Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/NbSHLJ18LUFyB0iCR0rBch7bc-U.roa
File:                     NbSHLJ18LUFyB0iCR0rBch7bc-U.roa (raw, json)
Hash identifier:          m4WtwA746c9+1dEjftL5KY1wr7YjjqzoZ0GnddIoHLc=
Subject key identifier:   35:B4:87:2C:9D:7C:2D:41:72:07:48:82:47:4A:C1:72:1E:DB:73:E5
Certificate issuer:       /CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
Certificate serial:       01942444DECC61697B571C7F7518C3A75D86
Authority key identifier: 03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/NbSHLJ18LUFyB0iCR0rBch7bc-U.roa
Signing time:             Wed 01 Jan 2025 23:48:00 +0000
ROA not before:           Wed 01 Jan 2025 23:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9199
IP address blocks:        185.57.46.0/24 maxlen: 24
                          2a04:7580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 14:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:de:cc:61:69:7b:57:1c:7f:75:18:c3:a7:5d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
        Validity
            Not Before: Jan  1 23:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35b4872c9d7c2d4172074882474ac1721edb73e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:70:62:3e:d8:a8:cc:c7:99:dc:6e:33:58:cd:
                    b2:d0:e9:db:30:3d:7c:ac:73:c7:40:eb:89:0e:f5:
                    18:40:63:d8:60:5b:5a:78:fe:5b:0c:32:81:44:b3:
                    05:cd:4a:70:92:2e:7f:d8:f6:c2:be:2f:be:5d:79:
                    96:73:70:7c:e6:e0:b1:62:ad:1b:cb:f4:26:c4:cd:
                    40:14:2d:4d:74:a9:37:bc:0d:cb:55:6a:30:3a:62:
                    58:dc:56:7d:b0:44:03:8a:12:84:10:fc:6f:68:fb:
                    0a:fc:12:df:b4:98:c3:78:6d:e6:8c:46:ed:a3:9a:
                    1b:36:5f:a5:d4:49:02:91:8f:3d:db:ef:f6:98:92:
                    20:2f:f9:55:06:4b:a7:0d:00:4b:ad:16:ae:14:ed:
                    3d:ba:45:83:7e:4b:cc:ec:81:6b:d1:f9:10:31:8c:
                    06:6f:5c:17:9c:e9:5f:48:82:d9:c0:cc:05:f7:5f:
                    8f:b0:df:fa:b9:41:6e:eb:f1:6a:36:50:a6:9a:ff:
                    a0:e5:fc:68:25:08:22:86:bd:fa:ca:d8:6e:0d:05:
                    50:a9:9e:67:68:87:40:d5:77:d5:ed:70:3b:04:b8:
                    a9:72:d5:fd:25:53:c0:43:11:b1:25:d9:81:87:42:
                    dd:88:4d:b1:d2:05:3a:e6:19:4c:19:b7:f6:7b:6a:
                    0f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B4:87:2C:9D:7C:2D:41:72:07:48:82:47:4A:C1:72:1E:DB:73:E5
            X509v3 Authority Key Identifier:
                keyid:03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/NbSHLJ18LUFyB0iCR0rBch7bc-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.46.0/24
                IPv6:
                  2a04:7580::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:98:a3:7d:29:25:79:f2:d4:c9:54:39:a8:d8:62:48:54:df:
         69:6e:d2:7e:26:92:95:c6:63:28:8b:74:92:90:db:88:13:b3:
         f2:df:1b:d2:2a:c4:fe:ce:93:29:cf:c3:a1:9d:75:d6:53:5c:
         b1:77:8a:3d:c4:af:1d:90:7c:4f:96:d8:ab:19:0d:f6:ac:e8:
         e2:24:ce:73:c3:33:8d:82:1b:3c:cd:b8:89:34:da:7d:4e:4f:
         0c:37:d3:fe:ba:d3:e2:b7:98:1b:e3:88:79:f2:41:2c:3b:05:
         74:3c:06:50:b5:74:42:fd:80:01:f5:ec:69:a7:82:43:62:2a:
         32:e1:ec:b5:44:11:b3:28:9c:b3:16:5d:de:de:8f:17:9b:23:
         8d:e6:a8:58:cd:75:e1:49:bb:1c:9b:50:97:d6:c5:ec:25:70:
         4f:39:0d:24:80:d8:59:14:62:75:d8:2f:e6:03:29:f4:2a:1a:
         1d:c2:04:a0:bc:07:77:1d:fc:42:bf:81:c0:60:7f:31:33:d6:
         50:8f:48:f4:8b:ae:e3:7d:bd:a4:d9:5a:ef:9d:54:a5:49:0e:
         cb:03:e3:4a:42:c6:bd:a2:16:39:79:91:a9:06:09:90:2a:e5:
         8b:3d:fb:41:00:bb:df:2c:42:9f:c2:4e:8f:51:64:6c:5c:c1:
         96:ca:b8:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRN7MYWl7Vxx/dRjDp12GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNGIwZWVkMmM1YTc4N2FkODdmYjQ5ZjA0ZDNmZGYzZDBm
NDlkNGMwHhcNMjUwMTAxMjM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWI0ODcyYzlkN2MyZDQxNzIwNzQ4ODI0NzRhYzE3MjFlZGI3M2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunBiPtiozMeZ3G4zWM2y0OnbMD18
rHPHQOuJDvUYQGPYYFtaeP5bDDKBRLMFzUpwki5/2PbCvi++XXmWc3B85uCxYq0b
y/QmxM1AFC1NdKk3vA3LVWowOmJY3FZ9sEQDihKEEPxvaPsK/BLftJjDeG3mjEbt
o5obNl+l1EkCkY892+/2mJIgL/lVBkunDQBLrRauFO09ukWDfkvM7IFr0fkQMYwG
b1wXnOlfSILZwMwF91+PsN/6uUFu6/FqNlCmmv+g5fxoJQgihr36ythuDQVQqZ5n
aIdA1XfV7XA7BLipctX9JVPAQxGxJdmBh0LdiE2x0gU65hlMGbf2e2oPGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDW0hyydfC1BcgdIgkdKwXIe23PlMB8GA1UdIwQY
MBaAFANLDu0sWnh62H+0nwTT/fPQ9J1MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEt
ZTA4NTI3NWFhMzY0LzEvTmJTSExKMThMVUZ5QjBpQ1IwckJjaDdiYy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEtZTA4NTI3NWFhMzY0
LzEvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTkuMA0E
AgACMAcDBQMqBHWAMA0GCSqGSIb3DQEBCwUAA4IBAQCGmKN9KSV58tTJVDmo2GJI
VN9pbtJ+JpKVxmMoi3SSkNuIE7Py3xvSKsT+zpMpz8OhnXXWU1yxd4o9xK8dkHxP
ltirGQ32rOjiJM5zwzONghs8zbiJNNp9Tk8MN9P+utPit5gb44h58kEsOwV0PAZQ
tXRC/YAB9expp4JDYioy4ey1RBGzKJyzFl3e3o8XmyON5qhYzXXhSbscm1CX1sXs
JXBPOQ0kgNhZFGJ12C/mAyn0KhodwgSgvAd3HfxCv4HAYH8xM9ZQj0j0i67jfb2k
2VrvnVSlSQ7LA+NKQsa9ohY5eZGpBgmQKuWLPftBALvfLEKfwk6PUWRsXMGWyrgb
-----END CERTIFICATE-----