Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/NfL_EgCXFD9v0tnPQCNcR4Zs7dY.roa
File:                     NfL_EgCXFD9v0tnPQCNcR4Zs7dY.roa (raw, json)
Hash identifier:          3L+biwYBL7kWKWLcHYU08oqapVdlu0GbcU2/Kta7c7M=
Subject key identifier:   35:F2:FF:12:00:97:14:3F:6F:D2:D9:CF:40:23:5C:47:86:6C:ED:D6
Certificate issuer:       /CN=cfd3a3f1069fcd512da514f66d6ee34ba3debb0f
Certificate serial:       019424B4012E589679BF453BF0D018A589F1
Authority key identifier: CF:D3:A3:F1:06:9F:CD:51:2D:A5:14:F6:6D:6E:E3:4B:A3:DE:BB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z9Oj8QafzVEtpRT2bW7jS6Peuw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/NfL_EgCXFD9v0tnPQCNcR4Zs7dY.roa
Signing time:             Thu 02 Jan 2025 01:49:23 +0000
ROA not before:           Thu 02 Jan 2025 01:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59975
IP address blocks:        176.107.230.0/23 maxlen: 23
                          176.107.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/z9Oj8QafzVEtpRT2bW7jS6Peuw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/z9Oj8QafzVEtpRT2bW7jS6Peuw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z9Oj8QafzVEtpRT2bW7jS6Peuw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 07:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b4:01:2e:58:96:79:bf:45:3b:f0:d0:18:a5:89:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfd3a3f1069fcd512da514f66d6ee34ba3debb0f
        Validity
            Not Before: Jan  2 01:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35f2ff120097143f6fd2d9cf40235c47866cedd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:91:38:35:31:d2:1c:f0:9a:87:36:b9:bd:c7:
                    1f:b8:5b:0b:7b:ed:6a:ac:be:f5:a8:ae:a8:4b:15:
                    35:24:97:ca:3d:a7:80:6b:64:2a:bc:54:dc:64:93:
                    bd:58:bd:d2:21:42:3e:23:b2:56:b0:11:d4:9c:1e:
                    3e:d2:72:94:b9:2d:12:57:15:82:24:02:bf:82:f3:
                    4c:b5:20:7c:f0:be:25:c4:1e:62:fc:83:1d:b4:00:
                    94:11:2a:04:5f:26:0d:1a:ee:b1:83:22:9a:c2:be:
                    09:67:79:f9:85:55:2a:a9:d6:51:55:61:ac:fd:8b:
                    2d:55:b3:8e:e5:83:9a:f7:d4:dd:48:5c:79:0e:55:
                    0d:fa:74:8e:f1:ba:45:a7:1b:d4:dc:c1:be:77:36:
                    0a:57:bd:c8:48:7e:8c:35:ff:18:29:5b:cd:df:7e:
                    4b:da:9b:c0:70:b4:5c:62:42:54:ea:ed:bc:f5:98:
                    7a:f0:7d:2c:4d:2c:9e:6b:3e:77:c2:64:ac:7b:66:
                    fa:fd:ef:86:ab:41:6f:cd:db:7a:ad:81:f6:23:92:
                    3e:7d:b6:02:74:f9:5d:7e:fa:2d:45:86:ce:62:f8:
                    93:54:63:8d:95:7e:87:9d:97:77:57:0c:8f:c3:cc:
                    4c:a3:e3:99:b0:f5:54:ac:d8:82:d7:d3:b4:34:3c:
                    87:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F2:FF:12:00:97:14:3F:6F:D2:D9:CF:40:23:5C:47:86:6C:ED:D6
            X509v3 Authority Key Identifier:
