Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/IZ0aT9r6slKc2ejZ33smDqZji30.roa
File:                     IZ0aT9r6slKc2ejZ33smDqZji30.roa (raw, json)
Hash identifier:          zBodWuQQWiLp31i/PFzDqwgn84LKWjZxxdQCWwRb+dg=
Subject key identifier:   21:9D:1A:4F:DA:FA:B2:52:9C:D9:E8:D9:DF:7B:26:0E:A6:63:8B:7D
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       018CC725FAFB82A8C84879FF0E04E20C0EA0
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/IZ0aT9r6slKc2ejZ33smDqZji30.roa
Signing time:             Mon 01 Jan 2024 22:30:04 +0000
ROA not before:           Mon 01 Jan 2024 22:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213246
IP address blocks:        2a01:b960:230f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:fa:fb:82:a8:c8:48:79:ff:0e:04:e2:0c:0e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  1 22:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=219d1a4fdafab2529cd9e8d9df7b260ea6638b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:23:b2:fd:84:35:48:f2:a6:db:57:0c:50:25:
                    c1:85:d4:22:da:22:d6:0e:75:db:3e:03:e9:31:4b:
                    41:6b:6f:87:d4:d6:13:bc:b0:bd:58:ff:2b:01:48:
                    3c:6e:8f:db:8a:62:24:9b:50:2f:f9:fc:fd:c0:18:
                    0b:32:dd:cf:7f:29:5c:9d:76:c3:ca:5f:d7:ad:aa:
                    c0:ca:61:49:6f:4f:23:66:06:a2:e3:2d:b6:1e:1f:
                    19:aa:77:d9:08:7b:b8:78:dc:49:90:bc:97:a1:ea:
                    01:a6:32:79:ab:14:79:81:52:28:36:23:94:15:fd:
                    24:44:de:97:9e:7a:70:c3:2c:d8:2f:b4:32:91:f1:
                    77:99:c9:5f:ae:a8:49:06:b5:25:7d:74:c4:c5:5d:
                    9f:a7:dc:fd:64:7c:af:4b:81:bf:9f:7b:21:f7:a2:
                    90:f5:95:4d:58:9c:72:2e:35:b1:70:58:c2:ff:63:
                    38:7d:22:ff:d9:77:ec:b7:f1:88:24:a7:7e:ea:f3:
                    50:9b:58:56:86:6b:8a:ea:7c:dc:84:55:54:78:be:
                    2f:8d:93:8c:f1:cb:66:ba:0e:34:fc:d9:d3:7e:2a:
                    92:23:17:63:97:d5:a6:35:28:92:27:e7:88:97:28:
                    e5:cb:85:41:e5:db:0e:1c:f5:5a:2f:f2:14:ea:ce:
                    42:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9D:1A:4F:DA:FA:B2:52:9C:D9:E8:D9:DF:7B:26:0E:A6:63:8B:7D
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/IZ0aT9r6slKc2ejZ33smDqZji30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:230f::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:de:74:85:30:ea:69:62:91:56:f7:5d:d4:45:54:10:a0:dc:
         90:e3:9e:4b:2e:71:d1:0e:6f:a8:eb:bc:36:89:38:2d:17:f8:
         e7:da:3f:36:1e:5c:91:a4:71:e9:cb:dc:80:38:e7:68:ef:a3:
         a3:fe:fd:8b:17:b9:aa:fc:ec:fc:84:74:9d:e4:3c:be:e1:22:
         c9:33:2f:83:f7:2e:b6:61:3a:f9:6c:57:ba:7c:dc:07:31:01:
         a4:f1:b8:59:a3:88:4f:ec:3b:67:7f:a8:2f:98:5d:78:a4:e5:
         04:a9:42:b3:8f:82:fd:27:a1:f3:69:31:51:b0:1d:32:49:49:
         fd:ce:f2:ee:41:03:89:05:f9:ce:63:78:c2:af:b0:22:da:72:
         9f:88:d3:11:98:a4:7e:bf:43:d9:31:4b:5c:3d:6d:a9:e9:3f:
         18:cb:90:f1:90:39:15:9f:d2:37:6b:16:7e:5c:84:a3:bb:b5:
         c7:23:b4:cb:32:01:6f:d2:09:5d:d1:a2:40:68:96:a4:28:19:
         6c:19:6e:79:e4:c9:fe:73:57:ba:3f:56:0e:84:6c:30:15:b1:
         31:64:4c:3d:d8:21:9e:91:d1:94:e2:87:dc:4f:9d:5c:5d:1c:
         ea:6a:90:2d:30:6b:ef:24:b8:31:60:2d:9e:05:e6:7c:f9:13:
         7b:db:71:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJfr7gqjISHn/DgTiDA6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjQwMTAxMjIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTlkMWE0ZmRhZmFiMjUyOWNkOWU4ZDlkZjdiMjYwZWE2NjM4YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCOy/YQ1SPKm21cMUCXBhdQi2iLW
DnXbPgPpMUtBa2+H1NYTvLC9WP8rAUg8bo/bimIkm1Av+fz9wBgLMt3PfylcnXbD
yl/XrarAymFJb08jZgai4y22Hh8ZqnfZCHu4eNxJkLyXoeoBpjJ5qxR5gVIoNiOU
Ff0kRN6XnnpwwyzYL7QykfF3mclfrqhJBrUlfXTExV2fp9z9ZHyvS4G/n3sh96KQ
9ZVNWJxyLjWxcFjC/2M4fSL/2Xfst/GIJKd+6vNQm1hWhmuK6nzchFVUeL4vjZOM
8ctmug40/NnTfiqSIxdjl9WmNSiSJ+eIlyjly4VB5dsOHPVaL/IU6s5CBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCGdGk/a+rJSnNno2d97Jg6mY4t9MB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvSVowYVQ5cjZzbEtjMmVqWjMzc21EcVpqaTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCMP
MA0GCSqGSIb3DQEBCwUAA4IBAQBD3nSFMOppYpFW913URVQQoNyQ455LLnHRDm+o
67w2iTgtF/jn2j82HlyRpHHpy9yAOOdo76Oj/v2LF7mq/Oz8hHSd5Dy+4SLJMy+D
9y62YTr5bFe6fNwHMQGk8bhZo4hP7Dtnf6gvmF14pOUEqUKzj4L9J6HzaTFRsB0y
SUn9zvLuQQOJBfnOY3jCr7Ai2nKfiNMRmKR+v0PZMUtcPW2p6T8Yy5DxkDkVn9I3
axZ+XISju7XHI7TLMgFv0gld0aJAaJakKBlsGW555Mn+c1e6P1YOhGwwFbExZEw9
2CGekdGU4ofcT51cXRzqapAtMGvvJLgxYC2eBeZ8+RN723FO
-----END CERTIFICATE-----