Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/HT8G8kRhLb8mTGJP72pp11ud7FA.roa
File:                     HT8G8kRhLb8mTGJP72pp11ud7FA.roa (raw, json)
Hash identifier:          Db06xaogk5poLqfAP8a/E+KGocQZmclcDguSXb0ya5U=
Subject key identifier:   1D:3F:06:F2:44:61:2D:BF:26:4C:62:4F:EF:6A:69:D7:5B:9D:EC:50
Certificate issuer:       /CN=b986028c9feb6f142b3fecb64667f48874ba9c37
Certificate serial:       018CCA2B88F4CE708784BBF48B3824E157E8
Authority key identifier: B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/HT8G8kRhLb8mTGJP72pp11ud7FA.roa
Signing time:             Tue 02 Jan 2024 12:34:59 +0000
ROA not before:           Tue 02 Jan 2024 12:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25365
IP address blocks:        2a00:7880:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:88:f4:ce:70:87:84:bb:f4:8b:38:24:e1:57:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b986028c9feb6f142b3fecb64667f48874ba9c37
        Validity
            Not Before: Jan  2 12:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d3f06f244612dbf264c624fef6a69d75b9dec50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:48:79:fe:bb:38:e3:4b:f1:4e:9d:67:ab:c6:
                    15:62:96:e2:b4:0f:14:a0:46:3a:d6:ee:a4:a9:6d:
                    3c:93:04:de:84:35:15:f5:fe:70:70:c3:e6:94:b8:
                    0c:5d:d7:f8:4a:c9:ca:e2:8f:a5:e1:a0:1c:37:45:
                    aa:81:84:b5:a7:6e:e3:a6:7a:4c:4c:f2:e8:60:82:
                    46:37:32:c9:84:76:13:62:5f:82:f0:ee:a8:29:8b:
                    e4:0e:2e:99:52:35:90:c8:61:cc:9f:7a:f9:67:5a:
                    15:0c:22:c5:df:c7:ba:6a:1d:41:05:3e:0f:11:b0:
                    15:de:b5:1f:44:0f:28:0e:2b:28:5a:ea:62:91:0d:
                    3b:28:aa:51:63:25:64:23:4a:be:15:4b:87:d6:bb:
                    a7:3b:9c:8f:15:9f:00:07:cf:f6:da:a6:c5:5d:13:
                    27:f8:de:8b:3d:1a:ef:63:a5:70:d9:8a:04:95:32:
                    17:fb:19:fe:23:4d:b7:1b:85:49:7b:5a:46:4c:cb:
                    f6:73:48:f6:b1:71:89:33:64:1f:54:e4:d5:0f:63:
                    cd:64:25:f6:1a:ea:99:25:83:fe:39:8b:47:11:f1:
                    8f:fe:ba:50:09:db:e6:aa:0e:cd:ac:7b:4c:2b:e2:
                    d0:9c:e0:6d:4c:f9:75:6c:16:0a:e6:64:0b:57:a8:
                    e2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:3F:06:F2:44:61:2D:BF:26:4C:62:4F:EF:6A:69:D7:5B:9D:EC:50
            X509v3 Authority Key Identifier:
                keyid:B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/HT8G8kRhLb8mTGJP72pp11ud7FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:7880:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:e4:21:ad:76:7d:7e:7f:8d:9f:61:53:ec:c6:8d:ec:d5:00:
