Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/V-ziVBTzF3yW8Qn17SkTQka0Z1w.roa
File:                     V-ziVBTzF3yW8Qn17SkTQka0Z1w.roa (raw, json)
Hash identifier:          dzI5Exw0Cav9WTDJa9bU3vaVrx3/DEAhAyNHw9d0Q+M=
Subject key identifier:   57:EC:E2:54:14:F3:17:7C:96:F1:09:F5:ED:29:13:42:46:B4:67:5C
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       0194236A3103D91CC9BC57EF1CDFB9EF740B
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/V-ziVBTzF3yW8Qn17SkTQka0Z1w.roa
Signing time:             Wed 01 Jan 2025 19:49:09 +0000
ROA not before:           Wed 01 Jan 2025 19:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208136
IP address blocks:        2a01:b960:230d::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:31:03:d9:1c:c9:bc:57:ef:1c:df:b9:ef:74:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  1 19:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57ece25414f3177c96f109f5ed29134246b4675c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:aa:d6:21:65:71:ae:58:36:87:3c:81:4a:ff:
                    df:b1:8f:d4:ee:11:47:f3:9f:fb:7d:b5:c4:ac:52:
                    0b:9a:62:41:a9:71:02:2f:d8:66:27:af:2c:4e:26:
                    d0:5c:ee:f8:e9:70:6d:b0:b3:ff:cb:60:60:fc:3c:
                    f1:3d:b6:c6:8b:c1:e4:65:a0:01:a0:82:88:71:1c:
                    03:3f:01:a4:47:2f:3b:c6:bc:2c:f1:14:7c:34:4d:
                    46:a2:c4:ca:30:24:9b:e4:00:3f:e6:61:fa:df:51:
                    38:62:b9:83:e3:4e:79:3d:e2:90:a6:56:e4:f7:9b:
                    4d:9f:1a:cd:1b:03:50:2f:8e:2c:13:10:2f:13:ce:
                    a3:a2:63:04:93:2a:c9:65:84:1a:bb:1d:ba:ef:72:
                    40:47:73:da:6c:36:d1:ee:47:29:13:fb:9c:66:e4:
                    39:fb:44:1e:07:dc:34:73:36:fb:f2:bf:6b:c4:9f:
                    ac:e9:b9:27:69:f2:67:d0:f7:99:a8:d0:93:ec:a3:
                    e0:e6:61:56:a0:9b:bd:8a:7b:45:f4:cd:d0:d5:56:
                    f2:39:ea:60:23:42:d8:0d:c8:62:8b:0f:33:80:f8:
                    fc:4a:ed:43:6b:1a:0f:0f:2d:87:27:fe:d8:8f:08:
                    3c:3f:a4:59:dd:b2:5d:83:8d:ad:b9:96:c8:51:f4:
                    ca:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EC:E2:54:14:F3:17:7C:96:F1:09:F5:ED:29:13:42:46:B4:67:5C
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/V-ziVBTzF3yW8Qn17SkTQka0Z1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:230d::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:dc:ba:aa:55:87:eb:b0:5a:cf:4a:c3:a1:8d:ed:7f:82:62:
         d4:bb:5d:b2:2f:49:44:bc:d8:90:f7:23:d7:28:28:c9:18:38:
         eb:a2:31:f2:58:d0:54:50:42:09:d4:22:63:99:9e:0a:46:d0:
         cb:bb:d0:29:e3:bf:05:db:2f:68:bf:9d:92:4b:d9:20:2d:1c:
         60:15:76:a1:d4:ee:0e:05:9b:20:46:0f:41:41:01:36:fd:e6:
         63:15:fb:24:05:38:62:b9:2b:c4:75:74:5d:31:b8:32:ff:2b:
         a8:16:a9:00:a9:f9:c1:30:6e:ab:e3:ee:42:47:92:fe:02:83:
         aa:33:1e:77:72:18:e8:04:68:1a:4b:12:57:cd:89:74:5f:2b:
         e6:68:03:f7:ef:f3:d1:62:ad:51:c9:53:13:ef:9d:e3:1a:03:
         7e:1c:7d:59:3f:ed:e0:ac:7a:3c:de:2c:d8:c7:f5:84:03:4d:
         55:d2:0a:53:01:d7:1f:1a:d9:8e:a9:28:5b:98:3f:f2:f5:f6:
         8f:05:18:5f:e9:fe:63:f1:6c:1a:e7:87:16:cf:c5:db:39:13:
         e7:2b:04:52:db:c9:41:0f:49:63:ad:51:27:6c:2c:df:1b:e8:
         a9:b6:cd:d3:4b:5d:cb:ff:64:c1:79:cc:5f:21:03:d9:75:5b:
         ed:02:51:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjajED2RzJvFfvHN+573QLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjUwMTAxMTk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2VjZTI1NDE0ZjMxNzdjOTZmMTA5ZjVlZDI5MTM0MjQ2YjQ2NzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqrWIWVxrlg2hzyBSv/fsY/U7hFH
85/7fbXErFILmmJBqXECL9hmJ68sTibQXO746XBtsLP/y2Bg/DzxPbbGi8HkZaAB
oIKIcRwDPwGkRy87xrws8RR8NE1GosTKMCSb5AA/5mH631E4YrmD4055PeKQplbk
95tNnxrNGwNQL44sExAvE86jomMEkyrJZYQaux2673JAR3PabDbR7kcpE/ucZuQ5
+0QeB9w0czb78r9rxJ+s6bknafJn0PeZqNCT7KPg5mFWoJu9intF9M3Q1VbyOepg
I0LYDchiiw8zgPj8Su1DaxoPDy2HJ/7Yjwg8P6RZ3bJdg42tuZbIUfTKgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFfs4lQU8xd8lvEJ9e0pE0JGtGdcMB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvVi16aVZCVHpGM3lXOFFuMTdTa1RRa2EwWjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCMN
MA0GCSqGSIb3DQEBCwUAA4IBAQA/3LqqVYfrsFrPSsOhje1/gmLUu12yL0lEvNiQ
9yPXKCjJGDjrojHyWNBUUEIJ1CJjmZ4KRtDLu9Ap478F2y9ov52SS9kgLRxgFXah
1O4OBZsgRg9BQQE2/eZjFfskBThiuSvEdXRdMbgy/yuoFqkAqfnBMG6r4+5CR5L+
AoOqMx53chjoBGgaSxJXzYl0XyvmaAP37/PRYq1RyVMT753jGgN+HH1ZP+3grHo8
3izYx/WEA01V0gpTAdcfGtmOqShbmD/y9faPBRhf6f5j8Wwa54cWz8XbORPnKwRS
28lBD0ljrVEnbCzfG+ipts3TS13L/2TBecxfIQPZdVvtAlGp
-----END CERTIFICATE-----