Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/LTNH687avS-GxvMdJ-HPx6cwop4.roa
File:                     LTNH687avS-GxvMdJ-HPx6cwop4.roa (raw, json)
Hash identifier:          zxKrezY3Lljpe1LKksT2FsAbzIoVghn3cyjHiR1yO9U=
Subject key identifier:   2D:33:47:EB:CE:DA:BD:2F:86:C6:F3:1D:27:E1:CF:C7:A7:30:A2:9E
Certificate issuer:       /CN=123c3de61011de07101e14dc0727395171cb03ab
Certificate serial:       0196E2C20D7AC632C73E4D7959685EA44AF1
Authority key identifier: 12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/LTNH687avS-GxvMdJ-HPx6cwop4.roa
Signing time:             Sun 18 May 2025 09:38:10 +0000
ROA not before:           Sun 18 May 2025 09:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203459
IP address blocks:        185.122.255.0/24 maxlen: 24
                          185.133.224.0/24 maxlen: 24
                          185.133.225.0/24 maxlen: 24
                          185.133.227.0/24 maxlen: 24
                          2a06:7fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 19:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e2:c2:0d:7a:c6:32:c7:3e:4d:79:59:68:5e:a4:4a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=123c3de61011de07101e14dc0727395171cb03ab
        Validity
            Not Before: May 18 09:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d3347ebcedabd2f86c6f31d27e1cfc7a730a29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d7:f7:65:d0:9a:ec:35:aa:1a:50:2c:d1:96:
                    9d:0e:9a:26:29:84:9a:f9:c4:d6:54:3e:57:bb:c3:
                    47:93:76:68:c1:f4:4b:9a:4c:35:73:3e:1c:fb:9a:
                    5d:ea:a3:59:c6:b4:99:3c:04:5d:88:b4:4d:f0:86:
                    a9:48:d1:0c:6e:0c:95:b5:7a:f9:2a:27:2a:3b:df:
                    9c:ec:83:dd:a9:14:b8:72:be:f4:f5:7e:4f:e2:69:
                    74:5c:b3:57:0a:86:45:ed:30:9d:5c:7b:d9:07:c4:
                    7d:cd:8f:75:a4:1f:bf:6e:88:03:04:77:e4:74:f7:
                    b5:f6:c6:4e:8c:5c:e9:57:4f:9b:e4:3f:38:86:bb:
                    ce:1d:4b:69:d9:c0:ee:4a:66:88:3f:2d:c5:16:8f:
                    63:fc:65:05:41:08:7e:2d:a0:3a:a7:4c:e4:cb:ac:
                    5c:fc:1d:0a:8b:b5:c0:89:7e:79:d4:e2:9e:b4:f9:
                    8e:ea:96:f8:9a:b7:b0:ff:89:ee:48:ed:de:6c:79:
                    cb:2b:f4:33:51:46:c4:5e:93:30:47:b1:0c:13:eb:
                    52:9c:a7:cb:07:3b:7c:30:9c:fb:38:78:43:eb:0e:
                    cc:7f:b6:5f:32:86:fc:a5:66:d7:81:aa:8f:42:4c:
                    c8:37:30:3a:b1:11:2c:56:15:b9:67:8b:c1:1f:47:
                    b0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:33:47:EB:CE:DA:BD:2F:86:C6:F3:1D:27:E1:CF:C7:A7:30:A2:9E
            X509v3 Authority Key Identifier:
