Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LMOnQxMGIOHGBUKFXvJWjLRvR0g.roa
File:                     LMOnQxMGIOHGBUKFXvJWjLRvR0g.roa (raw, json)
Hash identifier:          SjevuFJ811cIDcegAVR32E5sgWsKBSnMq0yrc5LvxAc=
Subject key identifier:   2C:C3:A7:43:13:06:20:E1:C6:05:42:85:5E:F2:56:8C:B4:6F:47:48
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197A2339CA3E7A4D2EC44E3B3FCB3030D64
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LMOnQxMGIOHGBUKFXvJWjLRvR0g.roa
Signing time:             Tue 24 Jun 2025 13:49:40 +0000
ROA not before:           Tue 24 Jun 2025 13:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23532
IP address blocks:        151.242.152.0/23 maxlen: 24
                          151.243.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 19:11:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a2:33:9c:a3:e7:a4:d2:ec:44:e3:b3:fc:b3:03:0d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 24 13:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cc3a743130620e1c60542855ef2568cb46f4748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ef:02:a1:5f:52:39:97:44:e5:13:12:72:50:
                    41:d7:99:56:1a:cf:54:ab:50:9a:19:5b:50:6f:09:
                    b8:9c:49:ab:ea:1f:48:ea:2c:e1:bd:39:df:81:99:
                    b4:fb:db:fc:16:da:8c:0e:3e:9a:e2:0e:64:9c:7b:
                    30:fb:b6:3f:cf:22:e7:2c:32:c9:41:25:96:e1:94:
                    84:72:f3:f7:22:cd:c3:85:27:64:72:c7:d8:6e:5c:
                    8c:5c:ae:28:75:6a:1c:6d:db:cc:b4:67:e5:4a:ae:
                    73:34:ab:b8:e2:93:d0:0b:67:4c:99:ce:22:d4:21:
                    4b:15:4c:94:b9:c2:6d:fb:17:f6:8b:dc:2c:8b:92:
                    a1:af:ca:42:8e:4e:d6:77:d2:51:d3:6d:79:87:11:
                    68:42:e1:da:a3:33:ec:b8:02:b4:dd:33:db:9a:3c:
                    7e:95:0f:73:33:2b:59:d5:f9:31:6c:8c:a0:d2:16:
                    71:ed:41:63:e9:4a:c0:9d:99:7d:e4:af:a8:8d:de:
                    42:50:fe:01:ed:78:31:6d:b6:3d:3d:09:20:bd:a4:
                    7e:f2:26:81:01:31:26:4b:8f:75:62:c9:91:41:9e:
                    01:97:20:83:a4:a6:c3:88:a4:21:f3:c2:14:24:cb:
                    79:8b:8b:14:81:bb:2e:87:72:20:b8:18:92:0d:f8:
                    f5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C3:A7:43:13:06:20:E1:C6:05:42:85:5E:F2:56:8C:B4:6F:47:48
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LMOnQxMGIOHGBUKFXvJWjLRvR0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.152.0/23
                  151.243.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:9d:4d:6b:e4:e6:db:2b:f3:dd:bc:2e:bb:55:08:bc:ed:cc:
         c8:85:b0:c5:e3:19:38:12:0c:98:10:35:bf:eb:d2:ef:7f:ab:
         d1:57:c5:ec:66:17:0c:4a:85:00:2e:ed:d9:69:f1:f7:54:8e:
         04:2b:44:6d:66:e2:ea:3d:48:ac:b3:69:a5:5e:9c:9f:11:14:
         9d:b5:f7:ff:8f:a7:db:b9:f2:69:00:ac:3b:62:8d:05:87:3a:
         ad:c5:bc:0f:7b:79:2c:87:a3:24:67:65:00:46:fc:53:c6:a4:
         22:ab:fb:a4:a3:6b:fc:40:ab:a5:ce:1b:6d:63:f9:ba:79:89:
         92:7a:c6:26:21:05:db:22:5d:1d:91:08:a0:80:70:96:fa:38:
         5e:3c:eb:93:fa:a0:c7:ed:e5:9c:20:c4:53:0a:5a:d4:e6:20:
         d0:6e:5e:83:4c:36:27:95:31:4a:5f:ac:b2:aa:6b:1a:41:1b:
         5e:02:c3:fc:d2:91:62:d3:02:cb:0c:fa:2c:63:cd:57:e3:f2:
         4b:eb:db:b1:98:9d:74:60:57:af:da:2d:86:5a:2a:8a:ac:da:
         54:be:53:e3:78:13:24:1b:5d:5d:cd:71:86:58:e2:c7:a3:2d:
         91:2a:1d:b3:56:91:29:a0:32:47:6c:00:57:c1:78:ff:74:6d:
         bd:a0:fa:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeiM5yj56TS7ETjs/yzAw1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjI0MTM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2MzYTc0MzEzMDYyMGUxYzYwNTQyODU1ZWYyNTY4Y2I0NmY0NzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+8CoV9SOZdE5RMSclBB15lWGs9U
q1CaGVtQbwm4nEmr6h9I6izhvTnfgZm0+9v8FtqMDj6a4g5knHsw+7Y/zyLnLDLJ
QSWW4ZSEcvP3Is3DhSdkcsfYblyMXK4odWocbdvMtGflSq5zNKu44pPQC2dMmc4i
1CFLFUyUucJt+xf2i9wsi5Khr8pCjk7Wd9JR0215hxFoQuHaozPsuAK03TPbmjx+
lQ9zMytZ1fkxbIyg0hZx7UFj6UrAnZl95K+ojd5CUP4B7XgxbbY9PQkgvaR+8iaB
ATEmS491YsmRQZ4BlyCDpKbDiKQh88IUJMt5i4sUgbsuh3IguBiSDfj1EQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCzDp0MTBiDhxgVChV7yVoy0b0dIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTE1PblF4TUdJT0hHQlVLRlh2SldqTFJ2UjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBl/KYAwQA
l/MxMA0GCSqGSIb3DQEBCwUAA4IBAQBAnU1r5ObbK/PdvC67VQi87czIhbDF4xk4
EgyYEDW/69Lvf6vRV8XsZhcMSoUALu3ZafH3VI4EK0RtZuLqPUiss2mlXpyfERSd
tff/j6fbufJpAKw7Yo0FhzqtxbwPe3ksh6MkZ2UARvxTxqQiq/uko2v8QKulzhtt
Y/m6eYmSesYmIQXbIl0dkQiggHCW+jhePOuT+qDH7eWcIMRTClrU5iDQbl6DTDYn
lTFKX6yyqmsaQRteAsP80pFi0wLLDPosY81X4/JL69uxmJ10YFev2i2GWiqKrNpU
vlPjeBMkG11dzXGGWOLHoy2RKh2zVpEpoDJHbABXwXj/dG29oPoJ
-----END CERTIFICATE-----