Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/NLFJZ13JpZUbH9SZcYQMURrkQ7s.roa
File:                     NLFJZ13JpZUbH9SZcYQMURrkQ7s.roa (raw, json)
Hash identifier:          ZgAMu3qgtd1oxwnzuZdMUeWhPHl78hlT7u2t4HM4XHo=
Subject key identifier:   34:B1:49:67:5D:C9:A5:95:1B:1F:D4:99:71:84:0C:51:1A:E4:43:BB
Certificate issuer:       /CN=05b3017c1693b945b5eda091ec93f85c1be1df36
Certificate serial:       01933E9C98922907E3AF41A5C87550DA588C
Authority key identifier: 05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/NLFJZ13JpZUbH9SZcYQMURrkQ7s.roa
Signing time:             Mon 18 Nov 2024 09:31:10 +0000
ROA not before:           Mon 18 Nov 2024 09:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197297
IP address blocks:        185.163.112.0/22 maxlen: 24
                          195.60.208.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:9c:98:92:29:07:e3:af:41:a5:c8:75:50:da:58:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b3017c1693b945b5eda091ec93f85c1be1df36
        Validity
            Not Before: Nov 18 09:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34b149675dc9a5951b1fd49971840c511ae443bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ba:99:e3:27:12:9f:a8:b0:ee:d2:24:2a:95:
                    fe:ca:21:82:ac:1d:d0:ff:e5:d7:79:0d:47:f6:93:
                    bd:24:9d:e5:06:a9:d7:e3:29:fb:42:74:59:1f:c1:
                    b5:7c:e3:ee:b1:12:e5:06:d4:f2:c1:a3:d0:07:5b:
                    84:ea:4e:f1:2b:72:4a:4c:cd:3d:fd:34:da:0c:79:
                    58:bc:5d:ee:bb:82:fb:6b:a2:5e:3e:c1:f4:a7:65:
                    ae:2b:1e:93:f6:4a:fe:98:91:38:d3:8c:3e:e2:e8:
                    38:a5:2a:b5:96:11:45:50:a5:99:8b:91:cd:d2:7e:
                    e8:43:20:ed:46:c2:13:33:72:81:ec:01:04:4e:ee:
                    a3:c3:3f:a6:28:40:60:b1:41:70:7e:67:3c:d8:ca:
                    9e:47:3c:e6:83:90:58:13:91:3e:a4:26:d5:62:5a:
                    79:e2:fb:86:70:e1:b4:58:71:1b:95:89:08:49:69:
                    ff:8a:5f:de:e7:dc:dd:16:7d:95:46:b1:4c:f7:48:
                    d0:5a:7b:0e:f6:b4:52:47:ca:7a:df:22:9f:c3:d0:
                    f6:d5:30:a0:b0:79:2b:a3:63:01:61:db:46:cf:d4:
                    b2:d7:4b:00:e7:3f:cc:2c:a7:d1:b7:4d:dd:93:6b:
                    6a:b0:3f:49:17:8d:e7:c5:14:0b:0b:62:67:86:30:
                    cf:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B1:49:67:5D:C9:A5:95:1B:1F:D4:99:71:84:0C:51:1A:E4:43:BB
            X509v3 Authority Key Identifier:
                keyid:05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/NLFJZ13JpZUbH9SZcYQMURrkQ7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.112.0/22
                  195.60.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:c0:82:f5:70:1a:47:11:43:6a:b5:f1:72:4d:d1:05:a1:7b:
         10:4a:ae:54:05:de:06:fa:f3:09:a3:27:21:55:e2:1e:f9:43:
         db:05:be:15:43:f2:bb:c4:5f:51:8a:12:af:e4:c6:58:68:a3:
         fc:9e:fd:ba:99:5d:54:86:35:29:76:3e:d1:be:de:6a:01:16:
         6a:81:69:64:44:fc:53:ed:04:28:2e:6c:a6:75:d7:fd:3e:8b:
         53:f9:2b:16:46:10:eb:cc:c5:93:ac:38:62:a6:bb:c0:a3:a1:
         b2:ff:5c:8e:c9:4a:9d:5a:fc:37:78:30:cd:f3:39:46:84:1a:
         3c:09:1c:e1:1a:ed:8d:00:28:8d:0b:2f:f0:95:5d:2e:d6:35:
         1a:b7:37:7e:ed:83:ec:68:9e:71:0d:72:13:f7:d6:b3:34:a7:
         d0:de:f9:8d:74:38:8b:52:6b:49:79:b7:76:36:44:c8:9f:e3:
         28:3c:2e:df:24:b2:0f:22:5e:cf:7c:1a:5f:46:eb:da:3b:89:
         3f:6c:ff:38:b1:49:df:92:32:0a:2a:cb:2e:c6:38:a7:83:57:
         59:d2:69:ff:d0:93:99:db:46:8f:51:02:07:75:c1:55:13:b5:
         59:ef:60:5c:f6:a8:2b:27:b6:ef:af:6e:3a:9d:ea:cc:df:5d:
         0b:01:86:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZM+nJiSKQfjr0GlyHVQ2liMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjMwMTdjMTY5M2I5NDViNWVkYTA5MWVjOTNmODVjMWJl
MWRmMzYwHhcNMjQxMTE4MDkzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGIxNDk2NzVkYzlhNTk1MWIxZmQ0OTk3MTg0MGM1MTFhZTQ0M2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7qZ4ycSn6iw7tIkKpX+yiGCrB3Q
/+XXeQ1H9pO9JJ3lBqnX4yn7QnRZH8G1fOPusRLlBtTywaPQB1uE6k7xK3JKTM09
/TTaDHlYvF3uu4L7a6JePsH0p2WuKx6T9kr+mJE404w+4ug4pSq1lhFFUKWZi5HN
0n7oQyDtRsITM3KB7AEETu6jwz+mKEBgsUFwfmc82MqeRzzmg5BYE5E+pCbVYlp5
4vuGcOG0WHEblYkISWn/il/e59zdFn2VRrFM90jQWnsO9rRSR8p63yKfw9D21TCg
sHkro2MBYdtGz9Sy10sA5z/MLKfRt03dk2tqsD9JF43nxRQLC2JnhjDPjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDSxSWddyaWVGx/UmXGEDFEa5EO7MB8GA1UdIwQY
MBaAFAWzAXwWk7lFte2gkeyT+Fwb4d82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQt
YWEyNzdlMzg5ZmRjLzEvTkxGSloxM0pwWlViSDlTWmNZUU1VUnJrUTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQtYWEyNzdlMzg5ZmRj
LzEvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuaNwAwQB
wzzQMA0GCSqGSIb3DQEBCwUAA4IBAQBVwIL1cBpHEUNqtfFyTdEFoXsQSq5UBd4G
+vMJoychVeIe+UPbBb4VQ/K7xF9RihKv5MZYaKP8nv26mV1UhjUpdj7Rvt5qARZq
gWlkRPxT7QQoLmymddf9PotT+SsWRhDrzMWTrDhiprvAo6Gy/1yOyUqdWvw3eDDN
8zlGhBo8CRzhGu2NACiNCy/wlV0u1jUatzd+7YPsaJ5xDXIT99azNKfQ3vmNdDiL
UmtJebd2NkTIn+MoPC7fJLIPIl7PfBpfRuvaO4k/bP84sUnfkjIKKssuxjing1dZ
0mn/0JOZ20aPUQIHdcFVE7VZ72Bc9qgrJ7bvr246nerM310LAYYC
-----END CERTIFICATE-----