                keyid:12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/LTNH687avS-GxvMdJ-HPx6cwop4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.255.0/24
                  185.133.224.0/23
                  185.133.227.0/24
                IPv6:
                  2a06:7fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:cc:20:8c:86:c8:e2:9e:bb:d1:46:e4:76:6c:6b:6a:b9:8f:
         af:ef:8b:dd:14:d7:10:04:07:d5:10:83:da:86:29:b3:9f:9f:
         6f:d9:89:63:78:0d:be:f2:47:e2:36:3b:94:d7:9c:f2:4c:81:
         50:6c:17:4f:0e:50:a0:54:08:14:8e:5f:0b:30:4b:5a:ff:38:
         f1:45:32:02:86:b0:5e:62:ed:44:60:41:94:95:8d:b7:87:19:
         8d:7f:9e:fc:68:e3:de:c3:d7:10:bd:43:ca:ad:be:cd:92:82:
         01:12:94:e8:bd:14:4a:32:5b:b2:a2:f1:4b:1e:f0:dd:c3:20:
         14:42:d0:b9:2b:54:73:27:18:fb:e1:63:ee:4b:90:68:89:24:
         6e:d1:c9:e6:82:2d:b0:88:2e:82:c2:66:a8:87:01:9e:5f:7e:
         ab:cd:5f:b0:19:82:a5:80:d8:68:19:e5:b9:98:d2:73:32:8a:
         c3:e5:24:61:7a:6e:96:bc:04:86:41:94:1c:ec:c3:29:e0:cb:
         ed:3e:32:e5:b6:f2:d1:62:8d:28:27:7e:28:23:0f:f5:11:6c:
         b0:4d:6c:7f:0a:ac:13:a5:bf:5b:37:03:82:fd:75:38:98:df:
         88:1e:67:59:a4:2e:91:94:41:9f:e0:c5:97:e0:8a:ce:14:52:
         35:40:f0:48
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZbiwg16xjLHPk15WWhepErxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2MzZGU2MTAxMWRlMDcxMDFlMTRkYzA3MjczOTUxNzFj
YjAzYWIwHhcNMjUwNTE4MDkzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDMzNDdlYmNlZGFiZDJmODZjNmYzMWQyN2UxY2ZjN2E3MzBhMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNf3ZdCa7DWqGlAs0ZadDpomKYSa
+cTWVD5Xu8NHk3ZowfRLmkw1cz4c+5pd6qNZxrSZPARdiLRN8IapSNEMbgyVtXr5
KicqO9+c7IPdqRS4cr709X5P4ml0XLNXCoZF7TCdXHvZB8R9zY91pB+/bogDBHfk
dPe19sZOjFzpV0+b5D84hrvOHUtp2cDuSmaIPy3FFo9j/GUFQQh+LaA6p0zky6xc
/B0Ki7XAiX551OKetPmO6pb4mrew/4nuSO3ebHnLK/QzUUbEXpMwR7EME+tSnKfL
Bzt8MJz7OHhD6w7Mf7ZfMob8pWbXgaqPQkzINzA6sREsVhW5Z4vBH0ewVQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFC0zR+vO2r0vhsbzHSfhz8enMKKeMB8GA1UdIwQY
MBaAFBI8PeYQEd4HEB4U3AcnOVFxywOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUt
YjUwNGM5YWU5YmJjLzEvTFROSDY4N2F2Uy1HeHZNZEotSFB4NmN3b3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUtYjUwNGM5YWU5YmJj
LzEvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAuXr/AwQB
uYXgAwQAuYXjMA0EAgACMAcDBQMqBn/AMA0GCSqGSIb3DQEBCwUAA4IBAQCSzCCM
hsjinrvRRuR2bGtquY+v74vdFNcQBAfVEIPahimzn59v2YljeA2+8kfiNjuU15zy
TIFQbBdPDlCgVAgUjl8LMEta/zjxRTIChrBeYu1EYEGUlY23hxmNf578aOPew9cQ
vUPKrb7NkoIBEpTovRRKMluyovFLHvDdwyAUQtC5K1RzJxj74WPuS5BoiSRu0cnm
gi2wiC6CwmaohwGeX36rzV+wGYKlgNhoGeW5mNJzMorD5SRhem6WvASGQZQc7MMp
4MvtPjLltvLRYo0oJ34oIw/1EWywTWx/CqwTpb9bNwOC/XU4mN+IHmdZpC6RlEGf
4MWX4IrOFFI1QPBI
-----END CERTIFICATE-----
Generated at Tue Jun 10 05:17:16 2025 by rpki-client