Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/LN-LnaK88FGvfAVlogtvDaHebR0.roa
File:                     LN-LnaK88FGvfAVlogtvDaHebR0.roa (raw, json)
Hash identifier:          MNdcqQ8uR93CitIZzKJcicFICk64eXFkf6pSgDJYLnk=
Subject key identifier:   2C:DF:8B:9D:A2:BC:F0:51:AF:7C:05:65:A2:0B:6F:0D:A1:DE:6D:1D
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       018CC86EFA2F1F94D21580142185A4511A8D
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/LN-LnaK88FGvfAVlogtvDaHebR0.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20552
IP address blocks:        185.119.15.0/24 maxlen: 24
                          185.119.12.0/24 maxlen: 24
                          185.119.12.0/22 maxlen: 22
                          185.119.14.0/24 maxlen: 24
                          185.119.13.0/24 maxlen: 24
                          185.24.200.0/22 maxlen: 22
                          217.168.128.0/20 maxlen: 20
                          217.168.129.0/24 maxlen: 24
                          217.168.141.0/24 maxlen: 24
                          185.52.171.0/24 maxlen: 24
                          185.52.168.0/22 maxlen: 24
                          185.52.170.0/24 maxlen: 24
                          185.52.169.0/24 maxlen: 24
                          164.40.240.0/24 maxlen: 24
                          164.40.241.0/24 maxlen: 24
                          164.40.240.0/21 maxlen: 21
                          164.40.246.0/24 maxlen: 24
                          91.216.30.0/24 maxlen: 24
                          164.40.245.0/24 maxlen: 24
                          164.40.243.0/24 maxlen: 24
                          164.40.242.0/24 maxlen: 24
                          164.40.244.0/24 maxlen: 24
                          164.40.247.0/24 maxlen: 24
                          2a02:d88::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fa:2f:1f:94:d2:15:80:14:21:85:a4:51:1a:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cdf8b9da2bcf051af7c0565a20b6f0da1de6d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:fc:e9:61:ce:d0:c8:02:fd:d8:4b:1c:17:e8:
                    9a:49:c5:53:3f:7f:71:e0:bf:55:d2:b6:89:27:d5:
                    6d:8c:a3:ed:6e:7c:7b:f6:ba:83:b7:ed:ce:30:1d:
                    94:e3:11:61:82:d2:f5:68:7f:b0:4a:df:3e:bf:b0:
                    48:02:e3:a0:f7:8a:66:78:e0:c1:4c:e5:65:69:5e:
                    20:ed:42:40:50:23:05:48:e0:da:36:2b:ba:fc:57:
                    d7:01:ac:22:82:5f:e7:1e:80:84:58:97:f3:45:e9:
                    0a:fe:96:a4:c4:c9:3b:1f:0e:d4:bb:e3:64:ff:60:
                    ce:37:5d:99:1a:e2:b9:db:2c:98:1f:51:2b:c3:e4:
                    ee:d1:f1:89:a5:2d:9e:a2:66:30:38:7b:cf:d6:64:
                    f5:b4:35:c2:4f:6a:c3:6e:2b:9f:ae:20:3b:33:b2:
                    5f:9a:44:27:3d:17:78:21:a1:05:20:7d:8b:c4:7b:
                    46:ae:22:d3:d8:bf:bb:84:7c:eb:fb:50:e2:c9:60:
                    43:f9:84:1e:86:d5:05:73:1c:4c:fd:81:32:da:5d:
