Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/K2tdIcH_ekrMm4Ec_8si4CleUUY.roa
File:                     K2tdIcH_ekrMm4Ec_8si4CleUUY.roa (raw, json)
Hash identifier:          VfmLMwvlcywlS4pxRsjRVsMGCDeeXQzyvv0DnM9RBMU=
Subject key identifier:   2B:6B:5D:21:C1:FF:7A:4A:CC:9B:81:1C:FF:CB:22:E0:29:5E:51:46
Certificate issuer:       /CN=8c36ad879c645aee98ac4a89fc800b9a974e941f
Certificate serial:       018EE1D094E5F47284C40122A6A43C543911
Authority key identifier: 8C:36:AD:87:9C:64:5A:EE:98:AC:4A:89:FC:80:0B:9A:97:4E:94:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/K2tdIcH_ekrMm4Ec_8si4CleUUY.roa
Signing time:             Mon 15 Apr 2024 12:52:06 +0000
ROA not before:           Mon 15 Apr 2024 12:52:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204710
IP address blocks:        2a09:2280:61::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:d0:94:e5:f4:72:84:c4:01:22:a6:a4:3c:54:39:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c36ad879c645aee98ac4a89fc800b9a974e941f
        Validity
            Not Before: Apr 15 12:52:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b6b5d21c1ff7a4acc9b811cffcb22e0295e5146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9a:38:bc:16:bf:b9:98:8e:2c:bf:f4:d4:c1:
                    2c:bd:77:1a:02:b2:9f:62:56:f8:10:7c:1c:f3:f1:
                    70:21:82:60:6f:79:9f:47:6a:06:bd:8d:e4:70:78:
                    b8:5f:50:40:25:a0:f6:f0:42:d6:ae:5f:b3:f4:48:
                    3e:ba:35:e1:1a:e2:e1:80:7a:5e:36:9e:44:35:fd:
                    1f:2b:90:64:d3:60:b0:69:9f:30:bd:09:6d:59:1c:
                    0b:e3:55:be:e8:94:d9:d3:88:a9:fc:94:ec:37:c4:
                    cc:76:a0:e4:8b:bb:c4:ce:1c:f9:4c:f2:35:75:07:
                    58:63:99:b5:51:88:18:25:b7:07:82:a0:6f:5c:95:
                    2c:08:59:d4:71:29:41:d9:cc:34:d4:45:f8:28:94:
                    b7:0d:6c:c7:f4:d3:ba:3a:ea:b2:d8:ad:cf:dc:fb:
                    ca:b7:d8:48:7e:4d:22:5e:42:e8:20:7a:01:5d:fc:
                    f4:33:2c:bb:8b:3b:a0:a2:e6:8e:23:f2:5f:51:b2:
                    51:54:67:de:9e:aa:b7:c9:4a:ae:c8:14:db:13:6e:
                    b2:95:af:7d:2b:61:8f:62:ea:77:85:28:6f:4d:f9:
                    6b:03:1c:b8:6d:87:cb:21:1e:97:6c:63:a5:af:b5:
                    ca:d5:a8:4b:ef:8c:2f:49:7b:89:6a:d3:13:4f:04:
                    d0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6B:5D:21:C1:FF:7A:4A:CC:9B:81:1C:FF:CB:22:E0:29:5E:51:46
            X509v3 Authority Key Identifier:
                keyid:8C:36:AD:87:9C:64:5A:EE:98:AC:4A:89:FC:80:0B:9A:97:4E:94:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/K2tdIcH_ekrMm4Ec_8si4CleUUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:2280:61::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:3d:6c:04:01:27:dc:62:12:c8:d9:46:62:55:93:7b:41:8b:
