Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/Nbm-c2svudWUAD_vmyCiWNx9lI0.roa
File:                     Nbm-c2svudWUAD_vmyCiWNx9lI0.roa (raw, json)
Hash identifier:          dVydD8xAjuNznG0rvx8SDee7F5RomIYgc0UnDHUUcls=
Subject key identifier:   35:B9:BE:73:6B:2F:B9:D5:94:00:3F:EF:9B:20:A2:58:DC:7D:94:8D
Certificate issuer:       /CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
Certificate serial:       018CC801847C58309C5DAE8D55939D2E6414
Authority key identifier: FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/Nbm-c2svudWUAD_vmyCiWNx9lI0.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        46.149.128.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:84:7c:58:30:9c:5d:ae:8d:55:93:9d:2e:64:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35b9be736b2fb9d594003fef9b20a258dc7d948d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2f:a6:c5:73:6c:ac:cf:aa:fa:7f:b6:c3:cf:
                    d4:6d:40:fb:9c:8f:fa:6c:66:df:f1:71:c4:8a:15:
                    49:6d:85:40:44:15:a0:5a:63:92:2f:d2:bc:59:0d:
                    d2:ba:15:b5:5d:a1:4c:9a:11:2d:07:c8:83:74:64:
                    ca:66:e1:2f:69:bd:d7:5b:7b:3a:42:7b:11:ea:db:
                    ee:5d:3f:a5:54:a4:b7:db:79:ea:b7:31:97:d1:ab:
                    db:17:58:f7:8a:f1:ed:c7:30:58:bb:f9:35:3a:66:
                    e7:55:af:7f:b0:de:91:06:5a:20:a9:94:fe:4f:83:
                    cb:4c:10:ff:6d:74:5d:05:ae:e2:ef:31:02:1e:9e:
                    14:9b:7a:74:53:35:bf:91:7b:d9:20:09:33:ad:3d:
                    3f:26:2d:a1:25:0c:02:62:66:c5:f6:83:3b:3d:25:
                    50:87:16:b6:57:b6:75:1f:5e:f7:5c:84:9b:83:26:
                    d2:61:38:46:71:2d:d6:9d:23:78:49:87:f5:42:b3:
                    e4:44:88:89:e7:bd:b1:95:de:7a:43:89:a2:9e:db:
                    c6:99:ac:90:97:ff:83:0c:65:74:7d:c7:fa:d9:36:
                    60:74:07:24:00:48:4c:12:83:89:a5:ad:78:38:3e:
                    dc:44:1e:cc:2f:e0:41:e0:c7:2a:fa:b6:7e:b6:e0:
                    8f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B9:BE:73:6B:2F:B9:D5:94:00:3F:EF:9B:20:A2:58:DC:7D:94:8D
            X509v3 Authority Key Identifier:
                keyid:FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/Nbm-c2svudWUAD_vmyCiWNx9lI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a9:b4:40:8c:27:82:53:74:e2:5e:cd:09:3f:80:d3:20:79:c6:
         ef:48:fe:aa:50:9b:c8:9c:a6:a1:f5:7d:e5:61:89:52:c3:90:
         3a:f8:c1:26:4e:70:b6:d0:f7:3b:42:5f:5a:1e:70:ac:f0:34:
         8a:22:01:ae:1b:06:4c:e5:78:fb:00:d8:cf:57:b9:30:32:8e:
         10:81:e2:5a:4b:e6:85:5d:89:8a:77:14:ee:54:da:a6:13:d3:
         ad:c3:d5:f4:d7:b1:b5:5a:cd:bb:4c:88:e2:6f:6e:6e:51:8c:
         ba:f5:77:66:fe:51:4e:6a:6e:34:36:e8:5c:aa:2f:02:58:c1:
         cc:91:bd:0e:8c:b3:c1:f1:18:3b:cc:26:5d:9a:f3:38:ac:66:
         90:fe:d5:26:df:0c:9a:3e:4c:52:f9:30:a9:9a:30:da:b9:06:
         87:b0:3d:34:1a:fe:be:d5:e1:57:07:5c:6e:c8:15:49:5f:4f:
         92:23:93:df:9c:cb:38:62:1b:a2:d6:82:0c:2b:d8:51:3e:2a:
         ae:a5:d7:46:27:08:98:e3:5a:b8:5f:e3:0b:28:36:63:d1:f7:
         55:c7:7c:e1:83:97:b4:74:69:dc:3c:8f:48:5d:a0:9c:43:81:
         8a:95:d8:ef:36:2e:1c:4b:83:b1:74:2e:40:e3:e8:18:77:c0:
         02:a5:44:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYR8WDCcXa6NVZOdLmQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmOGRkNWZlNDE3OWU4YmRhMjg1MzI1NjE5MTlmNmQwNzg3
N2M2M2QwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWI5YmU3MzZiMmZiOWQ1OTQwMDNmZWY5YjIwYTI1OGRjN2Q5NDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy+mxXNsrM+q+n+2w8/UbUD7nI/6
bGbf8XHEihVJbYVARBWgWmOSL9K8WQ3SuhW1XaFMmhEtB8iDdGTKZuEvab3XW3s6
QnsR6tvuXT+lVKS323nqtzGX0avbF1j3ivHtxzBYu/k1OmbnVa9/sN6RBlogqZT+
T4PLTBD/bXRdBa7i7zECHp4Um3p0UzW/kXvZIAkzrT0/Ji2hJQwCYmbF9oM7PSVQ
hxa2V7Z1H173XISbgybSYThGcS3WnSN4SYf1QrPkRIiJ572xld56Q4mintvGmayQ
l/+DDGV0fcf62TZgdAckAEhMEoOJpa14OD7cRB7ML+BB4Mcq+rZ+tuCPFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDW5vnNrL7nVlAA/75sgoljcfZSNMB8GA1UdIwQY
MBaAFP+N1f5Beei9ooUyVhkZ9tB4d8Y9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQt
MDZhNDA0NDM1ZTUwLzEvTmJtLWMyc3Z1ZFdVQURfdm15Q2lXTng5bEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQtMDZhNDA0NDM1ZTUw
LzEvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELpWAMA0G
CSqGSIb3DQEBCwUAA4IBAQCptECMJ4JTdOJezQk/gNMgecbvSP6qUJvInKah9X3l
YYlSw5A6+MEmTnC20Pc7Ql9aHnCs8DSKIgGuGwZM5Xj7ANjPV7kwMo4QgeJaS+aF
XYmKdxTuVNqmE9Otw9X017G1Ws27TIjib25uUYy69Xdm/lFOam40Nuhcqi8CWMHM
kb0OjLPB8Rg7zCZdmvM4rGaQ/tUm3wyaPkxS+TCpmjDauQaHsD00Gv6+1eFXB1xu
yBVJX0+SI5PfnMs4Yhui1oIMK9hRPiqupddGJwiY41q4X+MLKDZj0fdVx3zhg5e0
dGncPI9IXaCcQ4GKldjvNi4cS4OxdC5A4+gYd8ACpUT+
-----END CERTIFICATE-----