Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/9a9958-09d0-4a28-ae88-cb9f04c1e154/1/NepfpGWCX6iiE6umFGKvSmfWR3o.roa
File:                     NepfpGWCX6iiE6umFGKvSmfWR3o.roa (raw, json)
Hash identifier:          FLwtEJgUjgrIcEp00Qgejhk+RC1p+QNIVoP/IiMZjv4=
Subject key identifier:   35:EA:5F:A4:65:82:5F:A8:A2:13:AB:A6:14:62:AF:4A:67:D6:47:7A
Certificate issuer:       /CN=35be2aa9b4fbf90715ebcc90534f9d2d54f7da43
Certificate serial:       01944FE00EC5F53F6784A96F036DEC49DA6B
Authority key identifier: 35:BE:2A:A9:B4:FB:F9:07:15:EB:CC:90:53:4F:9D:2D:54:F7:DA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nb4qqbT7-QcV68yQU0-dLVT32kM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/9a9958-09d0-4a28-ae88-cb9f04c1e154/1/NepfpGWCX6iiE6umFGKvSmfWR3o.roa
Signing time:             Fri 10 Jan 2025 11:01:11 +0000
ROA not before:           Fri 10 Jan 2025 11:01:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42844
IP address blocks:        91.196.224.0/22 maxlen: 24
                          91.211.108.0/22 maxlen: 24
                          195.234.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/9a9958-09d0-4a28-ae88-cb9f04c1e154/1/Nb4qqbT7-QcV68yQU0-dLVT32kM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/9a9958-09d0-4a28-ae88-cb9f04c1e154/1/Nb4qqbT7-QcV68yQU0-dLVT32kM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nb4qqbT7-QcV68yQU0-dLVT32kM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4f:e0:0e:c5:f5:3f:67:84:a9:6f:03:6d:ec:49:da:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35be2aa9b4fbf90715ebcc90534f9d2d54f7da43
        Validity
            Not Before: Jan 10 11:01:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35ea5fa465825fa8a213aba61462af4a67d6477a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1f:5c:81:c7:7d:e8:e7:9f:09:7a:85:14:fc:
                    20:48:d4:ca:3f:48:33:b1:2a:0d:96:6e:83:48:01:
                    ef:87:38:ba:09:f1:67:4e:62:7b:54:95:79:d9:11:
                    94:2c:13:38:9d:dc:fa:23:d8:0a:39:5b:b6:bc:22:
                    5b:b7:d6:c0:31:ea:ac:e1:6a:fa:7d:e8:fd:ca:02:
                    47:1c:3f:0c:4f:35:b6:d4:2d:3a:36:83:b3:ff:f0:
                    b5:62:b5:24:cd:3b:5a:7f:a7:0c:2e:24:75:6d:0c:
                    d5:ca:65:b2:d7:25:eb:f4:be:8e:8e:c0:4e:3e:00:
                    be:99:47:06:89:27:37:f6:9c:2d:23:42:9f:e6:e3:
                    45:39:90:7d:df:32:2a:f0:5a:0e:50:ad:38:24:07:
                    f3:a3:26:ce:b5:dc:9e:9b:c7:50:3c:5f:57:74:4c:
                    25:23:e3:f5:df:a4:1c:80:a2:dc:d1:8c:2c:7e:1e:
                    af:02:d8:48:1e:fe:74:a7:e2:e8:b6:c4:96:65:04:
                    2f:00:6c:57:3d:20:f1:b0:f1:9e:98:8c:00:ce:88:
                    b0:e2:98:10:77:01:a4:a8:db:b6:a6:8a:28:ca:a4:
                    e6:2c:a5:e1:ec:dd:1a:5b:3d:f2:20:2c:99:c9:a5:
                    e4:af:41:0b:1f:b5:2f:31:ae:f7:7a:84:48:d7:a5:
                    c0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:EA:5F:A4:65:82:5F:A8:A2:13:AB:A6:14:62:AF:4A:67:D6:47:7A
            X509v3 Authority Key Identifier:
