Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/mLsh4sGtoHIqeKrfN3jXMMLu4k0.roa
File:                     mLsh4sGtoHIqeKrfN3jXMMLu4k0.roa (raw, json)
Hash identifier:          m/Mvmk/5mQxCIOXX60XJtwJ8Xe1PRKwFBcukoCDP1Ow=
Subject key identifier:   98:BB:21:E2:C1:AD:A0:72:2A:78:AA:DF:37:78:D7:30:C2:EE:E2:4D
Certificate issuer:       /CN=24ba4f52ac1be0755d34bc5483c061bdf293447e
Certificate serial:       01966203FCF8674BB4624E94B27B23FAF9D0
Authority key identifier: 24:BA:4F:52:AC:1B:E0:75:5D:34:BC:54:83:C0:61:BD:F2:93:44:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JLpPUqwb4HVdNLxUg8BhvfKTRH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/mLsh4sGtoHIqeKrfN3jXMMLu4k0.roa
Signing time:             Wed 23 Apr 2025 09:39:10 +0000
ROA not before:           Wed 23 Apr 2025 09:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42415
IP address blocks:        2001:1a11:372::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/JLpPUqwb4HVdNLxUg8BhvfKTRH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/JLpPUqwb4HVdNLxUg8BhvfKTRH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JLpPUqwb4HVdNLxUg8BhvfKTRH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Apr 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:03:fc:f8:67:4b:b4:62:4e:94:b2:7b:23:fa:f9:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24ba4f52ac1be0755d34bc5483c061bdf293447e
        Validity
            Not Before: Apr 23 09:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98bb21e2c1ada0722a78aadf3778d730c2eee24d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:da:6c:4d:28:d1:2b:b5:e7:30:3b:11:63:af:
                    c4:0f:a0:61:d6:8e:12:26:99:76:a5:8d:45:df:68:
                    db:29:62:53:0a:56:be:ee:3b:20:13:e5:19:96:5d:
                    d0:fd:d5:54:f1:99:42:34:51:b9:cd:e2:85:8e:53:
                    b2:af:2f:c3:62:06:75:a1:9a:f4:cf:a2:db:0d:6e:
                    72:ac:96:d0:19:ce:6b:ba:e7:3a:46:5f:0d:ec:20:
                    f0:5e:97:58:29:3f:84:0e:38:1e:39:65:b1:c4:ec:
                    6c:71:45:a6:6d:15:e3:ed:6a:1d:49:13:36:65:d3:
                    0d:42:d2:2f:61:97:14:6a:dc:0b:53:a2:e6:c9:a0:
                    f0:f3:2b:bd:ee:d5:e7:69:7e:0d:0f:85:c8:f3:e5:
                    e2:92:bd:27:14:94:50:0f:28:23:32:50:1a:c2:1e:
                    f2:8f:ac:89:54:da:be:d4:e2:53:a3:24:40:b7:a2:
                    9a:88:d5:8f:4a:4f:98:01:e7:4c:0a:40:71:1c:43:
                    ed:7f:41:51:90:c8:c5:c6:4a:c6:61:6d:68:f9:6e:
                    3c:23:d7:31:59:0e:b8:6e:38:c3:9b:cb:76:b9:2f:
                    7a:3b:84:86:54:da:46:6e:29:0f:d9:3a:7e:ce:c7:
                    50:6c:64:ec:f8:37:33:13:be:00:57:66:5d:b3:6c:
                    04:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:BB:21:E2:C1:AD:A0:72:2A:78:AA:DF:37:78:D7:30:C2:EE:E2:4D
            X509v3 Authority Key Identifier:
                keyid:24:BA:4F:52:AC:1B:E0:75:5D:34:BC:54:83:C0:61:BD:F2:93:44:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JLpPUqwb4HVdNLxUg8BhvfKTRH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/mLsh4sGtoHIqeKrfN3jXMMLu4k0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/JLpPUqwb4HVdNLxUg8BhvfKTRH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a11:372::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:b9:be:48:f5:15:58:2a:80:35:39:0a:06:1e:bb:55:bd:a7:
         d9:68:5a:08:86:44:8a:a7:16:df:85:ba:1b:1b:63:d0:0a:4b:
         1c:44:4e:09:55:2e:89:89:ef:33:90:d0:72:aa:e4:7a:ef:1d:
         bc:f6:37:8e:98:55:cd:06:47:92:9d:15:34:74:3d:a0:03:c3:
         c0:86:94:22:4d:2c:5b:17:8f:bc:77:67:b5:f4:fa:70:87:0e:
         76:d0:2d:24:db:b1:74:60:27:b4:f8:04:ae:1e:0c:92:93:66:
         dd:02:65:2b:8f:9c:8a:dc:8d:c1:56:cb:7e:73:56:27:aa:12:
         38:bc:a0:60:fc:29:81:ff:eb:e3:49:ff:37:15:10:66:82:44:
         ea:13:64:09:cb:45:ce:b7:55:18:13:15:b6:d0:e2:73:36:64:
         19:6d:58:02:0d:49:85:63:d2:73:1d:9f:0e:8c:59:7a:56:ab:
         3b:e5:93:85:0b:dd:1d:e9:09:98:26:cd:b8:8f:fb:07:79:fc:
         3a:ad:7e:af:ab:2d:19:ca:b1:72:a9:d8:35:9b:d8:34:cb:dc:
         bb:0f:4a:39:de:a9:59:97:f7:25:bb:b9:3e:99:57:e5:02:d6:
         ba:6a:c5:9c:24:2e:d9:98:2d:9f:47:fa:1c:84:37:bc:41:24:
         8b:d9:9c:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZiA/z4Z0u0Yk6Usnsj+vnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YmE0ZjUyYWMxYmUwNzU1ZDM0YmM1NDgzYzA2MWJkZjI5
MzQ0N2UwHhcNMjUwNDIzMDkzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGJiMjFlMmMxYWRhMDcyMmE3OGFhZGYzNzc4ZDczMGMyZWVlMjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNpsTSjRK7XnMDsRY6/ED6Bh1o4S
Jpl2pY1F32jbKWJTCla+7jsgE+UZll3Q/dVU8ZlCNFG5zeKFjlOyry/DYgZ1oZr0
z6LbDW5yrJbQGc5ruuc6Rl8N7CDwXpdYKT+EDjgeOWWxxOxscUWmbRXj7WodSRM2
ZdMNQtIvYZcUatwLU6LmyaDw8yu97tXnaX4ND4XI8+Xikr0nFJRQDygjMlAawh7y
j6yJVNq+1OJToyRAt6KaiNWPSk+YAedMCkBxHEPtf0FRkMjFxkrGYW1o+W48I9cx
WQ64bjjDm8t2uS96O4SGVNpGbikP2Tp+zsdQbGTs+DczE74AV2Zds2wEiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJi7IeLBraByKniq3zd41zDC7uJNMB8GA1UdIwQY
MBaAFCS6T1KsG+B1XTS8VIPAYb3yk0R+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkxwUFVxd2I0SFZkTkx4VWc4Qmh2ZktUUkg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zOTc1NDYtZGM3Yi00NjYwLThhNTEt
YmY1OWZjMWNiMjZkLzEvbUxzaDRzR3RvSElxZUtyZk4zalhNTUx1NGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zOTc1NDYtZGM3Yi00NjYwLThhNTEtYmY1OWZjMWNiMjZk
LzEvSkxwUFVxd2I0SFZkTkx4VWc4Qmh2ZktUUkg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaEQNy
MA0GCSqGSIb3DQEBCwUAA4IBAQAtub5I9RVYKoA1OQoGHrtVvafZaFoIhkSKpxbf
hbobG2PQCkscRE4JVS6Jie8zkNByquR67x289jeOmFXNBkeSnRU0dD2gA8PAhpQi
TSxbF4+8d2e19Ppwhw520C0k27F0YCe0+ASuHgySk2bdAmUrj5yK3I3BVst+c1Yn
qhI4vKBg/CmB/+vjSf83FRBmgkTqE2QJy0XOt1UYExW20OJzNmQZbVgCDUmFY9Jz
HZ8OjFl6Vqs75ZOFC90d6QmYJs24j/sHefw6rX6vqy0ZyrFyqdg1m9g0y9y7D0o5
3qlZl/clu7k+mVflAta6asWcJC7ZmC2fR/ochDe8QSSL2Zwy
-----END CERTIFICATE-----