Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/8JaLZA3F1sIdCjq2zuhgvIbNas4.roa
File:                     8JaLZA3F1sIdCjq2zuhgvIbNas4.roa (raw, json)
Hash identifier:          nIlHEm3/1UqyYryy2poa8fWFch1iD5GWErLtgJwc5t4=
Subject key identifier:   F0:96:8B:64:0D:C5:D6:C2:1D:0A:3A:B6:CE:E8:60:BC:86:CD:6A:CE
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D39EBBC3438CA61F29B2F94238C14
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/8JaLZA3F1sIdCjq2zuhgvIbNas4.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209837
IP address blocks:        2a0e:aa07:e03e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:39:eb:bc:34:38:ca:61:f2:9b:2f:94:23:8c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0968b640dc5d6c21d0a3ab6cee860bc86cd6ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ea:49:c7:8e:c2:65:03:7f:90:a0:f0:b2:70:
                    a4:0e:67:3f:57:c6:08:fd:ea:0c:1b:0e:97:d2:1f:
                    f8:de:78:fd:cd:6e:dd:3b:1a:d3:9f:29:73:2c:76:
                    7b:52:3c:ca:ca:23:f3:53:de:44:1e:7c:ea:a9:4a:
                    0f:93:2b:a3:87:b2:e1:56:40:57:10:d5:1a:b8:25:
                    4f:28:c3:65:8c:8f:6b:a5:45:46:02:66:8d:23:b3:
                    a6:d7:91:f2:d4:7e:ba:52:c8:c2:42:5f:81:0c:dc:
                    4b:88:4b:b5:83:a5:2d:b7:49:5f:59:48:3c:4e:c8:
                    5e:46:e7:be:7f:4a:9e:4d:0a:33:d9:2f:a8:86:18:
                    ca:9d:80:9c:e1:4a:3f:89:08:c3:6a:d7:3d:64:c9:
                    f7:17:b1:0f:f5:ac:71:a3:04:e8:78:32:8d:9c:99:
                    5c:37:ba:fd:d7:8b:d7:07:4d:3f:3b:31:13:ef:ff:
                    4e:55:f9:d2:2d:b0:95:84:b9:c8:7e:a1:e6:0e:3d:
                    98:a4:a6:27:06:09:33:b5:26:4e:ba:6e:59:b9:15:
                    aa:82:83:a6:dc:53:8a:41:6c:55:3d:67:70:8f:62:
                    73:fb:0b:ae:88:92:d4:f4:a2:81:4c:b9:62:dc:42:
                    8b:40:e1:ff:ef:1d:40:01:ba:54:a8:19:e0:e0:0e:
                    0f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:96:8B:64:0D:C5:D6:C2:1D:0A:3A:B6:CE:E8:60:BC:86:CD:6A:CE
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/8JaLZA3F1sIdCjq2zuhgvIbNas4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e03e::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:95:ef:63:42:87:f8:79:b6:36:5a:c4:77:5c:5a:89:d1:ae:
         8e:5a:7d:19:83:b2:42:d9:ba:04:1d:d7:7a:e2:ba:13:20:26:
         ca:98:dc:5d:c9:e3:49:f9:49:23:52:2f:ce:a6:1a:3a:81:d5:
         46:cf:5f:bf:60:f5:05:c3:cb:de:27:ed:99:16:0c:f7:f3:07:
         7d:cd:0b:4d:8d:10:68:c1:f0:43:0d:40:ec:4d:49:64:82:03:
         85:26:0d:4b:31:80:ba:91:07:3e:ca:bd:77:79:41:2f:e5:dd:
         ad:42:8f:05:c0:3b:57:5f:8e:3f:61:bb:35:78:d5:88:93:77:
         c4:ca:a8:ac:b3:3a:75:55:ad:6a:3d:d7:17:68:cb:d5:ba:4f:
         b8:ae:63:a7:3d:50:23:dd:1b:7d:23:41:39:ab:4d:e9:3b:8e:
         4d:cd:56:7f:f3:59:03:36:94:05:5f:14:98:5c:61:b2:09:d7:
         ad:0e:d0:5a:fe:74:89:e7:28:99:36:94:5c:ee:a7:5e:37:d2:
         50:79:2d:be:73:22:29:95:67:f3:1b:e5:b7:02:bf:8a:1e:8e:
         e4:82:00:a3:c1:be:91:5c:d6:94:86:9d:eb:6a:c2:27:7a:4a:
         ac:4a:30:06:ad:c2:9b:cb:e6:7d:22:70:2e:55:7f:57:b8:b1:
         e7:21:ba:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTnrvDQ4ymHymy+UI4wUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDk2OGI2NDBkYzVkNmMyMWQwYTNhYjZjZWU4NjBiYzg2Y2Q2YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+pJx47CZQN/kKDwsnCkDmc/V8YI
/eoMGw6X0h/43nj9zW7dOxrTnylzLHZ7UjzKyiPzU95EHnzqqUoPkyujh7LhVkBX
ENUauCVPKMNljI9rpUVGAmaNI7Om15Hy1H66UsjCQl+BDNxLiEu1g6Utt0lfWUg8
TsheRue+f0qeTQoz2S+ohhjKnYCc4Uo/iQjDatc9ZMn3F7EP9axxowToeDKNnJlc
N7r914vXB00/OzET7/9OVfnSLbCVhLnIfqHmDj2YpKYnBgkztSZOum5ZuRWqgoOm
3FOKQWxVPWdwj2Jz+wuuiJLU9KKBTLli3EKLQOH/7x1AAbpUqBng4A4PnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPCWi2QNxdbCHQo6ts7oYLyGzWrOMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvOEphTFpBM0Yxc0lkQ2pxMnp1aGd2SWJOYXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+A+
MA0GCSqGSIb3DQEBCwUAA4IBAQA9le9jQof4ebY2WsR3XFqJ0a6OWn0Zg7JC2boE
Hdd64roTICbKmNxdyeNJ+UkjUi/Opho6gdVGz1+/YPUFw8veJ+2ZFgz38wd9zQtN
jRBowfBDDUDsTUlkggOFJg1LMYC6kQc+yr13eUEv5d2tQo8FwDtXX44/Ybs1eNWI
k3fEyqisszp1Va1qPdcXaMvVuk+4rmOnPVAj3Rt9I0E5q03pO45NzVZ/81kDNpQF
XxSYXGGyCdetDtBa/nSJ5yiZNpRc7qdeN9JQeS2+cyIplWfzG+W3Ar+KHo7kggCj
wb6RXNaUhp3rasInekqsSjAGrcKby+Z9InAuVX9XuLHnIbrV
-----END CERTIFICATE-----
Generated at Fri May 3 18:27:00 2024 by rpki-client on console-ams.rpki-client.org