Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/m26Z4EdJjPTeKqQP4bLFsm0qZJo.roa
File:                     m26Z4EdJjPTeKqQP4bLFsm0qZJo.roa (raw, json)
Hash identifier:          NWpdZVKoDOS9cnbyZWpfcC92E8AFSl1SI5HiCmg5+Gg=
Subject key identifier:   9B:6E:99:E0:47:49:8C:F4:DE:2A:A4:0F:E1:B2:C5:B2:6D:2A:64:9A
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       0194236A2F734DFC702306C9A5123EEEFAD0
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/m26Z4EdJjPTeKqQP4bLFsm0qZJo.roa
Signing time:             Wed 01 Jan 2025 19:49:09 +0000
ROA not before:           Wed 01 Jan 2025 19:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50389
IP address blocks:        2a01:b960:2303::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2f:73:4d:fc:70:23:06:c9:a5:12:3e:ee:fa:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  1 19:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b6e99e047498cf4de2aa40fe1b2c5b26d2a649a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2e:1b:9a:01:30:ef:70:e6:24:e0:19:3f:49:
                    11:5a:0a:1d:e0:09:8d:7b:bd:57:02:a4:08:cd:a9:
                    26:ee:38:61:af:84:cf:6f:f4:c4:f0:f6:d7:4d:33:
                    6f:d1:10:f5:60:73:61:7c:af:9d:48:3d:cb:64:e1:
                    62:ad:9a:5e:ec:74:8a:f1:e8:f0:0c:84:4a:d3:7b:
                    dc:ed:74:7b:b3:f5:1b:a1:9b:2d:9f:1a:c7:84:ff:
                    f4:18:13:21:cd:23:1e:a5:d6:0b:56:bd:93:e3:72:
                    11:2c:8a:c0:90:50:52:03:2d:6b:c4:c5:e6:89:0d:
                    49:af:8f:5e:e7:e4:64:14:6b:35:ec:54:0c:6f:ff:
                    ec:1c:85:37:0c:90:4f:ab:bb:ab:9f:ff:79:f3:c0:
                    1d:fb:44:2a:e0:87:70:c8:76:0c:69:cf:a6:8f:73:
                    f4:98:ba:c3:d7:df:8e:70:db:a0:f1:24:a7:b1:a3:
                    0f:4f:24:dc:2a:f2:00:9b:c0:bd:76:92:2f:68:a3:
                    58:2c:1a:e3:32:b2:59:a2:97:37:23:b8:69:18:92:
                    73:cd:3b:e6:0a:fa:22:bc:d4:23:26:66:b7:19:a0:
                    cd:2d:53:49:d0:4f:32:15:55:90:b7:9d:1c:f3:bc:
                    66:61:9d:33:8a:60:b3:7c:1d:49:3e:c5:68:37:69:
                    18:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:6E:99:E0:47:49:8C:F4:DE:2A:A4:0F:E1:B2:C5:B2:6D:2A:64:9A
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/m26Z4EdJjPTeKqQP4bLFsm0qZJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:2303::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:29:c5:9b:4d:b2:74:9e:af:97:0c:c3:43:f5:b2:12:63:57:
         86:2d:75:c7:c1:e2:52:0a:af:7a:db:a6:44:56:ab:a9:a5:a6:
         72:60:0b:45:16:7c:f1:3a:70:88:03:ce:6f:d3:37:95:cc:81:
         ab:d9:b2:e7:23:93:3d:9a:de:43:32:ff:74:38:b2:20:98:50:
         27:0a:09:07:4f:1c:b3:8e:56:b8:b0:5f:c0:a7:89:e0:35:68:
         9b:3b:b1:d0:04:71:b2:f1:54:f6:eb:11:78:e0:5c:b6:75:01:
         a8:50:d7:08:1d:1b:27:4d:50:de:e9:6b:d6:16:35:14:8a:29:
         e3:4e:60:ca:2e:79:ba:e7:07:d5:df:76:12:fb:7e:3d:29:b0:
         94:12:8a:7f:53:fc:d3:01:28:04:b9:29:1a:2e:87:fb:63:3b:
         c1:be:91:22:2a:a0:e3:76:8b:09:03:2b:c5:95:5d:b9:90:34:
         61:06:b8:6d:56:90:92:71:d2:28:e5:7c:fc:0d:e0:64:7c:b3:
         e1:86:83:0d:ec:a7:1f:36:13:f3:1b:1b:25:a8:15:17:59:a8:
         de:88:2a:0b:32:45:ff:9c:12:ec:c2:fb:95:b6:86:9f:24:0a:
         9e:ae:fd:8d:7d:f3:ab:c5:43:db:2e:b6:1e:a2:a7:60:96:bb:
         85:81:ef:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjai9zTfxwIwbJpRI+7vrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjUwMTAxMTk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjZlOTllMDQ3NDk4Y2Y0ZGUyYWE0MGZlMWIyYzViMjZkMmE2NDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi4bmgEw73DmJOAZP0kRWgod4AmN
e71XAqQIzakm7jhhr4TPb/TE8PbXTTNv0RD1YHNhfK+dSD3LZOFirZpe7HSK8ejw
DIRK03vc7XR7s/UboZstnxrHhP/0GBMhzSMepdYLVr2T43IRLIrAkFBSAy1rxMXm
iQ1Jr49e5+RkFGs17FQMb//sHIU3DJBPq7urn/9588Ad+0Qq4IdwyHYMac+mj3P0
mLrD19+OcNug8SSnsaMPTyTcKvIAm8C9dpIvaKNYLBrjMrJZopc3I7hpGJJzzTvm
CvoivNQjJma3GaDNLVNJ0E8yFVWQt50c87xmYZ0zimCzfB1JPsVoN2kY6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJtumeBHSYz03iqkD+GyxbJtKmSaMB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvbTI2WjRFZEpqUFRlS3FRUDRiTEZzbTBxWkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCMD
MA0GCSqGSIb3DQEBCwUAA4IBAQAEKcWbTbJ0nq+XDMND9bISY1eGLXXHweJSCq96
26ZEVquppaZyYAtFFnzxOnCIA85v0zeVzIGr2bLnI5M9mt5DMv90OLIgmFAnCgkH
Txyzjla4sF/Ap4ngNWibO7HQBHGy8VT26xF44Fy2dQGoUNcIHRsnTVDe6WvWFjUU
iinjTmDKLnm65wfV33YS+349KbCUEop/U/zTASgEuSkaLof7YzvBvpEiKqDjdosJ
AyvFlV25kDRhBrhtVpCScdIo5Xz8DeBkfLPhhoMN7KcfNhPzGxslqBUXWajeiCoL
MkX/nBLswvuVtoafJAqerv2NffOrxUPbLrYeoqdglruFge81
-----END CERTIFICATE-----