Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/LFAtM68_QsypB1yZseRwlLJq2u4.roa
File:                     LFAtM68_QsypB1yZseRwlLJq2u4.roa (raw, json)
Hash identifier:          /957wLIuErUNU/cVyq1KNPpSgWYbgRzlgVLc/r/yFdE=
Subject key identifier:   2C:50:2D:33:AF:3F:42:CC:A9:07:5C:99:B1:E4:70:94:B2:6A:DA:EE
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       0199B28D2D7C6D2181CEAB9478BDFB0752CA
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/LFAtM68_QsypB1yZseRwlLJq2u4.roa
Signing time:             Sun 05 Oct 2025 04:07:00 +0000
ROA not before:           Sun 05 Oct 2025 04:07:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.140.246.0/24 maxlen: 24
                          45.140.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b2:8d:2d:7c:6d:21:81:ce:ab:94:78:bd:fb:07:52:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Oct  5 04:07:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c502d33af3f42cca9075c99b1e47094b26adaee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d4:01:af:a4:2f:b8:70:a5:13:7c:f3:14:b9:
                    3e:35:dc:46:f0:34:fe:7e:af:ee:52:29:d1:65:3e:
                    3f:78:e3:fc:e7:c1:97:04:98:48:a5:56:66:34:eb:
                    29:ae:29:ff:36:f3:b6:fc:69:67:6d:c2:73:77:e4:
                    f7:c6:ee:29:ff:7e:f0:d9:9b:94:fc:c3:ac:a0:26:
                    88:70:3e:92:51:b0:93:68:4e:b8:30:2a:02:ec:a7:
                    08:34:30:cc:a0:73:b7:7a:80:fa:fe:e4:29:27:1d:
                    eb:2d:bb:c1:a4:b6:f9:08:23:49:b7:eb:c5:da:aa:
                    48:85:49:26:4a:1c:a1:88:a9:11:4d:17:4c:05:52:
                    e4:13:e1:84:1b:c7:dc:11:63:b7:06:87:e5:9f:59:
                    7b:9c:a5:f3:12:61:cc:2b:7b:fa:6c:8c:e4:70:1d:
                    34:3e:33:b6:14:58:e3:bb:a6:98:17:6d:c4:2a:72:
                    fd:18:f6:67:4f:71:6b:05:ca:25:84:9a:66:91:f3:
                    7d:75:b5:ec:c2:8e:b5:89:89:c4:03:06:13:9b:37:
                    c2:dd:d5:1d:e1:f4:8f:ac:02:b7:51:78:b8:b9:ac:
                    d5:29:b9:ac:bf:c9:4c:aa:fe:b1:88:f1:9a:1d:ed:
                    88:2c:5f:b6:4a:d4:ff:f1:b4:de:6d:93:33:b3:6b:
                    42:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:50:2D:33:AF:3F:42:CC:A9:07:5C:99:B1:E4:70:94:B2:6A:DA:EE
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/LFAtM68_QsypB1yZseRwlLJq2u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:f6:67:52:61:5c:f1:df:c7:65:a5:ea:b5:31:b6:9e:34:8d:
         cd:cf:0c:e2:df:4a:d0:41:33:4b:c5:5f:01:86:21:09:13:99:
         3a:b0:66:4a:7e:87:f1:5b:b8:ab:59:7c:e7:f6:1c:1f:71:2a:
         65:cf:48:5f:8b:5d:0f:76:64:4f:ad:ed:d9:4c:26:9a:b4:e6:
         51:fc:48:82:8c:fd:09:52:94:48:63:af:61:97:ec:d0:a2:6b:
         87:32:af:d4:89:54:3a:cb:9f:84:44:e3:0d:c5:0a:74:e9:c8:
         bf:77:32:26:9e:9a:ef:87:53:ac:a3:17:9b:5a:f3:af:97:b2:
         89:20:80:17:92:71:8a:5a:81:90:54:37:1f:85:9d:c3:d5:bd:
         08:32:ab:16:73:19:d6:55:36:9c:d0:5d:b4:a6:9d:be:92:4d:
         13:92:29:60:d7:87:a9:15:07:a7:4c:b1:67:d2:64:51:47:6b:
         60:71:f1:ad:af:7c:8b:70:99:b9:3b:40:b1:59:c0:13:d5:ef:
         76:9d:f4:6e:71:23:6a:aa:c8:49:b8:13:26:5e:5a:ae:a0:8c:
         bb:1a:91:97:a8:2a:bc:14:a7:f9:24:c2:d7:26:9c:ad:ac:27:
         4f:a6:e2:8c:02:76:a4:3d:8f:f4:f8:1d:3d:20:df:ff:f6:45:
         03:01:47:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmyjS18bSGBzquUeL37B1LKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUxMDA1MDQwNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzUwMmQzM2FmM2Y0MmNjYTkwNzVjOTliMWU0NzA5NGIyNmFkYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tQBr6QvuHClE3zzFLk+NdxG8DT+
fq/uUinRZT4/eOP858GXBJhIpVZmNOsprin/NvO2/GlnbcJzd+T3xu4p/37w2ZuU
/MOsoCaIcD6SUbCTaE64MCoC7KcINDDMoHO3eoD6/uQpJx3rLbvBpLb5CCNJt+vF
2qpIhUkmShyhiKkRTRdMBVLkE+GEG8fcEWO3Bofln1l7nKXzEmHMK3v6bIzkcB00
PjO2FFjju6aYF23EKnL9GPZnT3FrBcolhJpmkfN9dbXswo61iYnEAwYTmzfC3dUd
4fSPrAK3UXi4uazVKbmsv8lMqv6xiPGaHe2ILF+2StT/8bTebZMzs2tC7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxQLTOvP0LMqQdcmbHkcJSyatruMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvTEZBdE02OF9Rc3lwQjF5WnNlUndsTEpxMnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYz2MA0G
CSqGSIb3DQEBCwUAA4IBAQBn9mdSYVzx38dlpeq1MbaeNI3Nzwzi30rQQTNLxV8B
hiEJE5k6sGZKfofxW7irWXzn9hwfcSplz0hfi10PdmRPre3ZTCaatOZR/EiCjP0J
UpRIY69hl+zQomuHMq/UiVQ6y5+EROMNxQp06ci/dzImnprvh1OsoxebWvOvl7KJ
IIAXknGKWoGQVDcfhZ3D1b0IMqsWcxnWVTac0F20pp2+kk0Tkilg14epFQenTLFn
0mRRR2tgcfGtr3yLcJm5O0CxWcAT1e92nfRucSNqqshJuBMmXlquoIy7GpGXqCq8
FKf5JMLXJpytrCdPpuKMAnakPY/0+B09IN//9kUDAUcd
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:37 2025 by rpki-client