Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/dHtPKlL-LW1SCev9joX7i4AD3rc.roa
File:                     dHtPKlL-LW1SCev9joX7i4AD3rc.roa (raw, json)
Hash identifier:          O3ebPBiWGqkEjSgUMJOqtgt83PH9+sZLimIHiI6HIUI=
Subject key identifier:   74:7B:4F:2A:52:FE:2D:6D:52:09:EB:FD:8E:85:FB:8B:80:03:DE:B7
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       018CC725F93C940E2969B65561DE99DC2584
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/dHtPKlL-LW1SCev9joX7i4AD3rc.roa
Signing time:             Mon 01 Jan 2024 22:30:03 +0000
ROA not before:           Mon 01 Jan 2024 22:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208136
IP address blocks:        2a01:b960:230d::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:f9:3c:94:0e:29:69:b6:55:61:de:99:dc:25:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  1 22:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=747b4f2a52fe2d6d5209ebfd8e85fb8b8003deb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b1:a1:25:8c:22:5b:1c:15:73:3b:da:79:cf:
                    08:13:34:88:55:9f:43:d1:c9:f4:ae:2a:22:82:7a:
                    23:cd:c0:70:b7:43:0f:46:48:9d:b0:7c:bb:09:3f:
                    67:bb:11:92:d4:df:5d:b5:fd:aa:00:32:1a:11:4c:
                    4a:25:4c:d4:2e:c2:4e:c5:4e:87:91:3d:25:e9:7d:
                    61:61:01:43:b9:19:22:20:ee:87:a6:3b:87:02:10:
                    8e:2e:1b:57:a8:d7:ba:18:41:5a:16:bc:e2:9c:19:
                    e8:5e:8e:d3:37:85:94:f8:45:dc:70:f5:cf:5b:87:
                    19:a1:2d:6b:d4:7f:ba:8f:21:65:1e:4d:91:16:a6:
                    8a:8c:e9:59:2f:a9:13:d4:65:57:2b:e2:0e:f3:8a:
                    5e:43:c4:cc:00:22:b6:68:47:a5:37:c7:77:b2:04:
                    6c:e7:a2:54:63:31:66:f9:fe:40:3c:fb:9c:52:fc:
                    8b:f8:42:b9:e4:c4:6f:ec:ce:cf:e4:15:f5:e4:b5:
                    77:29:de:c8:dd:3d:0f:62:fc:3c:17:82:c7:6f:04:
                    68:0f:16:21:a6:17:91:0f:34:aa:81:01:9d:02:9a:
                    f3:b9:ca:43:a5:d2:81:1b:b0:be:2b:f8:4c:5c:85:
                    54:9d:7c:27:e1:4b:62:db:13:fe:32:f7:c1:80:e1:
                    ad:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7B:4F:2A:52:FE:2D:6D:52:09:EB:FD:8E:85:FB:8B:80:03:DE:B7
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/dHtPKlL-LW1SCev9joX7i4AD3rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:230d::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:88:0b:da:55:00:47:89:b1:55:be:9e:01:ee:78:aa:7e:f5:
         34:d2:e4:6e:1c:fe:4d:52:d1:7f:47:1d:98:03:de:a4:bd:9b:
         f4:07:39:69:56:c4:4f:a2:46:40:0a:41:7e:27:d1:64:fd:a9:
         f0:fb:75:72:87:b7:32:9a:42:5e:29:f6:e3:eb:2b:80:b7:09:
         b3:aa:4d:c0:91:4a:87:e2:4b:65:20:5c:1e:79:37:13:1d:8b:
         06:98:b5:7c:2c:32:0a:05:91:67:77:cb:d0:98:1a:77:b1:26:
         f6:ee:1a:c7:ea:53:44:d4:13:c0:66:cc:b0:64:77:03:2c:6e:
         56:7c:40:4d:8a:45:18:25:11:ca:8d:d4:46:86:1c:af:8d:a2:
         b1:19:e5:75:4b:50:57:f6:15:4e:cc:94:1d:2d:82:c0:14:25:
         23:4c:00:64:58:35:04:fa:3b:d3:03:b8:ff:f0:6a:4a:23:85:
         55:4c:c0:9e:3a:3d:40:73:eb:8d:47:65:bd:12:0d:d8:16:1e:
         ff:55:72:58:70:bd:e2:0f:2e:df:33:6c:b7:cc:93:43:b1:05:
         2c:28:96:eb:90:48:43:8e:a6:93:8e:50:ae:5b:37:d5:30:22:
         4e:fa:d9:32:bd:fd:d5:8b:0d:3d:75:e0:39:3b:2a:9f:9d:5d:
         0b:93:f0:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJfk8lA4pabZVYd6Z3CWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjQwMTAxMjIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdiNGYyYTUyZmUyZDZkNTIwOWViZmQ4ZTg1ZmI4YjgwMDNkZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7GhJYwiWxwVczvaec8IEzSIVZ9D
0cn0rioignojzcBwt0MPRkidsHy7CT9nuxGS1N9dtf2qADIaEUxKJUzULsJOxU6H
kT0l6X1hYQFDuRkiIO6HpjuHAhCOLhtXqNe6GEFaFrzinBnoXo7TN4WU+EXccPXP
W4cZoS1r1H+6jyFlHk2RFqaKjOlZL6kT1GVXK+IO84peQ8TMACK2aEelN8d3sgRs
56JUYzFm+f5APPucUvyL+EK55MRv7M7P5BX15LV3Kd7I3T0PYvw8F4LHbwRoDxYh
pheRDzSqgQGdAprzucpDpdKBG7C+K/hMXIVUnXwn4Uti2xP+MvfBgOGtWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHR7TypS/i1tUgnr/Y6F+4uAA963MB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvZEh0UEtsTC1MVzFTQ2V2OWpvWDdpNEFEM3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCMN
MA0GCSqGSIb3DQEBCwUAA4IBAQAliAvaVQBHibFVvp4B7niqfvU00uRuHP5NUtF/
Rx2YA96kvZv0BzlpVsRPokZACkF+J9Fk/anw+3Vyh7cymkJeKfbj6yuAtwmzqk3A
kUqH4ktlIFweeTcTHYsGmLV8LDIKBZFnd8vQmBp3sSb27hrH6lNE1BPAZsywZHcD
LG5WfEBNikUYJRHKjdRGhhyvjaKxGeV1S1BX9hVOzJQdLYLAFCUjTABkWDUE+jvT
A7j/8GpKI4VVTMCeOj1Ac+uNR2W9Eg3YFh7/VXJYcL3iDy7fM2y3zJNDsQUsKJbr
kEhDjqaTjlCuWzfVMCJO+tkyvf3Viw09deA5OyqfnV0Lk/B8
-----END CERTIFICATE-----