Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/3jTE4dpWGnmN8HGS5QVlUAF50fo.roa
File:                     3jTE4dpWGnmN8HGS5QVlUAF50fo.roa (raw, json)
Hash identifier:          sLyb9aLw8DtAkjmeKgQdQtlJlnsk+r/HhR41SscLYHQ=
Subject key identifier:   DE:34:C4:E1:DA:56:1A:79:8D:F0:71:92:E5:05:65:50:01:79:D1:FA
Certificate issuer:       /CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
Certificate serial:       019190DE71009D0FE849AB487ADA4811E130
Authority key identifier: 7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/3jTE4dpWGnmN8HGS5QVlUAF50fo.roa
Signing time:             Mon 26 Aug 2024 22:46:22 +0000
ROA not before:           Mon 26 Aug 2024 22:46:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141968
IP address blocks:        45.158.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:90:de:71:00:9d:0f:e8:49:ab:48:7a:da:48:11:e1:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
        Validity
            Not Before: Aug 26 22:46:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de34c4e1da561a798df07192e50565500179d1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1f:53:a3:e9:b9:ee:59:a9:ff:f4:44:6c:ff:
                    11:19:6f:80:73:d1:13:4a:74:2d:64:24:9a:68:be:
                    02:40:f2:ed:34:a3:d8:4a:ec:f9:4c:b9:f1:b3:c8:
                    a2:09:c1:8e:66:76:f1:03:30:c2:cc:fb:6d:e2:ab:
                    d9:c3:f5:55:d0:fb:9a:c4:2f:b9:e9:9e:7f:7b:67:
                    11:90:dd:f3:52:a7:aa:70:85:80:84:f9:45:34:8c:
                    d7:30:18:64:79:16:5f:77:87:67:d6:be:5c:da:9e:
                    15:7c:3a:6b:81:09:e9:6b:a4:13:c3:10:08:1d:59:
                    17:79:5d:3e:06:5c:fc:5a:2b:89:c5:af:fa:d9:3b:
                    fd:40:de:64:bf:22:28:f0:86:57:d0:15:db:8f:45:
                    ce:a7:33:c9:6a:72:ab:86:57:08:1a:95:20:5a:8e:
                    c5:cd:d9:dc:23:64:f2:13:98:ea:95:4e:5e:fa:6b:
                    c2:b4:cb:ba:82:f8:a9:f2:ad:1f:f8:68:33:bd:36:
                    5c:9c:93:10:9e:07:ad:fa:c2:2a:b7:b4:cd:6c:e4:
                    cf:a8:a8:b2:0d:c9:15:37:b3:9a:75:6f:ef:82:ff:
                    78:9b:ad:ed:83:8d:a3:9c:a1:d3:a7:1c:32:cd:3f:
                    c2:31:21:1b:f6:0c:6d:f0:76:71:22:b2:11:92:82:
                    1f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:34:C4:E1:DA:56:1A:79:8D:F0:71:92:E5:05:65:50:01:79:D1:FA
            X509v3 Authority Key Identifier:
                keyid:7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/3jTE4dpWGnmN8HGS5QVlUAF50fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:fc:ac:8b:eb:e0:1c:58:cd:3d:28:8c:e5:bb:b1:c8:52:f6:
         1d:fb:4c:9f:8d:17:33:69:6f:13:01:14:a4:fd:74:41:d6:ce:
         51:94:c4:c1:3b:82:3b:8d:9b:27:50:2e:a1:5a:1c:bc:c4:18:
         12:46:79:a2:7c:29:42:67:03:8d:2d:a1:63:c7:c1:b7:91:86:
         1f:56:68:f4:5d:6a:43:a6:ae:23:1b:3a:d9:a9:99:c2:69:da:
         c4:db:d0:0d:eb:fa:ae:c3:85:89:79:f9:6e:d3:4c:cd:7d:cd:
         2c:7a:9e:54:70:0b:3b:21:45:3a:99:db:8c:dc:0a:91:bc:57:
         39:e0:7c:14:94:50:38:43:de:64:10:9d:42:09:35:c2:43:69:
         94:43:4b:c3:ca:c9:0a:34:8d:d6:1f:f1:1a:0f:7e:33:1a:9b:
         4a:77:d3:4f:06:95:54:21:a7:53:5c:8d:69:3b:51:ef:8b:97:
         ab:54:39:28:69:05:6f:95:3e:32:48:2e:b3:74:ff:bd:d6:87:
         01:80:a7:53:78:8a:de:3b:dc:40:ad:28:21:bb:66:9d:5b:ab:
         b8:6f:d8:e3:71:22:8e:6d:00:4a:ad:14:61:29:62:cb:15:0e:
         4d:ce:b7:e4:2d:0f:a6:8a:05:e6:19:ef:49:00:9e:9c:17:3e:
         2d:e6:72:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGQ3nEAnQ/oSatIetpIEeEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTE1ZWFkMDk1ZWVkOWFjNGNhYmM1YWI0YWQwYjU4Njdk
OWYwMWIwHhcNMjQwODI2MjI0NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTM0YzRlMWRhNTYxYTc5OGRmMDcxOTJlNTA1NjU1MDAxNzlkMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2x9To+m57lmp//REbP8RGW+Ac9ET
SnQtZCSaaL4CQPLtNKPYSuz5TLnxs8iiCcGOZnbxAzDCzPtt4qvZw/VV0PuaxC+5
6Z5/e2cRkN3zUqeqcIWAhPlFNIzXMBhkeRZfd4dn1r5c2p4VfDprgQnpa6QTwxAI
HVkXeV0+Blz8WiuJxa/62Tv9QN5kvyIo8IZX0BXbj0XOpzPJanKrhlcIGpUgWo7F
zdncI2TyE5jqlU5e+mvCtMu6gvip8q0f+GgzvTZcnJMQnget+sIqt7TNbOTPqKiy
DckVN7OadW/vgv94m63tg42jnKHTpxwyzT/CMSEb9gxt8HZxIrIRkoIfJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN40xOHaVhp5jfBxkuUFZVABedH6MB8GA1UdIwQY
MBaAFH9RXq0JXu2axMq8WrStC1hn2fAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgt
ZjBhNjI0ZDQwOTEyLzEvM2pURTRkcFdHbm1OOEhHUzVRVmxVQUY1MGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgtZjBhNjI0ZDQwOTEy
LzEvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ5+MA0G
CSqGSIb3DQEBCwUAA4IBAQAT/KyL6+AcWM09KIzlu7HIUvYd+0yfjRczaW8TARSk
/XRB1s5RlMTBO4I7jZsnUC6hWhy8xBgSRnmifClCZwONLaFjx8G3kYYfVmj0XWpD
pq4jGzrZqZnCadrE29AN6/quw4WJeflu00zNfc0sep5UcAs7IUU6mduM3AqRvFc5
4HwUlFA4Q95kEJ1CCTXCQ2mUQ0vDyskKNI3WH/EaD34zGptKd9NPBpVUIadTXI1p
O1Hvi5erVDkoaQVvlT4ySC6zdP+91ocBgKdTeIreO9xArSghu2adW6u4b9jjcSKO
bQBKrRRhKWLLFQ5NzrfkLQ+migXmGe9JAJ6cFz4t5nIs
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:59:56 2024 by rpki-client on console-fra.rpki-client.org