Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/LMXjBxSACWe23B5KJVgWjys-RW4.roa
File:                     LMXjBxSACWe23B5KJVgWjys-RW4.roa (raw, json)
Hash identifier:          bXK/65j0IbvpFBLJOgM7eXPZPRVnlnzA2N/1RiBf40M=
Subject key identifier:   2C:C5:E3:07:14:80:09:67:B6:DC:1E:4A:25:58:16:8F:2B:3E:45:6E
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0196E7AEBCB75756B5E61ECC18A42E0A14B4
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/LMXjBxSACWe23B5KJVgWjys-RW4.roa
Signing time:             Mon 19 May 2025 08:35:10 +0000
ROA not before:           Mon 19 May 2025 08:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30254
IP address blocks:        109.121.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:ae:bc:b7:57:56:b5:e6:1e:cc:18:a4:2e:0a:14:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 19 08:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cc5e30714800967b6dc1e4a2558168f2b3e456e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:aa:a2:61:53:c2:b4:62:f4:7b:75:b8:0d:b8:
                    7c:35:f6:63:2e:7f:93:1b:30:ef:f9:7d:69:f9:10:
                    f5:71:fa:8b:de:78:c1:29:d8:f4:13:90:fc:c5:65:
                    7d:e2:24:bd:0f:f2:0b:4d:31:c2:8d:97:5f:9c:9b:
                    f1:9d:0e:2e:ac:cc:d0:1f:a0:ac:ec:e2:d6:89:7b:
                    44:92:fe:d8:87:bc:f1:28:9b:62:d9:51:50:78:28:
                    33:15:6c:f8:d2:d0:ba:d0:32:15:81:e8:6b:d2:ad:
                    ad:a3:20:05:97:85:d8:3e:c2:af:ef:c8:51:00:a7:
                    38:e1:76:da:4d:bb:3d:69:e8:30:3e:0d:0e:48:84:
                    c3:2a:39:16:e2:12:ff:f9:07:bb:91:c2:ae:39:92:
                    70:d3:34:3d:80:14:7c:b4:18:7b:b4:e4:e9:db:29:
                    6b:76:70:81:fd:c0:65:4c:07:59:87:0d:3d:6f:ed:
                    7d:f7:eb:ca:3f:d9:d7:7a:58:4c:a3:12:eb:fc:34:
                    b4:7f:6c:05:14:7d:0d:1f:6e:70:81:e4:b2:e9:dd:
                    4b:44:7b:3f:c4:a6:cb:ce:83:de:23:78:2c:62:c5:
                    14:5a:c2:bb:86:ee:b7:f8:0e:2f:39:4d:68:73:89:
                    e3:92:31:9b:13:4e:3c:f3:67:33:e8:17:0f:15:3f:
                    41:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C5:E3:07:14:80:09:67:B6:DC:1E:4A:25:58:16:8F:2B:3E:45:6E
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/LMXjBxSACWe23B5KJVgWjys-RW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:9b:97:ae:69:4c:a8:5a:d1:c2:b5:4e:bb:09:a5:6d:8e:22:
         51:7a:93:23:29:6c:b2:b0:02:8a:16:af:b5:b2:66:99:91:cd:
         19:9f:1f:65:9e:89:43:37:74:ad:45:02:7e:01:d3:32:d1:72:
         1b:45:cc:7e:8b:77:43:18:2d:7a:ab:73:96:ec:92:5f:87:15:
         5c:67:65:57:c9:82:8c:f3:b9:6a:a8:87:06:4b:e6:73:fc:d9:
         49:d2:db:d1:ea:de:f6:56:ae:a4:bf:c9:52:c8:78:73:4f:b9:
         ad:c5:f0:ee:e6:d9:c0:10:85:9b:02:fd:ce:e8:ac:ce:d3:83:
         55:87:ce:05:b5:34:a9:e2:de:ef:bb:d1:85:12:70:5d:e2:cf:
         02:11:06:c5:e7:62:b8:1d:e7:ed:f2:a2:8e:af:52:87:50:72:
         e8:fb:f7:6e:77:22:49:d7:ce:ff:8b:16:19:86:43:3f:f2:14:
         b4:90:ae:7f:1a:81:35:47:4d:e7:58:86:82:91:25:e3:d7:a8:
         29:d0:59:42:06:71:91:31:dd:a0:c4:6b:f3:71:40:5d:bd:a7:
         29:b0:e5:26:1f:16:8f:3b:31:82:8b:f2:df:d5:25:95:b2:1b:
         51:5f:0c:5e:99:5b:b7:54:28:08:cd:11:62:d6:02:4e:e8:7a:
         de:ec:db:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbnrry3V1a15h7MGKQuChS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwNTE5MDgzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2M1ZTMwNzE0ODAwOTY3YjZkYzFlNGEyNTU4MTY4ZjJiM2U0NTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6qiYVPCtGL0e3W4Dbh8NfZjLn+T
GzDv+X1p+RD1cfqL3njBKdj0E5D8xWV94iS9D/ILTTHCjZdfnJvxnQ4urMzQH6Cs
7OLWiXtEkv7Yh7zxKJti2VFQeCgzFWz40tC60DIVgehr0q2toyAFl4XYPsKv78hR
AKc44XbaTbs9aegwPg0OSITDKjkW4hL/+Qe7kcKuOZJw0zQ9gBR8tBh7tOTp2ylr
dnCB/cBlTAdZhw09b+199+vKP9nXelhMoxLr/DS0f2wFFH0NH25wgeSy6d1LRHs/
xKbLzoPeI3gsYsUUWsK7hu63+A4vOU1oc4njkjGbE04882cz6BcPFT9BXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzF4wcUgAlnttweSiVYFo8rPkVuMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvTE1YakJ4U0FDV2UyM0I1S0pWZ1dqeXMtUlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkiMA0G
CSqGSIb3DQEBCwUAA4IBAQBYm5euaUyoWtHCtU67CaVtjiJRepMjKWyysAKKFq+1
smaZkc0Znx9lnolDN3StRQJ+AdMy0XIbRcx+i3dDGC16q3OW7JJfhxVcZ2VXyYKM
87lqqIcGS+Zz/NlJ0tvR6t72Vq6kv8lSyHhzT7mtxfDu5tnAEIWbAv3O6KzO04NV
h84FtTSp4t7vu9GFEnBd4s8CEQbF52K4Heft8qKOr1KHUHLo+/dudyJJ187/ixYZ
hkM/8hS0kK5/GoE1R03nWIaCkSXj16gp0FlCBnGRMd2gxGvzcUBdvacpsOUmHxaP
OzGCi/Lf1SWVshtRXwxemVu3VCgIzRFi1gJO6Hre7NuT
-----END CERTIFICATE-----