                keyid:CF:D3:A3:F1:06:9F:CD:51:2D:A5:14:F6:6D:6E:E3:4B:A3:DE:BB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z9Oj8QafzVEtpRT2bW7jS6Peuw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/NfL_EgCXFD9v0tnPQCNcR4Zs7dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/z9Oj8QafzVEtpRT2bW7jS6Peuw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.107.230.0/23
                  176.107.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:bb:33:53:2a:f9:7b:b2:e3:40:82:c2:29:63:f0:96:46:c4:
         f7:95:89:06:84:33:f8:54:e0:aa:12:ae:24:c2:4f:fb:62:77:
         2c:5b:84:73:2f:3a:23:5f:75:96:3a:5f:06:1e:01:a5:ea:fa:
         b1:a6:e5:21:43:62:e1:9d:82:83:1f:a9:00:b5:7f:55:64:55:
         7c:f8:f2:19:62:e8:d8:d0:ed:79:13:3e:d5:d3:7d:42:48:21:
         31:37:f6:1a:d9:15:d7:f8:a1:ba:ff:4e:52:ff:29:21:18:02:
         5f:cf:56:b6:09:ed:db:de:2d:b7:35:b9:a8:24:45:b2:f9:cf:
         da:a3:20:b8:69:da:d0:16:29:dc:c8:ea:fc:1d:da:db:7b:05:
         7a:74:aa:04:2c:3b:d1:bd:9b:8d:78:14:23:01:d4:3d:a0:33:
         4a:c6:3d:25:1c:c2:41:b3:4e:7b:e8:c6:66:c2:b4:1b:d9:8e:
         25:6a:00:1e:2a:e7:0b:43:39:35:49:46:5f:1b:21:e6:01:be:
         43:a7:5b:b9:f3:60:ab:47:b9:f1:30:4a:ab:2c:59:5a:ba:db:
         66:f7:1b:ae:da:e2:d9:83:73:b9:a2:fe:18:f7:f6:6f:4d:3a:
         62:ed:09:a3:ac:3f:de:ca:84:ee:b4:84:a8:59:dc:d3:23:27:
         d2:b6:c4:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQktAEuWJZ5v0U78NAYpYnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZDNhM2YxMDY5ZmNkNTEyZGE1MTRmNjZkNmVlMzRiYTNk
ZWJiMGYwHhcNMjUwMTAyMDE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYyZmYxMjAwOTcxNDNmNmZkMmQ5Y2Y0MDIzNWM0Nzg2NmNlZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZE4NTHSHPCahza5vccfuFsLe+1q
rL71qK6oSxU1JJfKPaeAa2QqvFTcZJO9WL3SIUI+I7JWsBHUnB4+0nKUuS0SVxWC
JAK/gvNMtSB88L4lxB5i/IMdtACUESoEXyYNGu6xgyKawr4JZ3n5hVUqqdZRVWGs
/YstVbOO5YOa99TdSFx5DlUN+nSO8bpFpxvU3MG+dzYKV73ISH6MNf8YKVvN335L
2pvAcLRcYkJU6u289Zh68H0sTSyeaz53wmSse2b6/e+Gq0Fvzdt6rYH2I5I+fbYC
dPldfvotRYbOYviTVGONlX6HnZd3VwyPw8xMo+OZsPVUrNiC19O0NDyHfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDXy/xIAlxQ/b9LZz0AjXEeGbO3WMB8GA1UdIwQY
MBaAFM/To/EGn81RLaUU9m1u40uj3rsPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejlPajhRYWZ6VkV0cFJUMmJXN2pTNlBldXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iM2Y4MjUtZGEzOC00OTg5LTk2Mjkt
MzgyOTIwMTU1ZmZiLzEvTmZMX0VnQ1hGRDl2MHRuUFFDTmNSNFpzN2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iM2Y4MjUtZGEzOC00OTg5LTk2MjktMzgyOTIwMTU1ZmZi
LzEvejlPajhRYWZ6VkV0cFJUMmJXN2pTNlBldXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsGvmAwQA
sGvrMA0GCSqGSIb3DQEBCwUAA4IBAQCOuzNTKvl7suNAgsIpY/CWRsT3lYkGhDP4
VOCqEq4kwk/7YncsW4RzLzojX3WWOl8GHgGl6vqxpuUhQ2LhnYKDH6kAtX9VZFV8
+PIZYujY0O15Ez7V031CSCExN/Ya2RXX+KG6/05S/ykhGAJfz1a2Ce3b3i23Nbmo
JEWy+c/aoyC4adrQFincyOr8HdrbewV6dKoELDvRvZuNeBQjAdQ9oDNKxj0lHMJB
s0576MZmwrQb2Y4lagAeKucLQzk1SUZfGyHmAb5Dp1u582CrR7nxMEqrLFlauttm
9xuu2uLZg3O5ov4Y9/ZvTTpi7QmjrD/eyoTutISoWdzTIyfStsQL
-----END CERTIFICATE-----