Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/MeJ4UXxcQeItxJ6ME72FxSluHw8.roa
File:                     MeJ4UXxcQeItxJ6ME72FxSluHw8.roa (raw, json)
Hash identifier:          fu/zTerPVrXaF2lc5Lycn6MeCbUF3ZFeQorxrC+Et/M=
Subject key identifier:   31:E2:78:51:7C:5C:41:E2:2D:C4:9E:8C:13:BD:85:C5:29:6E:1F:0F
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       01925CA3C2000D1125B3DC9DF0008FA7C823
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/MeJ4UXxcQeItxJ6ME72FxSluHw8.roa
Signing time:             Sat 05 Oct 2024 12:24:48 +0000
ROA not before:           Sat 05 Oct 2024 12:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        45.149.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5c:a3:c2:00:0d:11:25:b3:dc:9d:f0:00:8f:a7:c8:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Oct  5 12:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31e278517c5c41e22dc49e8c13bd85c5296e1f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:cb:70:64:cd:38:b9:50:46:80:d0:0c:37:b4:
                    e2:01:0d:a4:73:07:ec:c7:16:14:df:6a:62:2f:b8:
                    99:9c:4d:a7:f1:cb:1b:9b:7e:e3:dc:dd:e7:c4:ad:
                    ee:25:aa:da:b5:0b:64:20:75:c7:e7:85:9a:22:b6:
                    cf:15:08:18:6f:c5:cd:59:1b:ad:92:dc:da:09:c4:
                    89:15:03:1e:2a:8f:7d:7f:8c:2d:90:45:13:99:99:
                    9f:1e:36:d5:08:f0:57:9c:46:14:55:78:01:ff:fb:
                    f7:6d:2d:a4:fb:38:23:96:a4:25:49:12:07:41:2e:
                    03:2f:e5:a6:08:3b:97:81:d4:ed:29:52:c6:a5:4a:
                    26:0e:d6:ed:b2:e9:51:3f:30:2e:2f:03:25:7b:02:
                    ac:c9:73:2c:d8:9a:ed:1b:ee:98:1c:7f:20:7a:bc:
                    6d:07:6e:bb:42:21:f9:13:d8:f8:1a:0b:63:65:89:
                    7f:94:7b:f1:93:13:75:15:17:75:95:0c:9b:a8:1c:
                    cc:a8:ec:ed:28:43:9e:7b:d5:55:72:7e:63:d7:54:
                    16:79:bd:1c:c5:62:48:84:5a:8b:3c:67:e2:13:58:
                    77:23:a7:d1:bc:d9:58:60:9f:01:eb:b2:5a:ff:67:
                    32:f7:af:d8:05:dd:aa:e9:5d:0e:a2:e1:64:86:c7:
                    96:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E2:78:51:7C:5C:41:E2:2D:C4:9E:8C:13:BD:85:C5:29:6E:1F:0F
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/MeJ4UXxcQeItxJ6ME72FxSluHw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:68:e3:a5:ee:2f:af:e6:fb:be:4f:36:c9:d9:3d:5f:93:96:
         61:25:35:bb:9f:f4:51:94:d0:b6:c6:aa:fa:34:5d:14:0c:d0:
         90:ab:0d:ce:a6:3d:1c:88:9c:a1:b6:1c:2a:6d:32:44:0f:ee:
         25:46:7c:36:89:0a:d7:78:ea:5f:5f:5f:64:63:bc:11:9c:7d:
         7d:19:25:ec:03:c1:52:51:97:a9:cb:6c:0a:8e:d4:05:a7:1b:
         13:aa:6b:16:62:0b:ae:5d:16:6c:48:b6:e5:b1:5b:fb:e8:80:
         76:a9:c0:b7:bb:7d:2c:9f:83:39:ad:80:bb:51:90:b5:46:af:
         86:71:21:b9:6d:e7:fb:5d:0d:0b:93:d2:42:14:66:bb:d4:e1:
         69:1c:f1:6f:d9:d4:e6:bb:fa:16:8a:79:7e:45:c8:58:9c:b1:
         f4:f4:fa:8b:30:7f:4d:a8:39:34:e6:37:ad:a8:c0:c0:79:10:
         2f:24:e6:ac:86:e3:3f:e6:98:4c:cb:b7:c9:ce:d2:cd:f4:67:
         d9:2c:50:d0:e0:c7:5c:a7:90:d2:76:05:ab:4f:ee:00:ed:8d:
         c9:82:f8:d2:14:c6:c7:69:c6:09:e5:b7:e4:9a:76:2f:6f:56:
         e4:b4:b3:12:a6:58:68:a9:f7:03:61:e6:ed:e4:08:2e:5c:35:
         ec:b5:d9:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJco8IADREls9yd8ACPp8gjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjQxMDA1MTIyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWUyNzg1MTdjNWM0MWUyMmRjNDllOGMxM2JkODVjNTI5NmUxZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ctwZM04uVBGgNAMN7TiAQ2kcwfs
xxYU32piL7iZnE2n8csbm37j3N3nxK3uJaratQtkIHXH54WaIrbPFQgYb8XNWRut
ktzaCcSJFQMeKo99f4wtkEUTmZmfHjbVCPBXnEYUVXgB//v3bS2k+zgjlqQlSRIH
QS4DL+WmCDuXgdTtKVLGpUomDtbtsulRPzAuLwMlewKsyXMs2JrtG+6YHH8gerxt
B267QiH5E9j4GgtjZYl/lHvxkxN1FRd1lQybqBzMqOztKEOee9VVcn5j11QWeb0c
xWJIhFqLPGfiE1h3I6fRvNlYYJ8B67Ja/2cy96/YBd2q6V0OouFkhseWwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHieFF8XEHiLcSejBO9hcUpbh8PMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvTWVKNFVYeGNRZUl0eEo2TUU3MkZ4U2x1SHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUHMA0G
CSqGSIb3DQEBCwUAA4IBAQBDaOOl7i+v5vu+TzbJ2T1fk5ZhJTW7n/RRlNC2xqr6
NF0UDNCQqw3Opj0ciJyhthwqbTJED+4lRnw2iQrXeOpfX19kY7wRnH19GSXsA8FS
UZepy2wKjtQFpxsTqmsWYguuXRZsSLblsVv76IB2qcC3u30sn4M5rYC7UZC1Rq+G
cSG5bef7XQ0Lk9JCFGa71OFpHPFv2dTmu/oWinl+RchYnLH09PqLMH9NqDk05jet
qMDAeRAvJOashuM/5phMy7fJztLN9GfZLFDQ4Mdcp5DSdgWrT+4A7Y3JgvjSFMbH
acYJ5bfkmnYvb1bktLMSplhoqfcDYebt5AguXDXstdk2
-----END CERTIFICATE-----