Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/lmLPjrfNDPS9XohB9eEXKDTvTVw.roa
File:                     lmLPjrfNDPS9XohB9eEXKDTvTVw.roa (raw, json)
Hash identifier:          YUDeNZCjz7C+nv1yj/KNPiCOaWxteb6jP1PE6tH/qfc=
Subject key identifier:   96:62:CF:8E:B7:CD:0C:F4:BD:5E:88:41:F5:E1:17:28:34:EF:4D:5C
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       019425221F073173550AD6F7CD5A555D5562
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/lmLPjrfNDPS9XohB9eEXKDTvTVw.roa
Signing time:             Thu 02 Jan 2025 03:49:40 +0000
ROA not before:           Thu 02 Jan 2025 03:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214766
IP address blocks:        141.98.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:1f:07:31:73:55:0a:d6:f7:cd:5a:55:5d:55:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jan  2 03:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9662cf8eb7cd0cf4bd5e8841f5e1172834ef4d5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:57:83:ed:52:7a:a1:d1:e2:96:2a:cb:65:56:
                    57:ee:e0:c3:eb:01:ba:f1:86:a2:79:9e:56:83:4d:
                    b0:7b:2d:12:1d:77:be:87:ce:85:b8:02:9f:99:91:
                    4b:d3:4a:35:46:62:a2:b9:3c:87:48:66:59:c7:da:
                    2f:2b:e0:ed:b1:cd:48:9d:57:87:77:a5:03:c0:a7:
                    c7:45:31:ad:6a:a4:2e:28:b5:0e:71:e4:1d:f4:c8:
                    8c:3a:79:86:1a:bf:2d:e7:47:49:41:95:f6:a9:63:
                    f0:3d:e9:44:60:f3:12:46:aa:14:a0:e0:40:70:0b:
                    e7:3e:01:18:68:19:12:32:60:55:4b:c3:d5:71:49:
                    1f:2e:45:2a:48:6a:1b:e4:bb:fb:5b:98:8f:b9:49:
                    db:6d:66:fe:b3:51:13:35:e4:25:c0:c4:3d:a5:83:
                    d5:13:6c:50:b5:af:e9:1c:3c:ea:3b:92:5c:4e:a9:
                    a9:25:7a:42:5d:8c:37:b9:7e:97:40:90:22:26:82:
                    2a:1c:ad:59:4c:34:65:0d:4f:63:88:58:ee:b1:52:
                    87:9f:92:74:66:79:54:2f:4d:c5:e8:8b:22:1f:79:
                    84:e7:f1:f4:22:00:67:7f:15:04:da:81:3b:24:39:
                    83:27:03:15:4d:de:9a:ba:53:be:70:1a:04:8d:3f:
                    45:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:62:CF:8E:B7:CD:0C:F4:BD:5E:88:41:F5:E1:17:28:34:EF:4D:5C
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/lmLPjrfNDPS9XohB9eEXKDTvTVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:cb:da:04:1b:30:d2:b9:40:ad:54:b5:ed:c4:0b:75:74:9e:
         eb:76:1b:e0:77:5d:09:51:8b:25:f3:58:29:71:41:f1:8c:ff:
         1a:6d:b3:83:96:11:98:86:c8:98:1f:c0:6b:8f:c5:2c:f1:25:
         03:2c:b0:8e:38:51:c4:fc:fb:fb:ab:79:2c:4c:d3:6a:30:dd:
         42:40:af:88:51:40:cc:50:39:19:67:ee:34:1a:17:11:c5:f2:
         84:80:2f:4e:74:1f:2e:ab:39:44:c5:7b:90:5f:16:8c:22:54:
         1b:27:e7:a8:78:3a:a2:67:55:c6:ea:e7:58:db:ae:05:4c:91:
         d4:e3:f8:87:e5:73:df:c9:52:68:09:4b:b0:3c:08:7d:bd:b6:
         30:d9:68:2a:1a:2b:f4:3e:25:fb:c5:c0:54:fe:a5:f0:01:e8:
         ec:98:67:45:d5:72:1a:2b:62:3b:e4:2c:39:fd:fb:f0:04:03:
         53:7b:66:fa:47:01:cf:46:f5:43:85:3f:c0:5d:ab:9f:6d:53:
         6e:d4:f5:61:1c:69:e6:2f:f5:a9:b9:77:42:7a:4f:7c:a0:75:
         6b:4d:29:c9:f4:eb:ed:a2:d0:16:f7:35:95:93:d6:00:3f:d4:
         6d:2b:4d:3f:23:c9:5f:73:17:1a:00:34:51:fb:97:0c:21:ac:
         a0:4d:f8:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIh8HMXNVCtb3zVpVXVViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjUwMTAyMDM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjYyY2Y4ZWI3Y2QwY2Y0YmQ1ZTg4NDFmNWUxMTcyODM0ZWY0ZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFeD7VJ6odHilirLZVZX7uDD6wG6
8YaieZ5Wg02wey0SHXe+h86FuAKfmZFL00o1RmKiuTyHSGZZx9ovK+Dtsc1InVeH
d6UDwKfHRTGtaqQuKLUOceQd9MiMOnmGGr8t50dJQZX2qWPwPelEYPMSRqoUoOBA
cAvnPgEYaBkSMmBVS8PVcUkfLkUqSGob5Lv7W5iPuUnbbWb+s1ETNeQlwMQ9pYPV
E2xQta/pHDzqO5JcTqmpJXpCXYw3uX6XQJAiJoIqHK1ZTDRlDU9jiFjusVKHn5J0
ZnlUL03F6IsiH3mE5/H0IgBnfxUE2oE7JDmDJwMVTd6aulO+cBoEjT9FvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZiz463zQz0vV6IQfXhFyg0701cMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvbG1MUGpyZk5EUFM5WG9oQjllRVhLRFR2VFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKJMA0G
CSqGSIb3DQEBCwUAA4IBAQB4y9oEGzDSuUCtVLXtxAt1dJ7rdhvgd10JUYsl81gp
cUHxjP8abbODlhGYhsiYH8Brj8Us8SUDLLCOOFHE/Pv7q3ksTNNqMN1CQK+IUUDM
UDkZZ+40GhcRxfKEgC9OdB8uqzlExXuQXxaMIlQbJ+eoeDqiZ1XG6udY264FTJHU
4/iH5XPfyVJoCUuwPAh9vbYw2WgqGiv0PiX7xcBU/qXwAejsmGdF1XIaK2I75Cw5
/fvwBANTe2b6RwHPRvVDhT/AXaufbVNu1PVhHGnmL/WpuXdCek98oHVrTSnJ9Ovt
otAW9zWVk9YAP9RtK00/I8lfcxcaADRR+5cMIaygTfg8
-----END CERTIFICATE-----