                keyid:35:BE:2A:A9:B4:FB:F9:07:15:EB:CC:90:53:4F:9D:2D:54:F7:DA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nb4qqbT7-QcV68yQU0-dLVT32kM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/9a9958-09d0-4a28-ae88-cb9f04c1e154/1/NepfpGWCX6iiE6umFGKvSmfWR3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/9a9958-09d0-4a28-ae88-cb9f04c1e154/1/Nb4qqbT7-QcV68yQU0-dLVT32kM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.224.0/22
                  91.211.108.0/22
                  195.234.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:81:2c:aa:43:24:9d:8b:be:68:e1:12:b4:9b:07:d0:87:15:
         6b:19:1b:77:a1:1d:2e:23:12:30:bd:63:17:54:13:ec:a1:e5:
         31:c2:8a:10:70:fe:5b:9c:2c:49:db:3b:c5:99:ec:1d:73:d3:
         87:e6:66:e4:12:89:ac:0a:c4:23:39:41:22:cd:32:ce:5d:f2:
         c8:a2:30:eb:0d:70:49:87:ed:be:05:2f:5e:76:b1:ef:fc:de:
         cb:79:1e:4c:05:29:93:7c:ed:46:a2:62:9f:75:92:d2:b4:45:
         0c:35:17:18:55:07:7d:81:ac:00:ba:07:b9:6a:1d:ba:bd:3e:
         67:ae:98:7b:67:71:94:8a:3a:a8:78:72:87:bc:19:2d:73:4b:
         d5:49:e0:38:e0:21:5d:c1:6b:41:72:a6:24:82:51:74:ad:63:
         d5:42:2d:f1:2e:0d:0f:33:b3:c0:6f:ff:d0:ad:36:1f:27:63:
         fd:08:13:29:85:63:c6:9e:69:de:73:7f:6d:c9:e5:38:83:94:
         0e:96:f5:1b:91:81:af:e7:d0:44:6c:ac:be:b5:9f:92:06:a4:
         3f:cf:8a:ef:b0:a7:06:43:a0:0a:4c:43:db:a4:72:4a:34:c4:
         e4:cf:91:bc:aa:f9:e9:d0:3b:3e:4c:f1:87:1f:69:7f:2a:68:
         3a:c9:c9:9c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRP4A7F9T9nhKlvA23sSdprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1YmUyYWE5YjRmYmY5MDcxNWViY2M5MDUzNGY5ZDJkNTRm
N2RhNDMwHhcNMjUwMTEwMTEwMTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWVhNWZhNDY1ODI1ZmE4YTIxM2FiYTYxNDYyYWY0YTY3ZDY0NzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB9cgcd96OefCXqFFPwgSNTKP0gz
sSoNlm6DSAHvhzi6CfFnTmJ7VJV52RGULBM4ndz6I9gKOVu2vCJbt9bAMeqs4Wr6
fej9ygJHHD8MTzW21C06NoOz//C1YrUkzTtaf6cMLiR1bQzVymWy1yXr9L6OjsBO
PgC+mUcGiSc39pwtI0Kf5uNFOZB93zIq8FoOUK04JAfzoybOtdyem8dQPF9XdEwl
I+P136QcgKLc0Ywsfh6vAthIHv50p+LotsSWZQQvAGxXPSDxsPGemIwAzoiw4pgQ
dwGkqNu2poooyqTmLKXh7N0aWz3yICyZyaXkr0ELH7UvMa73eoRI16XA1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDXqX6Rlgl+oohOrphRir0pn1kd6MB8GA1UdIwQY
MBaAFDW+Kqm0+/kHFevMkFNPnS1U99pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmI0cXFiVDctUWNWNjh5UVUwLWRMVlQzMmtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni85YTk5NTgtMDlkMC00YTI4LWFlODgt
Y2I5ZjA0YzFlMTU0LzEvTmVwZnBHV0NYNmlpRTZ1bUZHS3ZTbWZXUjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni85YTk5NTgtMDlkMC00YTI4LWFlODgtY2I5ZjA0YzFlMTU0
LzEvTmI0cXFiVDctUWNWNjh5UVUwLWRMVlQzMmtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8TgAwQC
W9NsAwQCw+pUMA0GCSqGSIb3DQEBCwUAA4IBAQB0gSyqQySdi75o4RK0mwfQhxVr
GRt3oR0uIxIwvWMXVBPsoeUxwooQcP5bnCxJ2zvFmewdc9OH5mbkEomsCsQjOUEi
zTLOXfLIojDrDXBJh+2+BS9edrHv/N7LeR5MBSmTfO1GomKfdZLStEUMNRcYVQd9
gawAuge5ah26vT5nrph7Z3GUijqoeHKHvBktc0vVSeA44CFdwWtBcqYkglF0rWPV
Qi3xLg0PM7PAb//QrTYfJ2P9CBMphWPGnmnec39tyeU4g5QOlvUbkYGv59BEbKy+
tZ+SBqQ/z4rvsKcGQ6AKTEPbpHJKNMTkz5G8qvnp0Ds+TPGHH2l/Kmg6ycmc
-----END CERTIFICATE-----