         ee:0e:73:9c:43:af:c5:54:38:a3:d7:93:c3:c2:6f:5c:bb:0a:
         23:a2:27:d3:51:b7:ea:bc:ec:79:18:5b:bd:c1:b4:17:2b:5a:
         18:59:53:7d:88:f9:7f:0d:75:55:22:e1:f2:36:bf:78:f2:2e:
         3c:90:a9:e2:8e:5e:7f:29:dd:6c:40:da:66:a1:99:d9:bc:d4:
         98:1b:37:b3:27:34:2e:d0:2f:5e:04:e5:a2:89:06:3a:c2:70:
         26:f9:25:2c:7f:3c:6e:c8:dc:37:67:d2:0c:99:ee:3a:a1:50:
         5c:21:13:19:23:bf:ec:e9:ed:87:af:dc:1e:5a:6e:e5:49:63:
         1e:fc:4e:6a:c3:cc:30:8e:30:93:09:7a:38:21:f6:38:a1:20:
         7a:0e:75:77:10:62:3f:fe:b4:eb:5d:84:82:b4:02:46:00:60:
         2a:06:8f:3e:ce:d2:60:68:7b:2c:1a:93:6e:51:3d:ff:c4:32:
         fb:82:11:f0:f9:a1:21:64:fd:19:62:58:ae:43:61:7d:b1:2a:
         37:d7:84:d4:5f:6b:fc:00:86:86:5a:0e:99:ce:d2:3e:1b:3a:
         7e:f9:fd:21:18:ac:ea:6c:e7:39:2d:f8:4b:c4:0c:21:e9:f6:
         37:cb:a1:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7h0JTl9HKExAEipqQ8VDkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMzZhZDg3OWM2NDVhZWU5OGFjNGE4OWZjODAwYjlhOTc0
ZTk0MWYwHhcNMjQwNDE1MTI1MjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjZiNWQyMWMxZmY3YTRhY2M5YjgxMWNmZmNiMjJlMDI5NWU1MTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJo4vBa/uZiOLL/01MEsvXcaArKf
Ylb4EHwc8/FwIYJgb3mfR2oGvY3kcHi4X1BAJaD28ELWrl+z9Eg+ujXhGuLhgHpe
Np5ENf0fK5Bk02CwaZ8wvQltWRwL41W+6JTZ04ip/JTsN8TMdqDki7vEzhz5TPI1
dQdYY5m1UYgYJbcHgqBvXJUsCFnUcSlB2cw01EX4KJS3DWzH9NO6Ouqy2K3P3PvK
t9hIfk0iXkLoIHoBXfz0Myy7izugouaOI/JfUbJRVGfenqq3yUquyBTbE26yla99
K2GPYup3hShvTflrAxy4bYfLIR6XbGOlr7XK1ahL74wvSXuJatMTTwTQxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCtrXSHB/3pKzJuBHP/LIuApXlFGMB8GA1UdIwQY
MBaAFIw2rYecZFrumKxKifyAC5qXTpQfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakRhdGg1eGtXdTZZckVxSl9JQUxtcGRPbEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjYzYTMtNjg0ZS00Nzc5LTg4Yjkt
MTRlNmVjMDIwYmZhLzEvSzJ0ZEljSF9la3JNbTRFY184c2k0Q2xlVVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjYzYTMtNjg0ZS00Nzc5LTg4YjktMTRlNmVjMDIwYmZh
LzEvakRhdGg1eGtXdTZZckVxSl9JQUxtcGRPbEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkigABh
MA0GCSqGSIb3DQEBCwUAA4IBAQApPWwEASfcYhLI2UZiVZN7QYvuDnOcQ6/FVDij
15PDwm9cuwojoifTUbfqvOx5GFu9wbQXK1oYWVN9iPl/DXVVIuHyNr948i48kKni
jl5/Kd1sQNpmoZnZvNSYGzezJzQu0C9eBOWiiQY6wnAm+SUsfzxuyNw3Z9IMme46
oVBcIRMZI7/s6e2Hr9weWm7lSWMe/E5qw8wwjjCTCXo4IfY4oSB6DnV3EGI//rTr
XYSCtAJGAGAqBo8+ztJgaHssGpNuUT3/xDL7ghHw+aEhZP0ZYliuQ2F9sSo314TU
X2v8AIaGWg6ZztI+Gzp++f0hGKzqbOc5LfhLxAwh6fY3y6H0
-----END CERTIFICATE-----