Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/LBAPYASSvu5qlUE6hv2xicwQXrQ.roa
File:                     LBAPYASSvu5qlUE6hv2xicwQXrQ.roa (raw, json)
Hash identifier:          lHeqOuVxi8IwwDndY/kV93P6GSnE4/CmQWGr5c3LIxc=
Subject key identifier:   2C:10:0F:60:04:92:BE:EE:6A:95:41:3A:86:FD:B1:89:CC:10:5E:B4
Certificate issuer:       /CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
Certificate serial:       0191737350C2A943AB343A6CC052443DC6C6
Authority key identifier: BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/LBAPYASSvu5qlUE6hv2xicwQXrQ.roa
Signing time:             Wed 21 Aug 2024 05:40:22 +0000
ROA not before:           Wed 21 Aug 2024 05:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203623
IP address blocks:        185.127.108.0/24 maxlen: 24
                          185.127.109.0/24 maxlen: 24
                          185.127.110.0/24 maxlen: 24
                          185.127.111.0/24 maxlen: 24
                          2a06:c8c0::/30 maxlen: 30
                          2a06:c8c4::/30 maxlen: 30
                          2a06:c8c4:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:73:73:50:c2:a9:43:ab:34:3a:6c:c0:52:44:3d:c6:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
        Validity
            Not Before: Aug 21 05:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c100f600492beee6a95413a86fdb189cc105eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:45:ed:11:83:17:b4:1d:59:6a:c2:6c:cd:c6:
                    e0:a2:d4:d6:c4:a2:c4:49:09:26:fb:f3:32:93:a7:
                    ac:6b:bf:b0:e7:3f:ce:4a:1f:34:b1:72:87:2f:1f:
                    84:66:7b:3d:18:93:78:f0:51:bf:1b:ce:d3:c1:89:
                    dc:1d:40:05:34:51:d0:6e:61:22:48:a1:02:e7:4e:
                    0a:24:2c:05:f4:9f:ca:45:ed:ee:07:ff:b4:32:18:
                    61:37:71:c3:e2:78:0f:d6:85:73:ad:df:18:6f:cf:
                    02:d9:34:a2:4d:f4:15:d0:fe:05:63:43:be:7b:b9:
                    82:61:20:80:3d:1c:dc:2e:20:d7:c2:76:93:14:80:
                    32:1f:f9:5e:5a:7d:1c:19:89:24:9a:ab:f1:07:c9:
                    83:79:2a:06:56:62:c1:95:45:2f:0f:13:49:bb:f5:
                    93:87:a2:ff:74:e3:68:66:dc:58:6f:c8:5f:39:37:
                    9c:18:02:1c:bf:ce:4f:eb:40:f8:2d:2a:7f:ba:e6:
                    55:8a:87:00:09:43:53:4e:45:a9:0f:54:96:07:47:
                    7c:bc:ef:c5:3d:3b:1f:4f:59:e1:a0:7f:e9:e9:98:
                    7e:79:b0:ea:df:2f:a1:08:da:36:d9:03:75:0a:31:
                    74:0d:5a:bd:e5:f1:6a:25:bf:42:b3:83:e8:16:1f:
                    51:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:10:0F:60:04:92:BE:EE:6A:95:41:3A:86:FD:B1:89:CC:10:5E:B4
            X509v3 Authority Key Identifier:
