Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LbmccNbCjcRfrfTXWS4pYp09Sh0.roa
File:                     LbmccNbCjcRfrfTXWS4pYp09Sh0.roa (raw, json)
Hash identifier:          paLncYWFEPzmdTDShYEDCuFyaxEupMiMsuNgJmP75H0=
Subject key identifier:   2D:B9:9C:70:D6:C2:8D:C4:5F:AD:F4:D7:59:2E:29:62:9D:3D:4A:1D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0198A0426D672C4F3844E092AB4A770B7CE5
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LbmccNbCjcRfrfTXWS4pYp09Sh0.roa
Signing time:             Tue 12 Aug 2025 21:49:24 +0000
ROA not before:           Tue 12 Aug 2025 21:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207416
IP address blocks:        77.239.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a0:42:6d:67:2c:4f:38:44:e0:92:ab:4a:77:0b:7c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Aug 12 21:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2db99c70d6c28dc45fadf4d7592e29629d3d4a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4d:72:d7:76:0d:93:12:9a:44:02:98:6c:5d:
                    66:b9:26:f7:a0:a9:5f:75:82:ef:c7:4d:51:71:f3:
                    4b:72:a9:f0:f9:59:40:2b:05:c9:9e:a5:af:7c:2a:
                    67:eb:02:05:b3:ad:2c:0c:a8:b2:5e:4c:0d:1a:d1:
                    77:a1:d2:4d:cb:e6:95:c9:81:c8:de:66:50:db:d8:
                    4d:46:88:ec:91:b9:d9:d7:28:c6:d3:50:c3:2a:8d:
                    9a:ec:d9:29:ff:6f:dd:67:8a:b4:e1:46:f6:0c:79:
                    f9:36:fd:a9:6d:ce:09:86:7f:49:80:d2:0c:70:13:
                    e6:5e:86:34:ef:1c:6f:af:bb:1a:4b:90:8b:34:9b:
                    92:be:f9:1d:f8:8e:27:d9:77:93:90:05:d8:3e:26:
                    f8:c5:b7:f4:69:d1:61:07:b7:ec:51:11:1d:64:08:
                    8e:d8:b8:6f:38:73:1f:17:f4:87:d3:6a:fd:6f:fe:
                    91:3c:b5:33:c2:a1:bb:62:4a:c1:3b:1c:10:87:1b:
                    6a:6d:6a:84:0f:ea:56:83:ad:1e:4f:5a:12:7c:80:
                    10:38:69:1c:38:7e:ab:98:c0:e0:29:99:d4:9d:b8:
                    b9:51:b9:d2:9a:83:be:14:f3:73:ba:45:67:4e:e9:
                    a2:55:17:ae:e7:8a:d9:47:06:98:15:a7:a6:5f:6a:
                    2c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B9:9C:70:D6:C2:8D:C4:5F:AD:F4:D7:59:2E:29:62:9D:3D:4A:1D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LbmccNbCjcRfrfTXWS4pYp09Sh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.239.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:9c:9e:eb:8d:2f:db:83:12:1c:94:9e:03:11:b3:16:c1:19:
         4b:ce:09:25:74:2d:86:d3:9f:54:87:2c:b4:d7:b6:e9:ba:c1:
         8e:11:e8:2e:d9:46:5e:e9:a5:68:11:74:ac:43:b6:ba:79:14:
         3a:55:84:78:57:53:5e:56:51:1f:2d:c7:6e:b4:58:44:14:32:
         ee:83:57:9d:84:a4:62:92:7f:1b:b6:b2:8d:35:27:fd:01:f3:
         f1:ea:0f:b7:38:19:25:4b:a4:02:d9:99:01:03:6e:03:09:52:
         0d:a7:e9:b6:01:d3:45:20:31:ed:c9:d2:55:46:9e:5a:35:b3:
         e5:71:f1:93:c7:45:ec:3b:53:df:c4:17:6a:76:84:f5:91:91:
         05:4f:95:18:69:cb:67:17:c1:83:7d:db:db:29:b4:6e:5b:67:
         49:4e:7b:04:cc:1a:b3:34:72:a0:97:4d:6e:55:f9:3d:19:66:
         a3:b1:91:47:9d:ef:04:9d:7f:66:3d:21:9d:01:ee:d0:97:df:
         35:ca:94:94:1e:48:2b:47:3d:fa:f3:f2:6f:4e:20:31:71:51:
         2f:2f:a1:b4:8b:31:17:b8:ea:2a:31:82:70:fa:1e:70:02:ac:
         ab:8b:e1:14:bf:9c:ab:db:32:dc:00:b6:b3:93:60:d1:87:95:
         49:bb:44:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZigQm1nLE84ROCSq0p3C3zlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODEyMjE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGI5OWM3MGQ2YzI4ZGM0NWZhZGY0ZDc1OTJlMjk2MjlkM2Q0YTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvU1y13YNkxKaRAKYbF1muSb3oKlf
dYLvx01RcfNLcqnw+VlAKwXJnqWvfCpn6wIFs60sDKiyXkwNGtF3odJNy+aVyYHI
3mZQ29hNRojskbnZ1yjG01DDKo2a7Nkp/2/dZ4q04Ub2DHn5Nv2pbc4Jhn9JgNIM
cBPmXoY07xxvr7saS5CLNJuSvvkd+I4n2XeTkAXYPib4xbf0adFhB7fsUREdZAiO
2LhvOHMfF/SH02r9b/6RPLUzwqG7YkrBOxwQhxtqbWqED+pWg60eT1oSfIAQOGkc
OH6rmMDgKZnUnbi5UbnSmoO+FPNzukVnTumiVReu54rZRwaYFaemX2osZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC25nHDWwo3EX63011kuKWKdPUodMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTGJtY2NOYkNqY1JmcmZUWFdTNHBZcDA5U2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATe9/MA0G
CSqGSIb3DQEBCwUAA4IBAQBGnJ7rjS/bgxIclJ4DEbMWwRlLzgkldC2G059Uhyy0
17bpusGOEegu2UZe6aVoEXSsQ7a6eRQ6VYR4V1NeVlEfLcdutFhEFDLug1edhKRi
kn8btrKNNSf9AfPx6g+3OBklS6QC2ZkBA24DCVINp+m2AdNFIDHtydJVRp5aNbPl
cfGTx0XsO1PfxBdqdoT1kZEFT5UYactnF8GDfdvbKbRuW2dJTnsEzBqzNHKgl01u
Vfk9GWajsZFHne8EnX9mPSGdAe7Ql981ypSUHkgrRz368/JvTiAxcVEvL6G0izEX
uOoqMYJw+h5wAqyri+EUv5yr2zLcALazk2DRh5VJu0S5
-----END CERTIFICATE-----