Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lg-L2LfKZnRO4vxOOfmb6x_uWOg.roa
File:                     lg-L2LfKZnRO4vxOOfmb6x_uWOg.roa (raw, json)
Hash identifier:          pWUTkxzdqDlPDXAcH7PubKv+L6YJk1tj/KIn+m1G6fo=
Subject key identifier:   96:0F:8B:D8:B7:CA:66:74:4E:E2:FC:4E:39:F9:9B:EB:1F:EE:58:E8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824C1120B0AB282BB18E2623FD0AC11
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lg-L2LfKZnRO4vxOOfmb6x_uWOg.roa
Signing time:             Thu 02 Jan 2025 17:51:24 +0000
ROA not before:           Thu 02 Jan 2025 17:51:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213725
IP address blocks:        87.121.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:c1:12:0b:0a:b2:82:bb:18:e2:62:3f:d0:ac:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=960f8bd8b7ca66744ee2fc4e39f99beb1fee58e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c8:a1:3e:c2:ba:ce:a0:2f:26:de:e3:fd:83:
                    8a:6c:01:92:5f:aa:50:c0:45:ba:2e:06:26:d7:a7:
                    b7:d4:3b:af:b9:14:91:1c:51:d9:93:dc:93:e4:3c:
                    bc:94:75:f3:2c:f2:16:bf:db:dc:e2:ab:cf:c6:ae:
                    2a:7e:38:eb:57:18:13:c8:2e:af:ac:8b:5c:8f:4d:
                    42:eb:e3:be:74:c4:d7:de:b8:79:7a:03:44:23:66:
                    42:8c:8b:9f:2c:e6:0e:3e:72:75:4d:36:9b:be:1a:
                    7f:30:7b:f4:60:76:89:12:c1:16:41:b5:a2:ed:fc:
                    02:93:3f:f5:d6:64:f3:09:9c:3a:21:09:a3:d1:99:
                    e0:b2:0b:bb:84:78:f1:5d:77:16:b9:f6:4b:12:9d:
                    9e:ba:1c:69:a4:70:7d:d7:88:64:e4:63:66:99:9f:
                    88:48:df:0c:e1:72:f3:fb:94:a0:0e:6e:24:64:ff:
                    9c:9c:1c:f3:e2:cd:b3:62:95:66:7f:81:82:d6:32:
                    7e:09:db:e2:50:e3:0d:a2:db:65:f7:2a:46:a5:1a:
                    8b:3e:97:4b:32:f7:57:06:d3:e4:fe:f1:fa:53:f3:
                    62:60:cc:c7:90:ef:83:5b:cc:0e:fd:e6:8f:09:fd:
                    d3:14:73:76:50:92:ce:f5:00:19:93:b6:e0:4f:ed:
                    44:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:0F:8B:D8:B7:CA:66:74:4E:E2:FC:4E:39:F9:9B:EB:1F:EE:58:E8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lg-L2LfKZnRO4vxOOfmb6x_uWOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:2a:79:dc:09:37:c5:c8:6c:70:3d:73:ee:3e:7a:b9:50:f4:
         af:cb:62:db:df:2f:cc:5c:fd:29:b1:65:27:dc:04:2a:dd:15:
         44:2e:c4:40:1a:5b:24:30:04:ee:8e:9f:8e:00:eb:3a:e7:fa:
         c0:15:3e:84:a0:a0:c3:87:0d:36:35:5c:e7:50:f7:01:a3:5e:
         b1:79:f3:ae:34:cb:3c:1e:58:bf:60:35:1a:8d:d3:b5:1d:1a:
         72:c1:0a:a7:66:c6:9d:ec:b6:ea:dc:5d:eb:19:a1:0a:0d:73:
         91:36:92:20:a9:7c:a6:89:91:9b:d5:25:6a:88:e9:e7:ff:35:
         7f:8f:81:fb:b1:98:95:31:2c:cc:36:c1:af:c7:46:64:a5:b6:
         a1:21:1b:c4:81:a4:c3:07:63:af:46:2c:98:a0:40:6c:83:07:
         fb:ac:fd:83:71:95:56:0c:ba:7b:bd:e9:a7:91:21:21:7f:ba:
         a2:6b:35:c4:f0:ae:18:77:6a:16:1c:7c:b9:85:91:3f:ae:69:
         21:a2:87:1c:c7:2e:02:60:b5:1d:8e:14:19:0a:99:f7:03:7e:
         f3:8a:bb:5f:aa:63:e3:c3:7e:d3:63:51:a4:5e:e8:84:97:4a:
         d6:d4:23:e1:e1:6f:5a:d3:03:4e:ec:64:13:95:25:0e:1e:0b:
         fb:5f:b4:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJMESCwqygrsY4mI/0KwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBmOGJkOGI3Y2E2Njc0NGVlMmZjNGUzOWY5OWJlYjFmZWU1OGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcihPsK6zqAvJt7j/YOKbAGSX6pQ
wEW6LgYm16e31DuvuRSRHFHZk9yT5Dy8lHXzLPIWv9vc4qvPxq4qfjjrVxgTyC6v
rItcj01C6+O+dMTX3rh5egNEI2ZCjIufLOYOPnJ1TTabvhp/MHv0YHaJEsEWQbWi
7fwCkz/11mTzCZw6IQmj0Zngsgu7hHjxXXcWufZLEp2euhxppHB914hk5GNmmZ+I
SN8M4XLz+5SgDm4kZP+cnBzz4s2zYpVmf4GC1jJ+CdviUOMNottl9ypGpRqLPpdL
MvdXBtPk/vH6U/NiYMzHkO+DW8wO/eaPCf3TFHN2UJLO9QAZk7bgT+1EawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYPi9i3ymZ0TuL8Tjn5m+sf7ljoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbGctTDJMZktablJPNHZ4T09mbWI2eF91V09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3lPMA0G
CSqGSIb3DQEBCwUAA4IBAQCuKnncCTfFyGxwPXPuPnq5UPSvy2Lb3y/MXP0psWUn
3AQq3RVELsRAGlskMATujp+OAOs65/rAFT6EoKDDhw02NVznUPcBo16xefOuNMs8
Hli/YDUajdO1HRpywQqnZsad7Lbq3F3rGaEKDXORNpIgqXymiZGb1SVqiOnn/zV/
j4H7sZiVMSzMNsGvx0ZkpbahIRvEgaTDB2OvRiyYoEBsgwf7rP2DcZVWDLp7vemn
kSEhf7qiazXE8K4Yd2oWHHy5hZE/rmkhooccxy4CYLUdjhQZCpn3A37zirtfqmPj
w37TY1GkXuiEl0rW1CPh4W9a0wNO7GQTlSUOHgv7X7Tn
-----END CERTIFICATE-----