Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/OP_LxEh3lwkqqiARAnCPDgbwZFo.roa
File:                     OP_LxEh3lwkqqiARAnCPDgbwZFo.roa (raw, json)
Hash identifier:          s8g9cGnm5CE4zgxAFLfWVnDVE/Wx0l3/tOuxqSeDbUw=
Subject key identifier:   38:FF:CB:C4:48:77:97:09:2A:AA:20:11:02:70:8F:0E:06:F0:64:5A
Certificate issuer:       /CN=0277acd112f1c6c833bec22f8b53cc70d2390876
Certificate serial:       019420D5C072CE662C2FDE5A303B76532373
Authority key identifier: 02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/OP_LxEh3lwkqqiARAnCPDgbwZFo.roa
Signing time:             Wed 01 Jan 2025 07:47:46 +0000
ROA not before:           Wed 01 Jan 2025 07:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399587
IP address blocks:        176.58.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c0:72:ce:66:2c:2f:de:5a:30:3b:76:53:23:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0277acd112f1c6c833bec22f8b53cc70d2390876
        Validity
            Not Before: Jan  1 07:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38ffcbc4487797092aaa201102708f0e06f0645a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:56:d0:fd:69:27:e5:dc:b7:fd:ac:0f:2f:98:
                    26:cf:0b:88:21:f5:28:1b:ca:b6:1d:54:c3:be:b1:
                    d5:5a:a3:86:af:43:d3:c0:cf:d6:5b:52:38:5e:90:
                    63:8a:38:79:96:70:c0:0b:d9:6d:b6:24:f8:6b:c2:
                    b9:51:d4:22:eb:b7:47:a2:05:bc:f0:05:5f:05:fa:
                    af:78:ae:c9:dd:de:93:6b:b9:a0:c9:3c:c3:5b:05:
                    55:b7:df:e6:54:8f:8d:e2:5e:20:02:40:36:65:8b:
                    12:e2:f4:b8:7f:a7:7f:ae:5b:e8:89:63:c8:5a:ac:
                    fa:7a:eb:e2:7f:5a:d8:25:33:5f:da:b0:b2:0d:af:
                    24:a0:9a:1c:74:6e:49:89:c6:3f:e5:44:97:3a:22:
                    a6:7f:a5:2b:ce:a7:e4:6a:e4:aa:2b:72:68:36:b4:
                    cc:76:00:ff:d0:ec:6d:e7:54:3d:af:9b:9e:f1:b6:
                    aa:0f:7f:04:69:31:47:71:f1:b6:44:46:de:5a:2d:
                    cb:36:74:00:fb:1a:a6:04:58:2d:38:17:18:5f:04:
                    6e:c6:c0:9a:6d:6c:89:18:7d:67:8d:76:59:55:81:
                    4c:61:83:85:63:56:38:3c:48:03:d0:43:d6:8b:69:
                    af:7a:c5:2d:ce:89:7e:4f:b8:8f:3f:2e:b3:ac:1a:
                    ed:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:FF:CB:C4:48:77:97:09:2A:AA:20:11:02:70:8F:0E:06:F0:64:5A
            X509v3 Authority Key Identifier:
                keyid:02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/OP_LxEh3lwkqqiARAnCPDgbwZFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f8:0b:00:a2:8a:26:cf:75:bf:9e:ea:aa:55:aa:7e:b8:27:
         d0:6f:bf:47:30:fe:5e:80:08:46:80:7f:f3:06:88:de:7c:96:
         5b:1d:e4:e5:79:8d:d7:4b:eb:f6:b7:f0:e3:9d:4e:7c:6e:f0:
         90:f8:34:23:aa:15:b2:e0:d7:d3:b1:e2:28:b4:db:57:76:3f:
         fd:f8:7e:c2:09:ff:cb:89:1e:3d:a5:68:14:83:ae:bc:a0:c6:
         78:84:b6:52:0b:71:cd:c5:13:3f:7b:19:9b:39:a5:bb:32:5b:
         21:74:5c:14:e6:c0:3a:91:60:f4:6a:48:29:6d:46:4f:9b:72:
         b4:4d:4a:62:3a:64:d4:72:1e:90:15:f9:5f:0f:38:ec:93:74:
         5f:73:ad:bd:c3:f2:e0:1f:56:35:1c:a3:97:23:bb:de:ee:2a:
         ad:f9:2d:b9:5f:2c:db:91:08:0d:85:ea:40:72:3c:09:7c:0c:
         11:15:5e:8f:32:75:fc:b9:06:6f:f4:84:39:20:74:f7:90:98:
         97:23:a0:be:37:77:c0:56:be:98:18:2d:b2:c3:c5:ab:e4:87:
         02:ee:38:99:88:dd:3d:10:85:f7:29:be:b0:cf:ad:f0:0f:15:
         75:bc:e3:7e:f4:fd:00:fe:de:87:2b:bc:d8:d2:57:bc:b7:97:
         f5:27:4c:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1cByzmYsL95aMDt2UyNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNzdhY2QxMTJmMWM2YzgzM2JlYzIyZjhiNTNjYzcwZDIz
OTA4NzYwHhcNMjUwMTAxMDc0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGZmY2JjNDQ4Nzc5NzA5MmFhYTIwMTEwMjcwOGYwZTA2ZjA2NDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1bQ/Wkn5dy3/awPL5gmzwuIIfUo
G8q2HVTDvrHVWqOGr0PTwM/WW1I4XpBjijh5lnDAC9lttiT4a8K5UdQi67dHogW8
8AVfBfqveK7J3d6Ta7mgyTzDWwVVt9/mVI+N4l4gAkA2ZYsS4vS4f6d/rlvoiWPI
Wqz6euvif1rYJTNf2rCyDa8koJocdG5JicY/5USXOiKmf6UrzqfkauSqK3JoNrTM
dgD/0Oxt51Q9r5ue8baqD38EaTFHcfG2REbeWi3LNnQA+xqmBFgtOBcYXwRuxsCa
bWyJGH1njXZZVYFMYYOFY1Y4PEgD0EPWi2mvesUtzol+T7iPPy6zrBrtlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDj/y8RId5cJKqogEQJwjw4G8GRaMB8GA1UdIwQY
MBaAFAJ3rNES8cbIM77CL4tTzHDSOQh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQt
ZDk2NTU5ODc4NzRhLzEvT1BfTHhFaDNsd2txcWlBUkFuQ1BEZ2J3WkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQtZDk2NTU5ODc4NzRh
LzEvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDpIMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ+AsAooomz3W/nuqqVap+uCfQb79HMP5egAhGgH/z
BojefJZbHeTleY3XS+v2t/DjnU58bvCQ+DQjqhWy4NfTseIotNtXdj/9+H7CCf/L
iR49pWgUg668oMZ4hLZSC3HNxRM/exmbOaW7MlshdFwU5sA6kWD0akgpbUZPm3K0
TUpiOmTUch6QFflfDzjsk3Rfc629w/LgH1Y1HKOXI7ve7iqt+S25XyzbkQgNhepA
cjwJfAwRFV6PMnX8uQZv9IQ5IHT3kJiXI6C+N3fAVr6YGC2yw8Wr5IcC7jiZiN09
EIX3Kb6wz63wDxV1vON+9P0A/t6HK7zY0le8t5f1J0wA
-----END CERTIFICATE-----