Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/me4pSz4a3vFQkHq9BW4jPZiWbC0.roa
File:                     me4pSz4a3vFQkHq9BW4jPZiWbC0.roa (raw, json)
Hash identifier:          A7JhYwrTb3Y9YGkAy1z1/biRvG7tV35ZuNZobzoXA+w=
Subject key identifier:   99:EE:29:4B:3E:1A:DE:F1:50:90:7A:BD:05:6E:23:3D:98:96:6C:2D
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       018CC50092980A32297043F2437CAF3CB49E
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/me4pSz4a3vFQkHq9BW4jPZiWbC0.roa
Signing time:             Mon 01 Jan 2024 12:29:58 +0000
ROA not before:           Mon 01 Jan 2024 12:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209176
IP address blocks:        83.139.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:92:98:0a:32:29:70:43:f2:43:7c:af:3c:b4:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Jan  1 12:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99ee294b3e1adef150907abd056e233d98966c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bd:79:15:e2:eb:e8:89:4e:29:54:a6:df:cd:
                    68:e4:f8:b7:47:90:51:84:92:2d:d4:10:64:72:c7:
                    1e:f9:eb:43:3f:04:71:36:c0:c5:5a:e0:c7:13:ec:
                    8b:c9:e9:a4:a8:da:15:cd:5d:26:b2:3f:f5:95:73:
                    33:c6:87:7b:33:a4:09:17:c6:96:95:05:bf:2f:44:
                    76:6e:3e:db:d7:d0:e6:5e:b5:b4:3a:1f:92:f6:24:
                    6d:7c:92:82:fe:5b:18:ff:31:49:86:f0:bc:94:56:
                    cd:ad:02:a4:39:7d:b0:db:15:a9:79:36:73:95:b3:
                    60:8f:2f:52:bb:2b:fb:83:91:2c:0b:66:67:44:a6:
                    14:9c:c1:69:c2:65:ec:db:2f:b0:45:31:54:a1:7b:
                    01:f7:11:00:94:b9:47:10:ee:e3:f7:bb:6f:27:ed:
                    b0:3b:0a:db:cc:ea:81:c3:53:15:7b:42:d0:79:9b:
                    6d:d5:31:97:1c:89:c2:43:fc:0e:cf:7e:bd:e9:96:
                    bc:5b:f2:cb:10:47:24:84:74:14:8a:51:de:81:74:
                    e6:17:f5:a0:f8:10:47:83:13:f7:2d:3b:cc:de:a8:
                    c1:8d:26:38:5d:ae:7b:df:a0:03:af:a2:df:f2:41:
                    1d:a0:8a:94:68:61:d6:9c:d3:a6:2c:27:b7:7d:4e:
                    eb:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:EE:29:4B:3E:1A:DE:F1:50:90:7A:BD:05:6E:23:3D:98:96:6C:2D
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/me4pSz4a3vFQkHq9BW4jPZiWbC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.139.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:8d:8a:4f:d6:1e:5d:0e:58:89:4b:42:8c:37:3f:63:94:09:
         43:4d:5c:c1:5c:31:a0:1b:70:91:1d:44:9c:3a:f3:23:b9:b9:
         29:61:c7:bc:09:95:03:48:0e:59:30:1f:fa:e4:3b:b3:f2:d0:
         ea:a6:06:63:0c:e8:ed:19:af:65:29:f6:bb:68:19:59:b2:e0:
         45:d4:1c:11:35:ef:69:72:78:48:c7:62:fd:b0:d4:67:82:49:
         b9:31:37:b6:74:6f:8e:b6:02:40:30:61:72:af:c2:de:43:74:
         9a:a2:be:ed:bd:ab:b7:46:5c:7a:f8:9c:21:4b:6d:8f:f0:be:
         53:21:e2:93:d0:33:a6:b3:da:da:f4:6b:26:dd:5d:7c:07:b2:
         8a:05:fc:76:4d:77:4e:ff:54:80:d6:ec:06:4e:1b:36:0d:25:
         3b:b7:25:66:1d:dd:89:2c:fd:45:da:aa:9e:af:d2:85:bd:69:
         91:70:88:eb:93:fa:c5:ea:03:66:db:36:e7:1e:d7:47:cd:b6:
         a4:f4:f9:2b:bf:58:55:eb:f7:a5:36:d9:54:1a:3c:a8:1c:39:
         00:ad:3c:e0:a1:2b:bf:11:8e:3e:82:ae:40:40:ee:fa:78:52:
         44:2f:1c:ae:71:a3:ee:f3:77:60:ca:04:6b:ba:71:38:33:44:
         4b:68:2d:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJKYCjIpcEPyQ3yvPLSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjQwMTAxMTIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWVlMjk0YjNlMWFkZWYxNTA5MDdhYmQwNTZlMjMzZDk4OTY2YzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL15FeLr6IlOKVSm381o5Pi3R5BR
hJIt1BBkcsce+etDPwRxNsDFWuDHE+yLyemkqNoVzV0msj/1lXMzxod7M6QJF8aW
lQW/L0R2bj7b19DmXrW0Oh+S9iRtfJKC/lsY/zFJhvC8lFbNrQKkOX2w2xWpeTZz
lbNgjy9Suyv7g5EsC2ZnRKYUnMFpwmXs2y+wRTFUoXsB9xEAlLlHEO7j97tvJ+2w
OwrbzOqBw1MVe0LQeZtt1TGXHInCQ/wOz3696Za8W/LLEEckhHQUilHegXTmF/Wg
+BBHgxP3LTvM3qjBjSY4Xa5736ADr6Lf8kEdoIqUaGHWnNOmLCe3fU7rzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnuKUs+Gt7xUJB6vQVuIz2YlmwtMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvbWU0cFN6NGEzdkZRa0hxOUJXNGpQWmlXYkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4sDMA0G
CSqGSIb3DQEBCwUAA4IBAQCIjYpP1h5dDliJS0KMNz9jlAlDTVzBXDGgG3CRHUSc
OvMjubkpYce8CZUDSA5ZMB/65Duz8tDqpgZjDOjtGa9lKfa7aBlZsuBF1BwRNe9p
cnhIx2L9sNRngkm5MTe2dG+OtgJAMGFyr8LeQ3Saor7tvau3Rlx6+JwhS22P8L5T
IeKT0DOms9ra9Gsm3V18B7KKBfx2TXdO/1SA1uwGThs2DSU7tyVmHd2JLP1F2qqe
r9KFvWmRcIjrk/rF6gNm2zbnHtdHzbak9Pkrv1hV6/elNtlUGjyoHDkArTzgoSu/
EY4+gq5AQO76eFJELxyucaPu83dgygRrunE4M0RLaC2i
-----END CERTIFICATE-----