0a:4f:bf:84:c2:
         a7:01:6c:19:47:2e:34:91:47:79:d6:2b:b1:88:ae:01:7b:02:
         bd:57:7d:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYjQfnBHZRT3Dx76DcvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwMTAyMDgzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjU5ZjM2ZTYyNjUxZGE5ZjA4YjllNzQ4NjkxOTJkY2U5OWVmNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEgeFJ11vu1eyqOXNYpG0/7DlAk5
QsDKSAaQoGOzDI6LmLb/njm2n+Ah+o0FQD609UoTlSjnWb3dI7AKzCfstmvosc/t
FufavlY009h3qeqdOE+SN4z/XkSZms59fOWTNcDEk31Vu0OKArLkwLWDCIN86ocv
WAfErFNtB4Lp4iN6fqnJlu0DB2r0CCv2PKhen69mrPJy5TYQ8Px8pyJX/cqw9gmq
pTWeyTGdXbdJhetLuHzNYIOlHJdYuvJWTUlBAw5DTG3qmO9gF3Wtr3CO0W0DZZPl
HBaKUQ0SnxVXoqmo02tCBI/78IPRv/m0PvD9RlguxgmwjgKVY+LjGD48rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtZ825iZR2p8IuedIaRktzpnvS9MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvdTFuemJtSmxIYW53aTU1MGhwR1MzT21lOUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8jMA0G
CSqGSIb3DQEBCwUAA4IBAQB5ObDQsGrXkAV8J3jrchRgjfYvuuoyi3StfaRB/JVj
WoPEZZMyXTSjh/HaAWItflanW7eKxJjh1rIPLKQigFuc9tBrTd1kfrVmSN0zxVHt
thXgTrdTA02950cxH0jylvCJj7IoshuxuE3ws5WfoP6TlI2jGbocD64yhZaqlAV3
GHqvJa9GyR2KgqKBBCnR8tFnZC0hAv2iIXTLAVpeq7vPR/4VMmZnF/hmA3AA6Psv
ZmTsAPofcBZXI03qyenAVsP+sh+nRUNlICmmEx830MdgaB3UR3iIM9gQviEDfTCa
1bToD4TDCk+/hMKnAWwZRy40kUd51iuxiK4BewK9V30B
-----END CERTIFICATE-----
Generated at Fri May 17 07:38:33 2024 by rpki-client on console-ams.rpki-client.org