         0e:46:ed:c8:7c:87:a6:b7:fb:b7:c9:bf:d4:a8:6b:25:01:92:
         0b:9e:82:04:5d:c1:7f:6c:9e:bf:d1:30:87:16:4b:14:a5:54:
         ca:9c:9e:83:28:11:5f:7c:bb:f7:9b:0d:15:ec:fd:e1:b2:ed:
         fa:57:f6:9f:05:c2:5e:fc:f2:84:fc:7b:d7:ee:8f:e7:d7:a9:
         35:b5:d6:9c:6e:0c:d6:8c:09:0b:36:4a:e9:61:ca:67:4a:5a:
         2b:0f:69:b5:ff:b5:8b:41:fd:0e:0b:d7:1d:14:79:0e:88:00:
         43:0b:8c:84:e3:a6:1d:c6:a5:9d:60:23:11:c3:de:69:b1:2e:
         6f:86:2f:8c:45:19:cf:fb:67:f3:a3:c7:ca:e2:c2:4a:57:56:
         ea:81:cb:9a:3b:16:2a:12:49:eb:03:26:e2:0b:75:04:47:74:
         09:83:b9:aa:6c:1f:53:be:e1:1e:d1:f5:c1:61:5d:57:9f:0a:
         56:e9:45:20:42:2a:df:72:2d:64:d5:dc:b7:c6:9c:36:5f:b9:
         46:69:f8:48:7a:93:44:be:d2:69:ab:03:1b:fa:ed:4d:81:2c:
         a0:1f:c9:f6:cf:43:b5:8c:47:d5:3b:d6:19:c2:1a:7a:4d:b9:
         d2:66:77:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK4j0znCHhLv0izgk4VfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ODYwMjhjOWZlYjZmMTQyYjNmZWNiNjQ2NjdmNDg4NzRi
YTljMzcwHhcNMjQwMTAyMTIzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDNmMDZmMjQ0NjEyZGJmMjY0YzYyNGZlZjZhNjlkNzViOWRlYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUh5/rs440vxTp1nq8YVYpbitA8U
oEY61u6kqW08kwTehDUV9f5wcMPmlLgMXdf4SsnK4o+l4aAcN0WqgYS1p27jpnpM
TPLoYIJGNzLJhHYTYl+C8O6oKYvkDi6ZUjWQyGHMn3r5Z1oVDCLF38e6ah1BBT4P
EbAV3rUfRA8oDisoWupikQ07KKpRYyVkI0q+FUuH1runO5yPFZ8AB8/22qbFXRMn
+N6LPRrvY6Vw2YoElTIX+xn+I023G4VJe1pGTMv2c0j2sXGJM2QfVOTVD2PNZCX2
GuqZJYP+OYtHEfGP/rpQCdvmqg7NrHtMK+LQnOBtTPl1bBYK5mQLV6jihwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB0/BvJEYS2/JkxiT+9qaddbnexQMB8GA1UdIwQY
MBaAFLmGAoyf628UKz/stkZn9Ih0upw3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVlZQ2pKX3JieFFyUC15MlJtZjBpSFM2bkRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8yODU4NTAtNzU1MS00MjI5LTg3YjYt
M2E0NDY4YzRkZmRmLzEvSFQ4RzhrUmhMYjhtVEdKUDcycHAxMXVkN0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8yODU4NTAtNzU1MS00MjI5LTg3YjYtM2E0NDY4YzRkZmRm
LzEvdVlZQ2pKX3JieFFyUC15MlJtZjBpSFM2bkRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgB4gAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBn5CGtdn1+f42fYVPsxo3s1QAORu3IfIemt/u3
yb/UqGslAZILnoIEXcF/bJ6/0TCHFksUpVTKnJ6DKBFffLv3mw0V7P3hsu36V/af
BcJe/PKE/HvX7o/n16k1tdacbgzWjAkLNkrpYcpnSlorD2m1/7WLQf0OC9cdFHkO
iABDC4yE46YdxqWdYCMRw95psS5vhi+MRRnP+2fzo8fK4sJKV1bqgcuaOxYqEknr
AybiC3UER3QJg7mqbB9TvuEe0fXBYV1XnwpW6UUgQirfci1k1dy3xpw2X7lGafhI
epNEvtJpqwMb+u1NgSygH8n2z0O1jEfVO9YZwhp6TbnSZneP
-----END CERTIFICATE-----
Generated at Fri Sep 20 19:07:33 2024 by rpki-client on console-fra.rpki-client.org