Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/me3w2RRj2Jv66LexRmGTOF0dYu4.roa
File:                     me3w2RRj2Jv66LexRmGTOF0dYu4.roa (raw, json)
Hash identifier:          IVKtJ2cKMfsGAleh+NgRNqSUS4jE2CYIDwkPdpHYbXs=
Subject key identifier:   99:ED:F0:D9:14:63:D8:9B:FA:E8:B7:B1:46:61:93:38:5D:1D:62:EE
Certificate issuer:       /CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
Certificate serial:       018CC793707C071427B5FB02870726A23219
Authority key identifier: 89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/me3w2RRj2Jv66LexRmGTOF0dYu4.roa
Signing time:             Tue 02 Jan 2024 00:29:37 +0000
ROA not before:           Tue 02 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50643
IP address blocks:        195.191.200.0/23 maxlen: 24
                          2001:678:b4c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:70:7c:07:14:27:b5:fb:02:87:07:26:a2:32:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
        Validity
            Not Before: Jan  2 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99edf0d91463d89bfae8b7b1466193385d1d62ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fd:01:7f:66:d3:13:1f:04:80:db:7c:b9:d2:
                    13:d9:65:23:3a:d9:77:93:4d:5b:11:8c:6f:57:bf:
                    a8:f6:92:0f:8f:2e:58:91:ae:f0:1d:31:b9:1a:76:
                    63:67:75:41:af:a9:05:b4:41:1a:e3:ac:c1:2d:c2:
                    60:3e:ca:e6:ca:43:98:51:5b:7c:c9:bd:0d:4a:b1:
                    29:62:1e:78:16:d8:fb:60:b2:26:c1:2f:fd:94:20:
                    36:43:0f:19:69:43:ad:c6:9b:1d:d1:11:08:7b:a3:
                    23:3b:4f:14:5d:51:48:3c:50:ec:38:cc:4d:41:c7:
                    c5:17:0a:c3:d1:f2:2a:c5:e1:78:34:73:bd:b4:88:
                    df:7a:79:82:fa:7a:94:cb:8c:37:90:0a:65:25:4c:
                    05:dc:8d:97:62:16:c8:1b:d8:3c:b9:f5:48:39:e1:
                    00:79:5d:2b:9b:52:e9:e2:e7:5f:9b:86:a5:80:85:
                    fd:92:a4:66:7b:de:bf:42:d6:a1:23:32:e8:a2:b9:
                    c6:96:42:6e:40:13:5c:f9:3f:fe:fd:08:98:86:d8:
                    b6:6b:57:ee:9e:ab:91:e2:46:89:4c:20:1f:4e:8b:
                    c5:fa:b1:fb:8e:e1:7f:10:f1:d2:db:2f:d4:79:09:
                    df:90:7d:c0:d7:bd:36:a0:69:fc:b2:b7:b2:ef:f8:
                    5e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:ED:F0:D9:14:63:D8:9B:FA:E8:B7:B1:46:61:93:38:5D:1D:62:EE
            X509v3 Authority Key Identifier:
                keyid:89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/me3w2RRj2Jv66LexRmGTOF0dYu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.200.0/23
                IPv6:
                  2001:678:b4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:c2:46:3b:c7:ec:03:33:2b:79:ee:f9:47:f2:4a:ad:23:c8:
         4e:97:49:90:e6:3d:b2:b5:27:37:6d:14:ee:4c:44:cf:79:5c:
         c4:b8:81:6c:81:90:84:69:bc:75:2d:4b:1a:03:0c:63:73:77:
         f7:be:3c:32:3b:81:15:0b:76:23:1d:56:7b:87:7d:b7:69:69:
         e8:62:18:a7:ec:a7:c9:ee:05:b7:76:eb:79:d9:1e:8e:5c:df:
         da:05:2b:d1:c3:9d:02:4d:9d:f9:7b:2e:44:ee:dc:25:94:fd:
         3b:a2:87:66:1f:be:b8:04:2e:2c:a4:3f:04:4d:4e:94:8d:1d:
         7c:89:9d:f7:5e:b2:3a:74:33:d8:40:8c:87:31:8b:ae:1d:0e:
         c3:65:fc:7f:d3:33:96:5d:28:bf:b9:a4:a6:2c:f5:e0:fa:b1:
         c0:22:a3:fa:d8:59:05:5a:3b:ca:b2:17:98:11:c8:ec:aa:b4:
         d5:91:0b:a1:8c:0e:bc:cd:b9:84:af:7e:a2:d0:8f:9a:8a:ba:
         03:fd:e2:09:cf:0d:6f:78:2f:cb:fb:9f:7e:39:40:6b:3b:6d:
         07:e7:b0:17:a8:90:2c:c0:e5:03:15:4a:f2:c0:e6:0c:74:fb:
         f2:0c:e0:40:88:21:a9:41:ed:e6:90:66:f9:d5:30:b5:ad:aa:
         d7:9d:d0:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHk3B8BxQntfsChwcmojIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZTRiZjU5ODc3YTNiMmVmMTRmNWYxMjBhNjc1MGRjMTQ5
MzljNmIwHhcNMjQwMTAyMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWVkZjBkOTE0NjNkODliZmFlOGI3YjE0NjYxOTMzODVkMWQ2MmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2f0Bf2bTEx8EgNt8udIT2WUjOtl3
k01bEYxvV7+o9pIPjy5Yka7wHTG5GnZjZ3VBr6kFtEEa46zBLcJgPsrmykOYUVt8
yb0NSrEpYh54Ftj7YLImwS/9lCA2Qw8ZaUOtxpsd0REIe6MjO08UXVFIPFDsOMxN
QcfFFwrD0fIqxeF4NHO9tIjfenmC+nqUy4w3kAplJUwF3I2XYhbIG9g8ufVIOeEA
eV0rm1Lp4udfm4algIX9kqRme96/QtahIzLoornGlkJuQBNc+T/+/QiYhti2a1fu
nquR4kaJTCAfTovF+rH7juF/EPHS2y/UeQnfkH3A1702oGn8srey7/heewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJnt8NkUY9ib+ui3sUZhkzhdHWLuMB8GA1UdIwQY
MBaAFInkv1mHejsu8U9fEgpnUNwUk5xrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUt
MjNiYjQyMDNlYjU3LzEvbWUzdzJSUmoySnY2NkxleFJtR1RPRjBkWXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUtMjNiYjQyMDNlYjU3
LzEvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw7/IMA8E
AgACMAkDBwAgAQZ4C0wwDQYJKoZIhvcNAQELBQADggEBAGrCRjvH7AMzK3nu+Ufy
Sq0jyE6XSZDmPbK1JzdtFO5MRM95XMS4gWyBkIRpvHUtSxoDDGNzd/e+PDI7gRUL
diMdVnuHfbdpaehiGKfsp8nuBbd263nZHo5c39oFK9HDnQJNnfl7LkTu3CWU/Tui
h2YfvrgELiykPwRNTpSNHXyJnfdesjp0M9hAjIcxi64dDsNl/H/TM5ZdKL+5pKYs
9eD6scAio/rYWQVaO8qyF5gRyOyqtNWRC6GMDrzNuYSvfqLQj5qKugP94gnPDW94
L8v7n345QGs7bQfnsBeokCzA5QMVSvLA5gx0+/IM4ECIIalB7eaQZvnVMLWtqted
0Ik=
-----END CERTIFICATE-----