                keyid:BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/LBAPYASSvu5qlUE6hv2xicwQXrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.108.0/22
                IPv6:
                  2a06:c8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:5c:df:2e:33:9c:1b:8f:82:e1:ff:31:f9:af:e3:a8:02:b1:
         b0:80:41:a5:b1:c9:be:18:a7:ec:e8:c5:6b:3d:15:98:b1:a1:
         52:76:8a:53:32:ff:9b:b8:0a:b5:1b:18:1a:71:b7:bf:98:61:
         0d:16:1d:41:d6:5e:0c:11:b9:6f:8c:05:2d:15:55:75:22:79:
         9f:51:81:c0:71:7c:cd:d7:df:d3:b6:0d:0b:1f:ca:5e:81:23:
         98:0e:38:87:90:f5:e6:31:61:df:20:cf:a3:67:6e:0f:c4:5d:
         ec:18:97:ea:dd:dd:4c:87:d0:40:b1:68:4d:37:0a:a6:d4:19:
         39:6c:91:7b:70:91:9e:9e:91:1f:c5:08:de:26:5f:55:bd:34:
         11:a8:8b:4b:d2:95:1d:89:bb:d6:99:ca:21:41:16:65:cd:04:
         d2:ed:d4:af:fe:04:fc:a0:be:18:8e:fa:ea:4b:f8:22:6b:bd:
         9e:93:ce:41:7a:c3:8a:01:7b:46:0f:f0:2a:95:6c:de:68:06:
         18:a4:81:db:40:f4:c6:af:c7:59:cd:9d:df:1e:b9:f5:84:c7:
         74:2c:72:84:91:a7:a3:fe:ab:3c:a0:f2:f5:82:b1:4a:fa:00:
         e2:64:1b:13:e8:c6:c6:69:78:39:56:11:d8:94:0f:b8:15:46:
         d2:38:56:7f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZFzc1DCqUOrNDpswFJEPcbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYzQ3MGU5YjU4ZTU1N2VhOGMxZGJlZGFlYjljNmE1ZmM0
NTUxMjUwHhcNMjQwODIxMDU0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzEwMGY2MDA0OTJiZWVlNmE5NTQxM2E4NmZkYjE4OWNjMTA1ZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUXtEYMXtB1ZasJszcbgotTWxKLE
SQkm+/Myk6esa7+w5z/OSh80sXKHLx+EZns9GJN48FG/G87TwYncHUAFNFHQbmEi
SKEC504KJCwF9J/KRe3uB/+0MhhhN3HD4ngP1oVzrd8Yb88C2TSiTfQV0P4FY0O+
e7mCYSCAPRzcLiDXwnaTFIAyH/leWn0cGYkkmqvxB8mDeSoGVmLBlUUvDxNJu/WT
h6L/dONoZtxYb8hfOTecGAIcv85P60D4LSp/uuZViocACUNTTkWpD1SWB0d8vO/F
PTsfT1nhoH/p6Zh+ebDq3y+hCNo22QN1CjF0DVq95fFqJb9Cs4PoFh9RvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCwQD2AEkr7uapVBOob9sYnMEF60MB8GA1UdIwQY
MBaAFL/EcOm1jlV+qMHb7a65xqX8RVElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzkt
YTJhYTY1NDBmODc1LzEvTEJBUFlBU1N2dTVxbFVFNmh2MnhpY3dRWHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzktYTJhYTY1NDBmODc1
LzEvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX9sMA0E
AgACMAcDBQMqBsjAMA0GCSqGSIb3DQEBCwUAA4IBAQBBXN8uM5wbj4Lh/zH5r+Oo
ArGwgEGlscm+GKfs6MVrPRWYsaFSdopTMv+buAq1Gxgacbe/mGENFh1B1l4MEblv
jAUtFVV1InmfUYHAcXzN19/Ttg0LH8pegSOYDjiHkPXmMWHfIM+jZ24PxF3sGJfq
3d1Mh9BAsWhNNwqm1Bk5bJF7cJGenpEfxQjeJl9VvTQRqItL0pUdibvWmcohQRZl
zQTS7dSv/gT8oL4YjvrqS/gia72ek85BesOKAXtGD/AqlWzeaAYYpIHbQPTGr8dZ
zZ3fHrn1hMd0LHKEkaej/qs8oPL1grFK+gDiZBsT6MbGaXg5VhHYlA+4FUbSOFZ/
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:30:54 2024 by rpki-client on console-ams.rpki-client.org