Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/nhbcHBf3KyDRfxTTz6M2nv3FDrc.roa
File:                     nhbcHBf3KyDRfxTTz6M2nv3FDrc.roa (raw, json)
Hash identifier:          Zxdw2e4bDTlf7LQ65Hz/8o5/IiJ9rQjv2vVBLW/NpXU=
Subject key identifier:   9E:16:DC:1C:17:F7:2B:20:D1:7F:14:D3:CF:A3:36:9E:FD:C5:0E:B7
Certificate issuer:       /CN=fef918c5a9330dbbe6eee17cb9a1d62fbc855bde
Certificate serial:       0194503709E1B3D207DD68511E2199D0E60B
Authority key identifier: FE:F9:18:C5:A9:33:0D:BB:E6:EE:E1:7C:B9:A1:D6:2F:BC:85:5B:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_vkYxakzDbvm7uF8uaHWL7yFW94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/nhbcHBf3KyDRfxTTz6M2nv3FDrc.roa
Signing time:             Fri 10 Jan 2025 12:36:11 +0000
ROA not before:           Fri 10 Jan 2025 12:36:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        185.7.190.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/_vkYxakzDbvm7uF8uaHWL7yFW94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/_vkYxakzDbvm7uF8uaHWL7yFW94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_vkYxakzDbvm7uF8uaHWL7yFW94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:50:37:09:e1:b3:d2:07:dd:68:51:1e:21:99:d0:e6:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fef918c5a9330dbbe6eee17cb9a1d62fbc855bde
        Validity
            Not Before: Jan 10 12:36:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e16dc1c17f72b20d17f14d3cfa3369efdc50eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:62:aa:61:eb:9f:8c:84:67:4b:22:da:2e:19:
                    de:2b:33:89:f8:b9:c6:de:e8:bd:a1:5f:b5:11:16:
                    4d:23:aa:39:ab:5a:25:14:a4:7c:0b:3c:75:1c:b9:
                    0d:1e:5a:ce:8c:e6:d3:db:47:06:6d:c6:a6:72:55:
                    03:62:ed:9c:c7:c3:04:a9:22:95:03:85:88:6b:17:
                    f2:45:a5:0f:69:e8:d1:63:9f:87:ce:e2:aa:17:6a:
                    65:9d:b9:e4:f6:88:3f:0e:4d:5b:60:22:7e:d4:64:
                    9e:66:d2:18:aa:39:98:35:f1:b0:db:3e:ff:d2:43:
                    26:ae:f2:bf:c2:25:c9:26:f6:db:a2:20:ed:2c:b2:
                    f2:c2:7a:69:36:50:67:ff:0d:5b:4a:6a:d4:1e:82:
                    10:f3:52:af:cb:c5:52:e4:ac:2a:27:7e:b6:96:f8:
                    cd:f9:df:39:1a:c3:e4:31:51:30:4b:a7:ed:bd:08:
                    a9:05:76:56:32:f4:cb:01:13:9b:68:c3:4a:96:3a:
                    3b:b7:96:6e:7e:2f:b5:e5:c4:92:79:4a:6b:bc:47:
                    e6:72:69:53:66:8c:aa:31:db:a2:0e:cf:2f:e1:2b:
                    5f:8a:60:a8:19:c7:7b:e1:da:5c:e6:c7:40:0d:99:
                    e7:33:1d:93:ba:06:3f:47:85:64:74:f9:b1:6d:39:
                    15:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:16:DC:1C:17:F7:2B:20:D1:7F:14:D3:CF:A3:36:9E:FD:C5:0E:B7
            X509v3 Authority Key Identifier:
                keyid:FE:F9:18:C5:A9:33:0D:BB:E6:EE:E1:7C:B9:A1:D6:2F:BC:85:5B:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_vkYxakzDbvm7uF8uaHWL7yFW94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/nhbcHBf3KyDRfxTTz6M2nv3FDrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/_vkYxakzDbvm7uF8uaHWL7yFW94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:e6:c2:e8:cf:f4:f4:ae:12:f9:0e:3a:4f:32:3f:0c:fd:2c:
         c2:d8:85:11:4d:5f:ad:90:79:ce:de:a2:6d:2b:1f:ba:a5:3c:
         ef:69:eb:3d:e5:10:11:9d:01:47:97:43:43:a4:75:de:17:a7:
         ca:0e:a3:1c:15:ee:00:52:7d:36:74:cb:71:fd:a8:b3:b3:b9:
         61:2d:20:bc:7c:10:81:fe:71:81:09:dc:3c:6a:1b:68:52:fc:
         d0:e9:89:0f:70:a8:42:02:65:e9:01:2a:2c:5e:54:6d:c5:8a:
         f3:a8:5d:b9:c6:7d:cc:ec:c6:69:ec:9a:59:e5:fd:3b:95:8d:
         da:e1:5d:e5:ca:b8:d8:57:76:44:fe:2e:d0:ac:41:83:bf:20:
         7a:49:cb:d2:b9:f3:8a:e2:a6:5f:fb:f1:76:ea:b7:29:bb:ab:
         f4:40:cb:dc:53:c0:d6:55:00:24:ed:7e:1d:af:9e:20:06:9d:
         f0:d4:9a:19:be:6e:cd:d6:86:93:2a:31:d0:02:87:e0:d5:b8:
         a0:90:4a:38:18:a5:83:a8:dc:ff:ae:23:ee:5b:c5:56:8b:34:
         19:ff:89:45:e3:66:04:5e:c1:be:58:a7:2a:97:a8:83:5c:06:
         be:dc:a4:ce:cd:28:23:63:db:69:81:6e:3d:a5:aa:97:30:30:
         7b:9d:f2:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRQNwnhs9IH3WhRHiGZ0OYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZjkxOGM1YTkzMzBkYmJlNmVlZTE3Y2I5YTFkNjJmYmM4
NTViZGUwHhcNMjUwMTEwMTIzNjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE2ZGMxYzE3ZjcyYjIwZDE3ZjE0ZDNjZmEzMzY5ZWZkYzUwZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GKqYeufjIRnSyLaLhneKzOJ+LnG
3ui9oV+1ERZNI6o5q1olFKR8Czx1HLkNHlrOjObT20cGbcamclUDYu2cx8MEqSKV
A4WIaxfyRaUPaejRY5+HzuKqF2plnbnk9og/Dk1bYCJ+1GSeZtIYqjmYNfGw2z7/
0kMmrvK/wiXJJvbboiDtLLLywnppNlBn/w1bSmrUHoIQ81Kvy8VS5KwqJ362lvjN
+d85GsPkMVEwS6ftvQipBXZWMvTLARObaMNKljo7t5Zufi+15cSSeUprvEfmcmlT
ZoyqMduiDs8v4StfimCoGcd74dpc5sdADZnnMx2TugY/R4VkdPmxbTkVZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4W3BwX9ysg0X8U08+jNp79xQ63MB8GA1UdIwQY
MBaAFP75GMWpMw275u7hfLmh1i+8hVveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3ZrWXhha3pEYnZtN3VGOHVhSFdMN3lGVzk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lZDY1NWQtNTEwMi00OTMyLWIxZGIt
YmEyODg5YWZhYWRkLzEvbmhiY0hCZjNLeURSZnhUVHo2TTJudjNGRHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lZDY1NWQtNTEwMi00OTMyLWIxZGItYmEyODg5YWZhYWRk
LzEvX3ZrWXhha3pEYnZtN3VGOHVhSFdMN3lGVzk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQe+MA0G
CSqGSIb3DQEBCwUAA4IBAQB65sLoz/T0rhL5DjpPMj8M/SzC2IURTV+tkHnO3qJt
Kx+6pTzvaes95RARnQFHl0NDpHXeF6fKDqMcFe4AUn02dMtx/aizs7lhLSC8fBCB
/nGBCdw8ahtoUvzQ6YkPcKhCAmXpASosXlRtxYrzqF25xn3M7MZp7JpZ5f07lY3a
4V3lyrjYV3ZE/i7QrEGDvyB6ScvSufOK4qZf+/F26rcpu6v0QMvcU8DWVQAk7X4d
r54gBp3w1JoZvm7N1oaTKjHQAofg1bigkEo4GKWDqNz/riPuW8VWizQZ/4lF42YE
XsG+WKcql6iDXAa+3KTOzSgjY9tpgW49paqXMDB7nfI2
-----END CERTIFICATE-----