Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/birz4Ut0IdAeA4AG5Saz_dgkPzY.roa
File:                     birz4Ut0IdAeA4AG5Saz_dgkPzY.roa (raw, json)
Hash identifier:          NFkOkkBJpfWDah6+4r0MNiX29vPes7DkDOfhwhOANMQ=
Subject key identifier:   6E:2A:F3:E1:4B:74:21:D0:1E:03:80:06:E5:26:B3:FD:D8:24:3F:36
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       018CC725F6842373127A63C8E580F2CE586F
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/birz4Ut0IdAeA4AG5Saz_dgkPzY.roa
Signing time:             Mon 01 Jan 2024 22:30:03 +0000
ROA not before:           Mon 01 Jan 2024 22:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:b960::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:f6:84:23:73:12:7a:63:c8:e5:80:f2:ce:58:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  1 22:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e2af3e14b7421d01e038006e526b3fdd8243f36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2e:bd:a8:c1:7c:68:eb:fa:a3:42:cb:bf:17:
                    dc:50:7a:69:61:31:13:9b:70:fe:64:dd:49:5c:6e:
                    79:fb:6f:ac:8f:bb:38:95:59:4f:9d:72:13:f9:b5:
                    2f:95:37:38:a0:31:67:86:d8:3b:bc:2e:a7:f3:41:
                    51:64:c5:2d:dc:85:ff:f4:9f:92:3b:ac:b5:68:43:
                    f9:71:16:0a:fe:92:99:fc:75:3a:8d:fd:86:f3:86:
                    5e:78:03:0e:92:9f:97:25:6f:7d:48:5c:86:d7:ee:
                    09:05:18:42:60:79:2c:b3:31:88:6b:31:9f:64:a5:
                    f8:a0:21:7b:18:ed:22:c1:97:0a:47:9d:e8:8e:8f:
                    52:ec:2c:3c:30:44:12:cd:8e:12:6f:27:8d:af:2b:
                    3b:a8:04:6c:28:b0:81:78:50:40:19:78:2b:63:7f:
                    22:f2:01:1c:ec:50:f6:17:0d:ad:8c:b0:a3:ee:87:
                    25:47:6d:3b:a4:ed:5e:cb:88:33:5d:dd:72:bf:26:
                    d0:08:da:4f:34:9a:c7:62:09:75:12:aa:cb:36:df:
                    8b:ea:be:4a:01:73:16:09:0d:d2:63:22:04:a4:f9:
                    5d:a5:4d:3d:00:cc:9b:70:6e:d3:d2:07:95:a5:f9:
                    3a:33:93:ce:42:dc:2b:c0:88:aa:4c:30:42:66:bd:
                    a6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:2A:F3:E1:4B:74:21:D0:1E:03:80:06:E5:26:B3:FD:D8:24:3F:36
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/birz4Ut0IdAeA4AG5Saz_dgkPzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:8a:5e:a0:24:e9:43:5e:32:ff:8a:cb:25:ee:80:0d:b1:94:
         fb:e5:b8:13:39:01:2a:fa:62:60:08:70:0e:1c:a7:cc:a9:12:
         10:7c:c5:04:78:79:14:e4:c8:fa:70:f9:b7:a7:76:aa:7f:a3:
         3c:16:96:08:34:a6:ac:6f:fb:ad:9c:74:33:da:cb:29:7b:52:
         20:ed:99:94:75:59:2d:a3:a7:22:41:b2:d6:dc:2a:aa:54:c2:
         ad:6b:38:b2:48:db:6e:c0:a5:6d:23:00:87:16:cd:05:b0:61:
         44:1c:6c:4e:e2:ec:f8:89:8f:56:d0:ec:8d:6f:3d:67:37:d8:
         be:33:bc:bc:3e:ec:bb:df:f3:c9:0b:81:12:2c:af:d5:df:89:
         3f:75:50:ed:06:11:49:22:ba:94:86:a4:f4:97:4a:1b:c9:d4:
         56:78:6d:c4:30:5c:ca:53:3c:af:31:23:14:77:79:6d:fb:ec:
         8c:29:8d:35:0b:4a:48:27:09:8e:7b:f4:0b:2a:88:dc:ed:e9:
         18:27:e3:5e:0f:c3:5c:5f:6d:5b:01:11:54:66:8f:ac:aa:7f:
         2d:d5:b1:da:d2:97:c1:99:63:bb:95:84:19:4f:59:51:8a:87:
         7a:a2:7a:e8:28:b2:fb:ca:a4:c5:0b:3b:c4:a6:b5:91:28:88:
         7f:7a:4c:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJfaEI3MSemPI5YDyzlhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjQwMTAxMjIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTJhZjNlMTRiNzQyMWQwMWUwMzgwMDZlNTI2YjNmZGQ4MjQzZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi69qMF8aOv6o0LLvxfcUHppYTET
m3D+ZN1JXG55+2+sj7s4lVlPnXIT+bUvlTc4oDFnhtg7vC6n80FRZMUt3IX/9J+S
O6y1aEP5cRYK/pKZ/HU6jf2G84ZeeAMOkp+XJW99SFyG1+4JBRhCYHksszGIazGf
ZKX4oCF7GO0iwZcKR53ojo9S7Cw8MEQSzY4SbyeNrys7qARsKLCBeFBAGXgrY38i
8gEc7FD2Fw2tjLCj7oclR207pO1ey4gzXd1yvybQCNpPNJrHYgl1EqrLNt+L6r5K
AXMWCQ3SYyIEpPldpU09AMybcG7T0geVpfk6M5POQtwrwIiqTDBCZr2msQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG4q8+FLdCHQHgOABuUms/3YJD82MB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvYmlyejRVdDBJZEFlQTRBRzVTYXpfZGdrUHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgG5YDAN
BgkqhkiG9w0BAQsFAAOCAQEAJIpeoCTpQ14y/4rLJe6ADbGU++W4EzkBKvpiYAhw
DhynzKkSEHzFBHh5FOTI+nD5t6d2qn+jPBaWCDSmrG/7rZx0M9rLKXtSIO2ZlHVZ
LaOnIkGy1twqqlTCrWs4skjbbsClbSMAhxbNBbBhRBxsTuLs+ImPVtDsjW89ZzfY
vjO8vD7su9/zyQuBEiyv1d+JP3VQ7QYRSSK6lIak9JdKG8nUVnhtxDBcylM8rzEj
FHd5bfvsjCmNNQtKSCcJjnv0CyqI3O3pGCfjXg/DXF9tWwERVGaPrKp/LdWx2tKX
wZlju5WEGU9ZUYqHeqJ66Ciy+8qkxQs7xKa1kSiIf3pMSg==
-----END CERTIFICATE-----