Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/LzBcFhAlCWTgbcCzDhSLG6bZOVY.roa
File:                     LzBcFhAlCWTgbcCzDhSLG6bZOVY.roa (raw, json)
Hash identifier:          V6UES9bn3orwCliyUlQqG90EWkRSUOBE71Ue+dvv5XI=
Subject key identifier:   2F:30:5C:16:10:25:09:64:E0:6D:C0:B3:0E:14:8B:1B:A6:D9:39:56
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018F53316352D29A5402A3E5089FB0F7F556
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/LzBcFhAlCWTgbcCzDhSLG6bZOVY.roa
Signing time:             Tue 07 May 2024 13:14:56 +0000
ROA not before:           Tue 07 May 2024 13:14:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42846
IP address blocks:        104.247.160.0/24 maxlen: 24
                          104.247.161.0/24 maxlen: 24
                          104.247.162.0/24 maxlen: 24
                          104.247.163.0/24 maxlen: 24
                          104.247.164.0/24 maxlen: 24
                          104.247.165.0/24 maxlen: 24
                          104.247.166.0/24 maxlen: 24
                          104.247.167.0/24 maxlen: 24
                          104.247.168.0/24 maxlen: 24
                          104.247.169.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:31:63:52:d2:9a:54:02:a3:e5:08:9f:b0:f7:f5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: May  7 13:14:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f305c1610250964e06dc0b30e148b1ba6d93956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c8:18:0d:c1:80:6d:f6:c8:6f:c1:4e:f3:2a:
                    75:e4:b4:c2:cf:5d:c8:11:42:68:56:41:f5:7e:0a:
                    29:98:ee:f8:86:f2:7c:9e:6b:99:2b:01:df:af:80:
                    65:03:76:97:6c:3a:4e:f1:25:8a:69:8b:c9:5d:9b:
                    46:a9:83:80:03:fc:a7:18:ab:54:ee:bc:87:af:6f:
                    fc:8b:67:46:2f:50:a7:c4:9e:1f:ef:ae:e8:26:76:
                    ae:9e:4c:2e:67:00:e4:11:8a:d9:4f:90:12:f1:38:
                    6d:e1:24:c2:74:8e:b1:7b:c4:8a:96:c0:dc:99:2f:
                    90:41:d2:5a:de:46:14:6b:65:81:10:4c:db:05:b5:
                    05:4b:b2:8b:95:eb:0e:5b:b2:89:74:f0:0e:c5:05:
                    09:87:8e:a2:f5:33:f7:00:58:1d:6a:12:93:83:2f:
                    15:99:f9:a9:38:94:64:6f:6f:ac:68:84:14:94:5b:
                    6f:bb:f9:69:97:93:7a:76:22:d5:01:26:3b:40:29:
                    bd:3a:5a:75:24:92:c5:c7:98:68:c1:67:10:64:8c:
                    60:82:e8:0c:97:fe:c5:0a:38:f4:3d:9d:c1:7c:b9:
                    db:50:eb:eb:2d:c2:82:60:d5:7e:98:f0:00:bd:8a:
                    ff:9c:95:8a:73:1a:61:b3:29:4e:1e:a8:db:a7:b9:
                    b1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:30:5C:16:10:25:09:64:E0:6D:C0:B3:0E:14:8B:1B:A6:D9:39:56
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/LzBcFhAlCWTgbcCzDhSLG6bZOVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.160.0-104.247.169.255
                  104.247.173.0/24
                  104.247.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:51:9f:22:19:83:75:d9:49:56:45:9b:28:42:e3:7e:1e:74:
         42:17:13:fd:9c:78:83:2a:d0:fa:50:06:5d:e0:ef:6a:68:21:
         26:3d:db:bd:01:2d:4f:6c:82:27:37:f6:98:ff:ef:1e:e3:82:
         5a:63:f8:3c:21:1b:b7:94:7d:7c:39:d7:86:b9:a2:9f:f1:d3:
         71:9e:92:8b:09:90:d9:f6:74:c7:ff:b8:36:c6:cf:6a:0e:26:
         c7:2b:bd:50:5b:1a:dd:91:03:57:f7:2b:0b:58:c8:8d:9c:f8:
         5c:03:bf:67:8e:10:d0:bf:7e:8f:bb:3f:af:c7:cb:65:ea:c1:
         09:95:ae:c3:5e:8e:d4:0e:60:27:39:e0:7a:77:21:b5:45:7c:
         eb:14:15:9d:c1:18:13:c1:9f:3e:53:35:f6:ff:38:1f:c7:d1:
         bb:87:bf:09:5c:f5:99:fc:27:99:df:a0:bf:cd:24:30:93:eb:
         2b:b5:7d:63:da:25:9a:7c:a7:8d:eb:8a:55:fd:b1:02:87:5f:
         07:77:06:31:bb:2e:6d:90:cc:16:14:d1:d2:ac:62:ee:0d:72:
         b5:03:ed:e4:07:07:d5:40:66:75:4b:c5:a6:2e:89:69:53:6e:
         9a:ae:79:73:d2:ff:bb:4e:d8:9b:b3:d4:45:f8:49:a9:d4:06:
         85:c1:ba:6c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY9TMWNS0ppUAqPlCJ+w9/VWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjQwNTA3MTMxNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjMwNWMxNjEwMjUwOTY0ZTA2ZGMwYjMwZTE0OGIxYmE2ZDkzOTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MgYDcGAbfbIb8FO8yp15LTCz13I
EUJoVkH1fgopmO74hvJ8nmuZKwHfr4BlA3aXbDpO8SWKaYvJXZtGqYOAA/ynGKtU
7ryHr2/8i2dGL1CnxJ4f767oJnaunkwuZwDkEYrZT5AS8Tht4STCdI6xe8SKlsDc
mS+QQdJa3kYUa2WBEEzbBbUFS7KLlesOW7KJdPAOxQUJh46i9TP3AFgdahKTgy8V
mfmpOJRkb2+saIQUlFtvu/lpl5N6diLVASY7QCm9Olp1JJLFx5howWcQZIxggugM
l/7FCjj0PZ3BfLnbUOvrLcKCYNV+mPAAvYr/nJWKcxphsylOHqjbp7mxbQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFC8wXBYQJQlk4G3Asw4Uixum2TlWMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvTHpCY0ZoQWxDV1RnYmNDekRoU0xHNmJaT1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAVo96AD
BAFo96gDBABo960DBABo97MwDQYJKoZIhvcNAQELBQADggEBACBRnyIZg3XZSVZF
myhC434edEIXE/2ceIMq0PpQBl3g72poISY9270BLU9sgic39pj/7x7jglpj+Dwh
G7eUfXw514a5op/x03GekosJkNn2dMf/uDbGz2oOJscrvVBbGt2RA1f3KwtYyI2c
+FwDv2eOENC/fo+7P6/Hy2XqwQmVrsNejtQOYCc54Hp3IbVFfOsUFZ3BGBPBnz5T
Nfb/OB/H0buHvwlc9Zn8J5nfoL/NJDCT6yu1fWPaJZp8p43rilX9sQKHXwd3BjG7
Lm2QzBYU0dKsYu4NcrUD7eQHB9VAZnVLxaYuiWlTbpqueXPS/7tO2Juz1EX4SanU
BoXBumw=
-----END CERTIFICATE-----
Generated at Sun Jun 16 02:47:31 2024 by rpki-client on console-fra.rpki-client.org