Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/RZB6hhj_LzY-DO3DfmavoIAg3K8.roa
File:                     RZB6hhj_LzY-DO3DfmavoIAg3K8.roa (raw, json)
Hash identifier:          8fSztyIXmdrydCA2Hwo+fzHNQuQ8HachHnXLTdni/F4=
Subject key identifier:   45:90:7A:86:18:FF:2F:36:3E:0C:ED:C3:7E:66:AF:A0:80:20:DC:AF
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       0194236A2F11CC52920232265611B39311E7
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/RZB6hhj_LzY-DO3DfmavoIAg3K8.roa
Signing time:             Wed 01 Jan 2025 19:49:08 +0000
ROA not before:           Wed 01 Jan 2025 19:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39239
IP address blocks:        2a01:b960:230b::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2f:11:cc:52:92:02:32:26:56:11:b3:93:11:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  1 19:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45907a8618ff2f363e0cedc37e66afa08020dcaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:94:0c:47:93:31:5b:0d:c2:a7:84:8f:15:d7:
                    f2:ff:10:81:2d:26:86:c0:55:46:e2:a2:fd:d9:3d:
                    aa:6f:37:c7:c9:13:0f:ab:e7:94:a2:5b:97:e6:15:
                    b9:67:89:a9:9f:bd:6a:ec:c9:7b:40:f5:1a:9e:87:
                    c2:0a:05:6b:a3:24:aa:9d:cb:77:53:6d:07:11:a0:
                    fa:c9:3e:32:5a:0e:6f:e1:dd:91:43:76:34:c5:bd:
                    b0:d8:79:29:37:94:13:f3:16:f7:87:e7:42:ad:c1:
                    9e:4b:c9:b7:37:b0:3b:28:2a:ef:ad:d4:48:4c:4b:
                    6e:06:11:d7:ee:52:fb:fe:5d:20:f7:44:c9:3e:c2:
                    7e:f4:87:97:2b:c5:45:83:8c:97:5f:78:0c:af:28:
                    73:6e:ea:0b:52:bd:c7:45:83:20:7a:bc:16:07:0a:
                    df:45:a8:e8:a7:0c:32:64:9d:0c:72:a9:64:6e:af:
                    ba:03:ba:96:ed:86:d3:31:42:77:db:94:de:9e:6f:
                    56:5a:c9:9b:03:b1:0d:e8:86:2f:a4:49:03:ad:a4:
                    df:ae:7f:c7:5f:f4:e6:51:66:e5:b4:25:58:6d:2a:
                    0a:4b:e3:e9:6a:6f:c0:36:2b:c9:43:78:61:be:43:
                    fe:f9:f7:af:07:c5:1d:cb:1b:8f:c7:d0:11:f7:c3:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:90:7A:86:18:FF:2F:36:3E:0C:ED:C3:7E:66:AF:A0:80:20:DC:AF
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/RZB6hhj_LzY-DO3DfmavoIAg3K8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:230b::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:62:42:28:e8:db:6f:38:bf:e7:ec:f8:f5:55:8d:65:fb:2d:
         7b:2a:c9:89:4a:f7:36:f3:b4:c2:14:f3:ba:d7:ee:a4:a6:61:
         fe:9b:aa:7f:0d:6a:83:cb:1c:bb:9f:23:e1:31:19:a6:fb:ab:
         c1:e5:7d:5a:71:b3:75:fc:44:22:c3:18:f0:f0:32:f3:b3:fa:
         fa:94:7c:8d:5b:87:b7:89:6d:73:91:54:8c:0b:0f:91:ce:87:
         05:14:b1:b1:88:4e:96:64:34:f7:59:bd:34:bd:9c:c6:78:e6:
         a1:3b:0b:19:0c:a6:e9:cc:b7:81:7d:b4:65:5c:b4:98:04:da:
         e1:4b:6b:a8:2d:ca:d2:8b:f9:a2:2f:c7:6e:03:30:bf:3e:c5:
         04:8c:19:14:bc:59:cc:23:9e:e8:8d:87:e4:46:69:8b:7d:02:
         a8:74:f7:f4:ad:c1:cb:67:5a:dd:76:07:d1:7f:c7:0f:16:c2:
         80:2c:3e:c8:8f:81:f6:00:32:9d:51:a9:2e:b7:5b:2c:5e:1f:
         b2:4f:ed:73:9c:ef:ff:98:ef:ab:e0:76:b4:54:33:c2:0d:9c:
         b3:03:1d:47:9d:98:d0:23:6b:fe:f3:8b:9a:ed:1c:91:77:ca:
         60:c8:4b:25:f7:62:39:1b:1e:44:89:79:f2:07:e8:f3:0a:20:
         3f:df:c8:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjai8RzFKSAjImVhGzkxHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjUwMTAxMTk0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTkwN2E4NjE4ZmYyZjM2M2UwY2VkYzM3ZTY2YWZhMDgwMjBkY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpQMR5MxWw3Cp4SPFdfy/xCBLSaG
wFVG4qL92T2qbzfHyRMPq+eUoluX5hW5Z4mpn71q7Ml7QPUanofCCgVroySqnct3
U20HEaD6yT4yWg5v4d2RQ3Y0xb2w2HkpN5QT8xb3h+dCrcGeS8m3N7A7KCrvrdRI
TEtuBhHX7lL7/l0g90TJPsJ+9IeXK8VFg4yXX3gMryhzbuoLUr3HRYMgerwWBwrf
RajopwwyZJ0Mcqlkbq+6A7qW7YbTMUJ325Tenm9WWsmbA7EN6IYvpEkDraTfrn/H
X/TmUWbltCVYbSoKS+Ppam/ANivJQ3hhvkP++fevB8UdyxuPx9AR98M3hwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEWQeoYY/y82Pgztw35mr6CAINyvMB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvUlpCNmhoal9MelktRE8zRGZtYXZvSUFnM0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCML
MA0GCSqGSIb3DQEBCwUAA4IBAQANYkIo6NtvOL/n7Pj1VY1l+y17KsmJSvc287TC
FPO61+6kpmH+m6p/DWqDyxy7nyPhMRmm+6vB5X1acbN1/EQiwxjw8DLzs/r6lHyN
W4e3iW1zkVSMCw+RzocFFLGxiE6WZDT3Wb00vZzGeOahOwsZDKbpzLeBfbRlXLSY
BNrhS2uoLcrSi/miL8duAzC/PsUEjBkUvFnMI57ojYfkRmmLfQKodPf0rcHLZ1rd
dgfRf8cPFsKALD7Ij4H2ADKdUakut1ssXh+yT+1znO//mO+r4Ha0VDPCDZyzAx1H
nZjQI2v+84ua7RyRd8pgyEsl92I5Gx5EiXnyB+jzCiA/38jx
-----END CERTIFICATE-----