Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/meqjRoAVgs8VQyNuOGWvDNS6iHE.roa
File:                     meqjRoAVgs8VQyNuOGWvDNS6iHE.roa (raw, json)
Hash identifier:          6HmELG6k1OhdhstVge8R2hTIkxFRjFOkD6a3ooSJZr0=
Subject key identifier:   99:EA:A3:46:80:15:82:CF:15:43:23:6E:38:65:AF:0C:D4:BA:88:71
Certificate issuer:       /CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
Certificate serial:       018CC64B6181E2B5A30F90A01CA668270990
Authority key identifier: C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/meqjRoAVgs8VQyNuOGWvDNS6iHE.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62452
IP address blocks:        194.33.68.0/24 maxlen: 24
                          194.33.70.0/23 maxlen: 23
                          2001:67c:2994::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:61:81:e2:b5:a3:0f:90:a0:1c:a6:68:27:09:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99eaa346801582cf1543236e3865af0cd4ba8871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1d:fa:55:ee:9f:c3:b5:75:94:ee:75:5c:24:
                    a0:d6:e2:ae:aa:ad:13:43:5b:2b:4e:ca:4c:70:f9:
                    e6:12:cd:ba:66:65:7f:af:33:4a:22:40:98:79:e4:
                    25:6d:ba:f7:0d:39:ba:79:84:74:55:5d:09:a0:c6:
                    0e:00:5b:01:2f:06:cd:dc:3c:fe:2f:d4:d2:c9:ef:
                    ef:f0:34:13:6c:de:69:85:d5:cd:fa:99:c3:70:69:
                    24:b5:47:4a:23:6c:c2:4a:ab:5e:22:5a:ae:6d:84:
                    78:bf:88:61:af:0e:63:b5:68:f1:f2:46:16:83:c6:
                    1a:a8:4a:cb:45:26:3f:3f:a1:5e:15:f5:8e:bb:8c:
                    73:5c:d0:cb:cd:6a:1d:46:d5:97:05:c9:1d:48:8d:
                    75:15:5e:f7:31:85:15:f7:1e:66:e2:27:9f:4a:21:
                    98:61:bd:43:78:d9:35:db:57:2d:16:0e:b8:e7:bb:
                    b4:57:1f:61:de:e7:f3:62:ef:92:86:18:2e:9e:6c:
                    3c:55:cd:fd:97:a5:73:8e:08:da:4e:d3:61:78:02:
                    36:75:5f:a0:c7:30:23:b1:2a:d4:8a:c1:0d:46:33:
                    84:46:38:e2:1e:8d:e3:0e:46:0b:1e:39:89:12:6a:
                    17:46:d2:b8:9c:70:80:06:90:70:d6:9a:ac:91:b3:
                    c4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:EA:A3:46:80:15:82:CF:15:43:23:6E:38:65:AF:0C:D4:BA:88:71
            X509v3 Authority Key Identifier:
                keyid:C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/meqjRoAVgs8VQyNuOGWvDNS6iHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.68.0/24
                  194.33.70.0/23
                IPv6:
                  2001:67c:2994::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:6e:df:88:ec:d5:23:25:f7:1e:28:b6:3c:f3:21:46:59:03:
         f4:57:11:72:80:ba:ea:e3:a8:8b:73:24:3c:df:0d:f2:1b:3f:
         3e:7c:c8:d9:a2:e4:32:d4:a7:bc:50:d5:b4:95:3c:af:44:da:
         8a:18:eb:f9:17:7a:5f:33:11:34:77:53:7e:85:24:c2:cb:40:
         b8:93:6f:30:94:5f:7f:a7:62:ad:f5:ce:59:ce:95:5f:55:99:
         89:6f:65:4a:f2:e6:ac:64:f6:5a:62:21:50:7b:e0:d3:6b:0d:
         ac:54:d4:5b:1a:df:02:e2:f0:87:7c:72:7e:37:f9:8a:eb:d5:
         66:14:ef:49:6a:db:37:3c:f9:fc:15:3a:c7:bd:b2:39:dd:41:
         bc:40:68:f1:01:54:18:ae:29:84:e6:d6:25:5b:08:39:1a:6a:
         40:fa:7c:96:3d:62:6c:fc:cb:e3:10:ca:85:17:66:04:cb:a9:
         5c:5b:df:14:f7:b5:9e:a8:5a:88:92:a3:ae:fd:fc:ce:88:00:
         f5:bf:b6:5f:52:14:16:e1:f6:ad:51:32:49:22:c7:cf:37:17:
         92:2b:26:e4:2d:07:04:62:c1:ec:a2:0d:08:13:04:58:90:93:
         03:05:8e:56:5e:00:3f:ea:51:ab:a9:a4:6f:0c:a9:5e:66:c1:
         1c:0e:1c:69
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGS2GB4rWjD5CgHKZoJwmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YTJlNGViOWZkM2NjZDFiYTQ0YTM2MmY3NmY5ODliN2I0
NGQ1ZjIwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWVhYTM0NjgwMTU4MmNmMTU0MzIzNmUzODY1YWYwY2Q0YmE4ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB36Ve6fw7V1lO51XCSg1uKuqq0T
Q1srTspMcPnmEs26ZmV/rzNKIkCYeeQlbbr3DTm6eYR0VV0JoMYOAFsBLwbN3Dz+
L9TSye/v8DQTbN5phdXN+pnDcGkktUdKI2zCSqteIlqubYR4v4hhrw5jtWjx8kYW
g8YaqErLRSY/P6FeFfWOu4xzXNDLzWodRtWXBckdSI11FV73MYUV9x5m4iefSiGY
Yb1DeNk121ctFg6457u0Vx9h3ufzYu+Shhgunmw8Vc39l6VzjgjaTtNheAI2dV+g
xzAjsSrUisENRjOERjjiHo3jDkYLHjmJEmoXRtK4nHCABpBw1pqskbPEGwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJnqo0aAFYLPFUMjbjhlrwzUuohxMB8GA1UdIwQY
MBaAFMei5Ouf08zRukSjYvdvmJt7RNXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMt
ZGU2ZWY3Yzk1NTI2LzEvbWVxalJvQVZnczhWUXlOdU9HV3ZETlM2aUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMtZGU2ZWY3Yzk1NTI2
LzEveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwiFEAwQB
wiFGMA8EAgACMAkDBwAgAQZ8KZQwDQYJKoZIhvcNAQELBQADggEBAHBu34js1SMl
9x4otjzzIUZZA/RXEXKAuurjqItzJDzfDfIbPz58yNmi5DLUp7xQ1bSVPK9E2ooY
6/kXel8zETR3U36FJMLLQLiTbzCUX3+nYq31zlnOlV9VmYlvZUry5qxk9lpiIVB7
4NNrDaxU1Fsa3wLi8Id8cn43+Yrr1WYU70lq2zc8+fwVOse9sjndQbxAaPEBVBiu
KYTm1iVbCDkaakD6fJY9Ymz8y+MQyoUXZgTLqVxb3xT3tZ6oWoiSo679/M6IAPW/
tl9SFBbh9q1RMkkix883F5IrJuQtBwRiweyiDQgTBFiQkwMFjlZeAD/qUauppG8M
qV5mwRwOHGk=
-----END CERTIFICATE-----