                    37:44:1f:c6:b9:d5:9b:27:33:c5:d1:cb:ff:40:d1:
                    cb:9f:fd:59:66:a8:4b:3b:a6:8b:20:48:a5:fc:8e:
                    db:e6:d5:b7:f9:e0:c0:7a:2a:1a:b6:2f:10:c2:78:
                    4c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:DF:8B:9D:A2:BC:F0:51:AF:7C:05:65:A2:0B:6F:0D:A1:DE:6D:1D
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/LN-LnaK88FGvfAVlogtvDaHebR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.30.0/24
                  164.40.240.0/21
                  185.24.200.0/22
                  185.52.168.0/22
                  185.119.12.0/22
                  217.168.128.0/20
                IPv6:
                  2a02:d88::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:36:9c:7b:ac:76:9b:dc:44:7d:e7:fd:c2:e1:4d:9c:71:10:
         98:bb:f3:7a:ec:82:61:34:0b:48:5a:6d:4f:2f:d5:97:da:e6:
         7c:f2:ab:d0:5c:7b:a8:5f:dc:28:1f:7f:2f:8e:24:11:8a:58:
         61:c4:8f:03:0e:10:70:f0:a2:1e:79:9f:f6:d3:3b:51:c5:c7:
         c3:85:6c:c2:a8:57:ef:b6:67:ae:98:e6:aa:9a:4b:c9:0c:07:
         db:72:17:c8:43:43:0b:fe:13:35:b8:e4:d6:73:67:90:ed:70:
         2a:98:ca:b1:73:ba:2d:01:55:74:b0:c7:45:e8:25:4a:73:98:
         c8:f0:19:a3:3e:e0:2d:26:07:c7:91:6e:77:5a:64:63:7a:d9:
         b7:c0:a3:8b:1d:b4:06:28:86:bc:93:ba:61:32:04:13:54:6d:
         e5:68:30:d0:47:47:e0:d2:77:55:5c:27:1b:26:c8:8d:c4:bc:
         b4:ce:80:ff:51:7f:e6:7c:fe:61:bb:6e:cc:8e:6a:15:e3:41:
         20:83:08:64:4f:48:15:e6:4e:a6:62:5e:7d:62:f6:cf:d0:b7:
         40:a2:7c:34:9e:ed:de:82:b1:88:f3:12:98:d9:d1:00:b9:03:
         f1:0f:c7:d1:ed:ed:ac:d8:30:d4:0b:ea:85:40:66:b7:54:17:
         dd:3c:89:35
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzIbvovH5TSFYAUIYWkURqNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2RmOGI5ZGEyYmNmMDUxYWY3YzA1NjVhMjBiNmYwZGExZGU2ZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfzpYc7QyAL92EscF+iaScVTP39x
4L9V0raJJ9VtjKPtbnx79rqDt+3OMB2U4xFhgtL1aH+wSt8+v7BIAuOg94pmeODB
TOVlaV4g7UJAUCMFSODaNiu6/FfXAawigl/nHoCEWJfzRekK/pakxMk7Hw7Uu+Nk
/2DON12ZGuK52yyYH1Erw+Tu0fGJpS2eomYwOHvP1mT1tDXCT2rDbiufriA7M7Jf
mkQnPRd4IaEFIH2LxHtGriLT2L+7hHzr+1DiyWBD+YQehtUFcxxM/YEy2l03RB/G
udWbJzPF0cv/QNHLn/1ZZqhLO6aLIEil/I7b5tW3+eDAeioati8QwnhMSQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFCzfi52ivPBRr3wFZaILbw2h3m0dMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvTE4tTG5hSzg4Rkd2ZkFWbG9ndHZEYUhlYlIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAW9geAwQD
pCjwAwQCuRjIAwQCuTSoAwQCuXcMAwQE2aiAMA0EAgACMAcDBQAqAg2IMA0GCSqG
SIb3DQEBCwUAA4IBAQAXNpx7rHab3ER95/3C4U2ccRCYu/N67IJhNAtIWm1PL9WX
2uZ88qvQXHuoX9woH38vjiQRilhhxI8DDhBw8KIeeZ/20ztRxcfDhWzCqFfvtmeu
mOaqmkvJDAfbchfIQ0ML/hM1uOTWc2eQ7XAqmMqxc7otAVV0sMdF6CVKc5jI8Bmj
PuAtJgfHkW53WmRjetm3wKOLHbQGKIa8k7phMgQTVG3laDDQR0fg0ndVXCcbJsiN
xLy0zoD/UX/mfP5hu27MjmoV40EggwhkT0gV5k6mYl59YvbP0LdAonw0nu3egrGI
8xKY2dEAuQPxD8fR7e2s2DDUC+qFQGa3VBfdPIk1
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:27 2024 by rpki-client on console-fra.rpki-client.org