Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/NeK3VE5xIVumcURQvZORGSezPug.roa
File:                     NeK3VE5xIVumcURQvZORGSezPug.roa (raw, json)
Hash identifier:          Kyuhso1DU/JY4Cd8KqltzS/UkVVtl7rIX1KuhxLgmkQ=
Subject key identifier:   35:E2:B7:54:4E:71:21:5B:A6:71:44:50:BD:93:91:19:27:B3:3E:E8
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       0194228DCA669A3A5DA8E430A6873362DF7E
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/NeK3VE5xIVumcURQvZORGSezPug.roa
Signing time:             Wed 01 Jan 2025 15:48:25 +0000
ROA not before:           Wed 01 Jan 2025 15:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        192.166.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ca:66:9a:3a:5d:a8:e4:30:a6:87:33:62:df:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  1 15:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35e2b7544e71215ba6714450bd93911927b33ee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:99:e3:f6:2a:0c:fd:a8:d1:d5:46:dc:0e:da:
                    66:c9:f1:7d:2a:45:3c:cc:65:fc:1e:bc:94:64:da:
                    b1:77:15:a7:d4:b4:70:d5:0d:7a:99:5d:48:8d:46:
                    82:75:a0:44:b2:28:e8:52:0c:d7:38:eb:21:27:a9:
                    5c:ac:36:1d:ed:07:54:d3:5e:30:09:42:33:67:a6:
                    12:dc:92:7a:2b:f5:3f:dd:ee:be:71:97:24:d6:c9:
                    89:03:6a:d5:ba:77:58:c7:e2:74:dd:6d:a0:76:94:
                    19:d0:8e:bf:05:db:fd:25:29:89:0a:6f:7f:98:28:
                    b1:ea:12:1a:a3:56:06:f4:44:63:9d:6c:bf:fb:16:
                    51:db:ad:08:36:ea:c7:8b:46:95:9a:ba:a3:75:9c:
                    45:0d:d9:de:e1:c2:cf:89:37:f6:81:26:f9:7e:9f:
                    b9:f4:1d:c0:74:b0:73:0a:81:67:a7:c1:02:b4:a2:
                    af:af:5a:16:8a:2d:ff:b2:f8:e3:2f:ec:34:38:f6:
                    47:b3:a8:21:7f:a5:3e:0c:f6:dc:1e:ac:86:b8:ca:
                    dd:f7:c2:c1:0a:61:22:69:5d:de:36:1f:4c:b1:cf:
                    55:93:f5:3e:25:8e:31:a8:5e:16:25:b4:53:d7:bd:
                    79:35:74:2a:38:d1:99:77:0a:be:45:2b:c4:e9:f7:
                    35:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:E2:B7:54:4E:71:21:5B:A6:71:44:50:BD:93:91:19:27:B3:3E:E8
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/NeK3VE5xIVumcURQvZORGSezPug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:8b:44:d4:d6:ea:a3:74:78:c6:88:32:7e:eb:78:f9:99:03:
         4e:c4:63:c0:52:0d:ee:f6:87:2d:d2:9f:7f:ae:f7:c7:08:bb:
         76:b9:38:c1:5f:2c:8d:d1:4c:02:8d:b2:e6:cf:8f:e6:a2:b9:
         e9:b1:25:38:3c:5d:3a:44:c7:52:21:8c:47:5d:fe:4f:8b:55:
         7f:82:a5:ec:41:b1:06:3a:c7:3d:08:8d:5b:ab:69:66:5e:f2:
         6c:ac:5e:91:a0:03:fe:56:35:b2:6d:89:15:a5:7a:0e:76:8f:
         2f:05:b5:7c:b8:f1:5c:51:ab:cd:36:62:26:d5:bd:c6:aa:c4:
         ba:10:43:82:32:d6:75:82:9a:eb:82:8e:97:dc:97:71:8c:b8:
         8e:19:13:91:cb:a0:7c:b7:be:a4:3f:f3:dd:1b:e3:8e:c2:88:
         5f:2f:8f:38:f1:b0:85:1a:c0:c3:e2:f7:22:65:bf:ca:78:77:
         94:4b:65:07:59:ba:f8:b9:ee:24:62:72:aa:05:10:d3:1a:8d:
         d4:2c:23:d4:95:52:c0:28:a5:78:30:11:a8:20:18:47:ec:12:
         6d:e5:ea:0b:ca:31:1a:75:b9:67:ac:0c:e4:8b:0f:47:c3:ea:
         83:f9:33:f0:2f:ba:c8:c4:33:11:cb:56:d2:74:06:d7:45:75:
         c6:c9:6b:9c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQijcpmmjpdqOQwpoczYt9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjUwMTAxMTU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWUyYjc1NDRlNzEyMTViYTY3MTQ0NTBiZDkzOTExOTI3YjMzZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZnj9ioM/ajR1UbcDtpmyfF9KkU8
zGX8HryUZNqxdxWn1LRw1Q16mV1IjUaCdaBEsijoUgzXOOshJ6lcrDYd7QdU014w
CUIzZ6YS3JJ6K/U/3e6+cZck1smJA2rVundYx+J03W2gdpQZ0I6/Bdv9JSmJCm9/
mCix6hIao1YG9ERjnWy/+xZR260INurHi0aVmrqjdZxFDdne4cLPiTf2gSb5fp+5
9B3AdLBzCoFnp8ECtKKvr1oWii3/svjjL+w0OPZHs6ghf6U+DPbcHqyGuMrd98LB
CmEiaV3eNh9Msc9Vk/U+JY4xqF4WJbRT1715NXQqONGZdwq+RSvE6fc14QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDXit1ROcSFbpnFEUL2TkRknsz7oMB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL05lSzNWRTV4SVZ1bWNVUlF2Wk9SR1NlelB1Zy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPApjgw
DQYJKoZIhvcNAQELBQADggEBAFaLRNTW6qN0eMaIMn7rePmZA07EY8BSDe72hy3S
n3+u98cIu3a5OMFfLI3RTAKNsubPj+aiuemxJTg8XTpEx1IhjEdd/k+LVX+CpexB
sQY6xz0IjVuraWZe8mysXpGgA/5WNbJtiRWleg52jy8FtXy48VxRq802YibVvcaq
xLoQQ4Iy1nWCmuuCjpfcl3GMuI4ZE5HLoHy3vqQ/890b447CiF8vjzjxsIUawMPi
9yJlv8p4d5RLZQdZuvi57iRicqoFENMajdQsI9SVUsAopXgwEaggGEfsEm3l6gvK
MRp1uWesDOSLD0fD6oP5M/AvusjEMxHLVtJ0BtdFdcbJa5w=
-----END CERTIFICATE-----