Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8KK2bVrwOz5QjayjpcCPMbGvNXI.roa
File:                     8KK2bVrwOz5QjayjpcCPMbGvNXI.roa (raw, json)
Hash identifier:          wS/OrOYhu0IdkxZfmrs17kPeAyZd4nz+gOLzfr45WaA=
Subject key identifier:   F0:A2:B6:6D:5A:F0:3B:3E:50:8D:AC:A3:A5:C0:8F:31:B1:AF:35:72
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       018D8EF4AA6FEAF49BBEE2E992F80EF996FB
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8KK2bVrwOz5QjayjpcCPMbGvNXI.roa
Signing time:             Fri 09 Feb 2024 17:40:15 +0000
ROA not before:           Fri 09 Feb 2024 17:40:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a09:9441::/32 maxlen: 32
                          2a11:3c44::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:f4:aa:6f:ea:f4:9b:be:e2:e9:92:f8:0e:f9:96:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Feb  9 17:40:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0a2b66d5af03b3e508daca3a5c08f31b1af3572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f6:d8:c4:f8:82:d3:9f:46:4b:68:e2:6a:dd:
                    7e:da:cf:a9:14:a0:d3:6a:d9:39:11:71:bf:f2:ae:
                    9a:be:0f:b9:03:fd:64:bc:f4:64:ef:82:01:47:97:
                    94:f8:20:18:ab:65:55:c6:0b:9e:c4:a8:5b:50:aa:
                    91:d2:8d:ee:57:76:55:31:b7:57:1b:32:a9:18:13:
                    ab:e8:20:e3:83:3e:e1:eb:73:f6:6a:cf:63:40:8b:
                    9b:8b:00:b6:c2:34:43:42:3c:65:66:da:63:40:7f:
                    0c:a4:f8:f6:d2:0e:d4:fe:74:80:4a:04:a8:73:78:
                    ac:03:1d:64:93:a1:a3:e7:a5:41:79:59:7e:f4:02:
                    9f:23:cc:6d:8e:3d:3d:39:25:30:07:fb:83:78:58:
                    bf:10:0f:64:b6:1e:cb:dc:1e:de:b0:2f:73:84:94:
                    6b:e5:d3:ba:12:cc:82:25:fa:59:22:0b:ba:61:a8:
                    73:70:5d:64:7f:94:fa:6f:a0:06:bf:e7:c3:6f:8d:
                    21:14:08:3c:a9:42:7e:5a:95:57:d7:1b:6a:06:7e:
                    a4:db:6a:9f:59:da:ed:25:e4:7f:4f:78:66:56:04:
                    21:e8:3f:21:19:d4:2b:2c:11:2f:b4:b6:d6:4e:81:
                    24:e4:d0:b6:ba:46:43:7b:40:1c:dd:06:81:87:b2:
                    01:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A2:B6:6D:5A:F0:3B:3E:50:8D:AC:A3:A5:C0:8F:31:B1:AF:35:72
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8KK2bVrwOz5QjayjpcCPMbGvNXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:9441::/32
                  2a11:3c44::/32

    Signature Algorithm: sha256WithRSAEncryption
         cb:bb:22:f6:bb:ef:8b:bd:b5:5c:42:75:c2:76:74:ab:85:26:
         2c:f5:81:2a:18:4b:1b:c0:76:62:c1:55:ad:65:22:af:8d:2a:
         22:28:e6:80:05:46:a0:4c:73:b8:98:54:75:e2:9b:46:c9:30:
         5f:a1:b4:7b:03:16:e3:89:d2:30:65:30:6b:a8:2d:85:74:58:
         05:cb:d5:6c:7d:7b:d9:1a:26:48:3e:29:51:45:a4:ab:8c:aa:
         c1:8f:ec:7a:ff:a6:2a:b3:a8:67:2e:53:01:bf:32:ac:86:bb:
         4a:4a:21:a1:71:b0:6d:fd:2c:d3:f8:36:b8:ac:10:60:8f:a9:
         9b:1f:ae:dd:a8:5a:a3:f8:17:3e:36:f8:4f:64:8f:bd:60:d6:
         07:01:5a:8f:51:50:12:11:11:90:dd:a3:77:4a:a3:57:07:05:
         7b:e0:cb:aa:0d:30:4d:fe:14:98:14:5d:e8:f6:72:51:ab:49:
         7e:13:9a:9b:eb:af:f3:7a:b6:bb:b2:90:e1:02:2c:4c:00:b0:
         fc:0f:e9:73:5a:66:e3:f7:f9:fa:5a:91:82:a3:69:7b:ab:55:
         47:0f:40:35:4c:85:e7:7e:3c:ea:6a:7b:0a:0d:e5:16:b6:cb:
         7b:7b:19:93:f4:12:c4:7a:d0:8e:1b:09:7c:4a:dd:f1:aa:cf:
         64:6a:f3:bf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY2O9Kpv6vSbvuLpkvgO+Zb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMjA5MTc0MDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGEyYjY2ZDVhZjAzYjNlNTA4ZGFjYTNhNWMwOGYzMWIxYWYzNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/bYxPiC059GS2jiat1+2s+pFKDT
atk5EXG/8q6avg+5A/1kvPRk74IBR5eU+CAYq2VVxguexKhbUKqR0o3uV3ZVMbdX
GzKpGBOr6CDjgz7h63P2as9jQIubiwC2wjRDQjxlZtpjQH8MpPj20g7U/nSASgSo
c3isAx1kk6Gj56VBeVl+9AKfI8xtjj09OSUwB/uDeFi/EA9kth7L3B7esC9zhJRr
5dO6EsyCJfpZIgu6YahzcF1kf5T6b6AGv+fDb40hFAg8qUJ+WpVX1xtqBn6k22qf
WdrtJeR/T3hmVgQh6D8hGdQrLBEvtLbWToEk5NC2ukZDe0Ac3QaBh7IBEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPCitm1a8Ds+UI2so6XAjzGxrzVyMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvOEtLMmJWcndPejVRamF5anBjQ1BNYkd2TlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgmUQQMF
ACoRPEQwDQYJKoZIhvcNAQELBQADggEBAMu7Iva774u9tVxCdcJ2dKuFJiz1gSoY
SxvAdmLBVa1lIq+NKiIo5oAFRqBMc7iYVHXim0bJMF+htHsDFuOJ0jBlMGuoLYV0
WAXL1Wx9e9kaJkg+KVFFpKuMqsGP7Hr/piqzqGcuUwG/MqyGu0pKIaFxsG39LNP4
NrisEGCPqZsfrt2oWqP4Fz42+E9kj71g1gcBWo9RUBIREZDdo3dKo1cHBXvgy6oN
ME3+FJgUXej2clGrSX4Tmpvrr/N6truykOECLEwAsPwP6XNaZuP3+fpakYKjaXur
VUcPQDVMhed+POpqewoN5Ra2y3t7GZP0EsR60I4bCXxK3fGqz2Rq878=
-----END CERTIFICATE-----