Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/LxMCCxu2BtcXLPuA5JNlsx_6-rE.roa
File:                     LxMCCxu2BtcXLPuA5JNlsx_6-rE.roa (raw, json)
Hash identifier:          Fyw881sqFSb/mfF5o+P58ppeqxPOpE/737X7HCWqDxI=
Subject key identifier:   2F:13:02:0B:1B:B6:06:D7:17:2C:FB:80:E4:93:65:B3:1F:FA:FA:B1
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       018CC9BC448ED007E2384EFD7E3683BCBC9F
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/LxMCCxu2BtcXLPuA5JNlsx_6-rE.roa
Signing time:             Tue 02 Jan 2024 10:33:27 +0000
ROA not before:           Tue 02 Jan 2024 10:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204916
IP address blocks:        2a0d:3047::/32 maxlen: 32
                          2a09:7e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:44:8e:d0:07:e2:38:4e:fd:7e:36:83:bc:bc:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Jan  2 10:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f13020b1bb606d7172cfb80e49365b31ffafab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a8:d0:7e:9e:bf:e5:b3:9b:4f:4b:9f:d4:f3:
                    98:8b:f4:ee:d8:c3:60:06:53:2f:87:e2:9e:4b:6d:
                    08:0e:a1:2a:17:57:e6:6d:54:b5:48:16:1b:a3:5e:
                    7e:4e:fb:ef:a1:4d:ea:00:92:9d:74:7b:50:54:11:
                    29:b6:ae:7a:a0:b1:1e:4d:68:65:6e:4b:79:e1:fe:
                    a3:50:3e:7e:5a:6c:b0:32:9a:ea:cf:67:b6:db:ef:
                    ee:5b:4d:10:19:fd:ff:d2:58:80:27:43:0e:8e:e5:
                    c6:11:10:d0:d5:9a:28:0b:34:96:fb:47:56:d2:c3:
                    c1:d5:41:05:b5:e7:de:2f:76:7f:27:0c:36:3c:dc:
                    d2:38:09:a4:df:92:46:40:a5:47:4e:91:9c:52:4d:
                    41:85:0b:f4:2a:4f:cb:1a:c3:5e:73:09:31:a7:d8:
                    c9:91:2d:a9:b8:52:29:0f:5c:4c:41:9d:cd:a4:df:
                    ae:b1:4f:e9:32:fb:1d:23:73:98:76:07:bc:2f:15:
                    81:55:c3:3c:b7:40:08:c7:3f:ab:8c:37:d9:6a:e1:
                    51:21:dd:0d:49:cd:61:17:cc:ef:52:a9:13:82:3b:
                    42:ba:60:f1:46:9b:75:0d:01:cf:64:5a:12:78:40:
                    9e:cb:d9:1a:b9:58:a4:36:bd:8c:44:3f:f6:06:1e:
                    64:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:13:02:0B:1B:B6:06:D7:17:2C:FB:80:E4:93:65:B3:1F:FA:FA:B1
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/LxMCCxu2BtcXLPuA5JNlsx_6-rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7e00::/29
                  2a0d:3047::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:2d:99:bd:bb:1a:4c:1d:2c:6f:df:01:53:b7:ce:60:bd:b6:
         1c:95:d0:c9:bb:31:ee:0a:08:6c:61:f4:df:68:81:09:db:54:
         bf:9c:2c:f1:ff:7a:0b:34:96:5f:7d:70:6e:49:7f:d4:b8:33:
         50:e8:e7:40:5f:ed:40:a7:c2:e6:79:9b:0f:b6:66:c0:a0:38:
         44:53:f5:5b:b0:4b:61:1c:46:77:25:41:11:45:77:94:3b:17:
         2e:f5:48:c7:ec:ed:4a:45:fa:35:1b:fa:59:1d:eb:97:88:05:
         33:07:b7:e9:30:38:51:0f:0a:63:28:3e:6d:64:40:65:56:57:
         33:96:eb:48:e4:21:a3:5e:47:99:9a:ad:99:ed:bb:d4:1d:1f:
         d7:f4:71:e0:82:68:e9:15:92:1d:64:1b:fc:bb:83:32:7e:bd:
         e0:9c:5f:ee:e8:69:a8:6e:96:81:1e:30:75:9f:0d:3b:8b:e0:
         4c:f8:f8:c8:11:b1:4e:c7:dc:e4:9a:fa:fb:27:4f:df:9e:31:
         32:f6:14:06:8f:6a:18:ec:1d:f7:95:b6:d6:de:d8:1f:4b:d2:
         06:a9:19:b1:7b:47:f0:65:6c:0d:89:e7:fc:32:cc:94:7a:c2:
         ea:c7:39:84:8b:8d:5a:46:5d:da:d7:34:f2:d1:65:f7:e8:89:
         8a:b3:51:76
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJvESO0AfiOE79fjaDvLyfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwMTAyMTAzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjEzMDIwYjFiYjYwNmQ3MTcyY2ZiODBlNDkzNjViMzFmZmFmYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKjQfp6/5bObT0uf1POYi/Tu2MNg
BlMvh+KeS20IDqEqF1fmbVS1SBYbo15+TvvvoU3qAJKddHtQVBEptq56oLEeTWhl
bkt54f6jUD5+WmywMprqz2e22+/uW00QGf3/0liAJ0MOjuXGERDQ1ZooCzSW+0dW
0sPB1UEFtefeL3Z/Jww2PNzSOAmk35JGQKVHTpGcUk1BhQv0Kk/LGsNecwkxp9jJ
kS2puFIpD1xMQZ3NpN+usU/pMvsdI3OYdge8LxWBVcM8t0AIxz+rjDfZauFRId0N
Sc1hF8zvUqkTgjtCumDxRpt1DQHPZFoSeECey9kauVikNr2MRD/2Bh5kBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC8TAgsbtgbXFyz7gOSTZbMf+vqxMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvTHhNQ0N4dTJCdGNYTFB1QTVKTmxzeF82LXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgl+AAMF
ACoNMEcwDQYJKoZIhvcNAQELBQADggEBAC8tmb27GkwdLG/fAVO3zmC9thyV0Mm7
Me4KCGxh9N9ogQnbVL+cLPH/egs0ll99cG5Jf9S4M1Do50Bf7UCnwuZ5mw+2ZsCg
OERT9VuwS2EcRnclQRFFd5Q7Fy71SMfs7UpF+jUb+lkd65eIBTMHt+kwOFEPCmMo
Pm1kQGVWVzOW60jkIaNeR5marZntu9QdH9f0ceCCaOkVkh1kG/y7gzJ+veCcX+7o
aahuloEeMHWfDTuL4Ez4+MgRsU7H3OSa+vsnT9+eMTL2FAaPahjsHfeVttbe2B9L
0gapGbF7R/BlbA2J5/wyzJR6wurHOYSLjVpGXdrXNPLRZffoiYqzUXY=
-----END CERTIFICATE-----