Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/me_hiCtiXWn2HsHZMYTJdkyDZgU.roa
File:                     me_hiCtiXWn2HsHZMYTJdkyDZgU.roa (raw, json)
Hash identifier:          8t8xRiMS+pqTA/ChQ8308jF3kTOuMdOC3LENl1QoD0c=
Subject key identifier:   99:EF:E1:88:2B:62:5D:69:F6:1E:C1:D9:31:84:C9:76:4C:83:66:05
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018DD52638F0C1BF6242D90555D40CB03DB2
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/me_hiCtiXWn2HsHZMYTJdkyDZgU.roa
Signing time:             Fri 23 Feb 2024 08:47:48 +0000
ROA not before:           Fri 23 Feb 2024 08:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215552
IP address blocks:        91.132.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:26:38:f0:c1:bf:62:42:d9:05:55:d4:0c:b0:3d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 23 08:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99efe1882b625d69f61ec1d93184c9764c836605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2d:e7:97:a3:90:84:62:de:ce:ca:85:66:51:
                    b6:b8:ee:bc:be:9e:ae:4e:9a:14:be:e8:a1:e3:90:
                    20:e5:2b:4a:d1:da:ee:d5:60:47:0e:67:95:dd:e8:
                    fc:23:ba:36:f4:46:9c:47:bc:b3:b1:b6:9f:4e:0c:
                    46:c7:1a:16:91:33:03:40:c9:68:6c:e0:7b:54:0e:
                    07:71:b4:f8:d9:35:24:80:bb:f3:54:a1:93:da:21:
                    d2:46:f0:64:ed:59:9e:cc:76:62:d1:18:04:ab:30:
                    9c:5e:83:e5:94:e7:26:7a:93:df:be:b6:e9:c8:46:
                    bf:ad:63:89:6b:0d:77:6c:b8:8a:9d:d8:ab:5b:2b:
                    5c:9c:53:91:54:a8:ee:5e:72:ff:ac:ca:39:ad:ca:
                    e9:16:65:b7:41:e5:03:95:ce:77:e0:21:ed:4a:78:
                    fa:85:9f:70:62:83:23:1d:2e:27:f3:90:42:38:d4:
                    ba:12:46:f3:6c:f7:a9:4e:52:20:57:d4:e6:1e:cb:
                    b6:8c:bd:58:77:86:c2:de:c5:e6:a5:bb:2d:c5:61:
                    d0:a5:c2:dd:20:4d:fc:d2:e2:fe:f5:0d:47:8c:1d:
                    f8:31:8d:6d:50:d2:eb:57:d3:5a:0d:ed:96:ee:91:
                    96:57:85:93:a9:40:4d:62:37:e3:0d:6d:ad:7f:a7:
                    3c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:EF:E1:88:2B:62:5D:69:F6:1E:C1:D9:31:84:C9:76:4C:83:66:05
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/me_hiCtiXWn2HsHZMYTJdkyDZgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:5d:4c:65:db:2c:4d:dc:39:75:a2:f9:1c:c2:ec:f7:40:d4:
         64:98:c3:a7:6f:0b:b2:f7:6a:48:13:77:19:40:71:d6:72:7a:
         e8:a1:c9:b5:d6:df:9b:8e:66:13:4d:00:de:36:ba:16:26:39:
         1b:e7:34:10:76:37:1b:f0:e9:a3:2f:7a:15:e2:9e:07:99:fe:
         4e:cf:a2:b9:6e:4e:87:c0:d3:7d:db:89:21:34:60:33:28:a4:
         1d:7b:08:7a:fb:5c:f8:40:82:7d:17:dd:74:23:93:78:e3:02:
         7e:04:72:26:16:3f:03:61:f1:e6:10:89:58:ab:88:93:a2:ad:
         b7:67:cc:65:f3:4b:3c:15:fe:13:ad:c3:5b:b7:ed:00:17:87:
         b3:6b:cb:24:4b:b5:ad:ba:3d:e6:d0:f7:f9:01:48:3b:c8:57:
         7b:3d:b9:1f:d9:c1:3f:18:57:42:e0:ba:b3:c4:83:92:37:71:
         b3:89:53:b2:51:29:5c:c5:16:19:75:59:81:70:cd:fb:4d:7a:
         35:dc:4a:55:1d:c9:bb:9c:e0:bf:ae:cc:8e:97:7d:7c:5f:f7:
         c7:fb:6d:44:4d:c9:ee:1d:06:eb:e0:f3:35:69:2c:c4:50:e1:
         03:b4:be:7f:17:15:64:50:57:06:ea:9e:d5:de:3a:38:89:b7:
         b4:98:95:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3VJjjwwb9iQtkFVdQMsD2yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMjIzMDg0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWVmZTE4ODJiNjI1ZDY5ZjYxZWMxZDkzMTg0Yzk3NjRjODM2NjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS3nl6OQhGLezsqFZlG2uO68vp6u
TpoUvuih45Ag5StK0dru1WBHDmeV3ej8I7o29EacR7yzsbafTgxGxxoWkTMDQMlo
bOB7VA4HcbT42TUkgLvzVKGT2iHSRvBk7VmezHZi0RgEqzCcXoPllOcmepPfvrbp
yEa/rWOJaw13bLiKndirWytcnFORVKjuXnL/rMo5rcrpFmW3QeUDlc534CHtSnj6
hZ9wYoMjHS4n85BCONS6EkbzbPepTlIgV9TmHsu2jL1Yd4bC3sXmpbstxWHQpcLd
IE380uL+9Q1HjB34MY1tUNLrV9NaDe2W7pGWV4WTqUBNYjfjDW2tf6c8FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnv4YgrYl1p9h7B2TGEyXZMg2YFMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvbWVfaGlDdGlYV24ySHNIWk1ZVEpka3lEWmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4QzMA0G
CSqGSIb3DQEBCwUAA4IBAQCIXUxl2yxN3Dl1ovkcwuz3QNRkmMOnbwuy92pIE3cZ
QHHWcnroocm11t+bjmYTTQDeNroWJjkb5zQQdjcb8OmjL3oV4p4Hmf5Oz6K5bk6H
wNN924khNGAzKKQdewh6+1z4QIJ9F910I5N44wJ+BHImFj8DYfHmEIlYq4iToq23
Z8xl80s8Ff4TrcNbt+0AF4eza8skS7Wtuj3m0Pf5AUg7yFd7Pbkf2cE/GFdC4Lqz
xIOSN3GziVOyUSlcxRYZdVmBcM37TXo13EpVHcm7nOC/rsyOl318X/fH+21ETcnu
HQbr4PM1aSzEUOEDtL5/FxVkUFcG6p7V3jo4ibe0mJVM
-----END CERTIFICATE-----