Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lpm-pmabsALdeoLxmYLsxWOqlqY.roa
File:                     lpm-pmabsALdeoLxmYLsxWOqlqY.roa (raw, json)
Hash identifier:          VdUBg8aU6KQD5UqkbG0E/q+NDD5HmX+1uGKWUC6iYAY=
Subject key identifier:   96:99:BE:A6:66:9B:B0:02:DD:7A:82:F1:99:82:EC:C5:63:AA:96:A6
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0197ABB8C691924180EE701DAC4245190612
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lpm-pmabsALdeoLxmYLsxWOqlqY.roa
Signing time:             Thu 26 Jun 2025 10:11:42 +0000
ROA not before:           Thu 26 Jun 2025 10:11:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a11:15c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:b8:c6:91:92:41:80:ee:70:1d:ac:42:45:19:06:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jun 26 10:11:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9699bea6669bb002dd7a82f19982ecc563aa96a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:dd:de:5e:80:ff:3a:50:67:9c:49:f4:5a:44:
                    58:45:f1:ee:e0:5c:23:17:7a:21:2c:25:84:52:eb:
                    ba:b4:cc:9a:74:8d:9f:b6:37:f8:a4:fe:a1:f4:4d:
                    a8:4c:a1:e8:91:0b:b5:be:38:d2:0b:10:0b:77:36:
                    55:c6:02:fd:12:ac:4c:82:07:f4:13:b4:65:06:5c:
                    73:a6:2e:36:4d:f6:6f:da:2a:24:d6:0e:af:00:01:
                    bb:87:f4:9e:4d:1d:43:d0:8b:11:f6:52:12:1c:8c:
                    7c:31:36:54:9e:28:6a:08:b0:f5:e8:56:17:3d:c5:
                    7a:c5:65:16:46:e1:5c:e4:6d:b3:d3:a5:1f:90:77:
                    fd:3b:b1:1e:bc:9d:c8:c3:ef:18:71:77:18:d7:d9:
                    d1:4b:49:85:cd:ef:4c:25:af:36:fc:a5:5c:b4:3b:
                    47:8d:1d:0a:27:d9:e3:10:ce:46:e2:4f:4e:e2:2d:
                    e3:a7:72:a8:ea:6d:b3:72:0d:fc:1c:26:25:6c:bd:
                    c8:64:03:74:88:36:77:15:d5:f7:ba:d6:ee:b9:1b:
                    07:fc:e0:6a:1e:5b:8d:d9:c3:df:70:cc:3e:02:28:
                    51:5c:e1:0a:f2:ee:fc:bc:8d:56:d5:0f:a6:e5:86:
                    ed:ea:0a:ca:8e:79:bb:44:e5:f4:88:5d:19:6b:9d:
                    23:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:99:BE:A6:66:9B:B0:02:DD:7A:82:F1:99:82:EC:C5:63:AA:96:A6
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lpm-pmabsALdeoLxmYLsxWOqlqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:15c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:b9:76:ce:f1:67:7c:5a:e8:f0:80:d8:71:3d:1d:4d:fe:99:
         33:e5:a4:76:b0:44:72:3d:a1:6d:0a:42:18:68:14:2d:09:b8:
         4f:7a:dd:f3:9c:c3:9f:9d:2b:9e:6c:30:7c:07:04:58:2b:da:
         27:de:ef:f2:05:d3:b1:e4:83:15:8a:f7:27:19:6d:26:2d:d0:
         9e:b9:08:19:28:12:1a:dc:ff:e7:f4:7f:9a:11:26:d0:4e:ca:
         ca:78:e3:21:7e:94:c5:b4:da:08:d8:bb:33:79:bd:ab:1b:e3:
         e2:93:f3:ee:d3:ad:23:47:fd:b1:8a:af:39:3f:73:91:0f:38:
         fd:20:5e:96:a5:28:97:5d:b5:1c:7a:d9:e7:ad:d7:bc:15:e1:
         ed:18:e1:c5:51:b1:dd:26:c1:a4:63:dc:6a:22:74:3b:9e:7a:
         b3:cc:ad:62:5a:f3:ac:1d:67:65:cf:6d:f8:61:31:63:eb:68:
         75:f2:96:93:fa:0b:dc:49:04:8b:42:00:71:85:25:2f:2d:20:
         b8:f8:33:9a:46:be:b7:a4:e7:94:a2:76:4a:b3:3e:e4:d3:5f:
         a1:9f:93:36:fe:71:b2:9e:a9:9a:ff:fb:df:89:d4:ff:38:4e:
         97:6b:83:a0:b0:4b:ab:62:13:cb:9f:c1:5e:8d:89:84:97:e4:
         21:79:01:c3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZeruMaRkkGA7nAdrEJFGQYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNjI2MTAxMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njk5YmVhNjY2OWJiMDAyZGQ3YTgyZjE5OTgyZWNjNTYzYWE5NmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyt3eXoD/OlBnnEn0WkRYRfHu4Fwj
F3ohLCWEUuu6tMyadI2ftjf4pP6h9E2oTKHokQu1vjjSCxALdzZVxgL9EqxMggf0
E7RlBlxzpi42TfZv2iok1g6vAAG7h/SeTR1D0IsR9lISHIx8MTZUnihqCLD16FYX
PcV6xWUWRuFc5G2z06UfkHf9O7EevJ3Iw+8YcXcY19nRS0mFze9MJa82/KVctDtH
jR0KJ9njEM5G4k9O4i3jp3Ko6m2zcg38HCYlbL3IZAN0iDZ3FdX3utbuuRsH/OBq
HluN2cPfcMw+AihRXOEK8u78vI1W1Q+m5Ybt6grKjnm7ROX0iF0Za50jBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJaZvqZmm7AC3XqC8ZmC7MVjqpamMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbHBtLXBtYWJzQUxkZW9MeG1ZTHN4V09xbHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEVxDAN
BgkqhkiG9w0BAQsFAAOCAQEAJrl2zvFnfFro8IDYcT0dTf6ZM+WkdrBEcj2hbQpC
GGgULQm4T3rd85zDn50rnmwwfAcEWCvaJ97v8gXTseSDFYr3JxltJi3QnrkIGSgS
Gtz/5/R/mhEm0E7KynjjIX6UxbTaCNi7M3m9qxvj4pPz7tOtI0f9sYqvOT9zkQ84
/SBelqUol121HHrZ563XvBXh7RjhxVGx3SbBpGPcaiJ0O556s8ytYlrzrB1nZc9t
+GExY+todfKWk/oL3EkEi0IAcYUlLy0guPgzmka+t6TnlKJ2SrM+5NNfoZ+TNv5x
sp6pmv/734nU/zhOl2uDoLBLq2ITy5/BXo2JhJfkIXkBww==
-----END CERTIFICATE-----