Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/lesHWX4svc0fIZYL2TR0obd7i6I.roa
File:                     lesHWX4svc0fIZYL2TR0obd7i6I.roa (raw, json)
Hash identifier:          j5AE4ptKLafeOrRhsATy8UB8RvMm49woavbXm6opEmw=
Subject key identifier:   95:EB:07:59:7E:2C:BD:CD:1F:21:96:0B:D9:34:74:A1:B7:7B:8B:A2
Certificate issuer:       /CN=dc5facca14de08174ef5c96c91f1e7825f42d07b
Certificate serial:       018FC40350AC0630CEAE9E441566BBD0E9E5
Authority key identifier: DC:5F:AC:CA:14:DE:08:17:4E:F5:C9:6C:91:F1:E7:82:5F:42:D0:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3F-syhTeCBdO9clskfHngl9C0Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/lesHWX4svc0fIZYL2TR0obd7i6I.roa
Signing time:             Wed 29 May 2024 11:01:42 +0000
ROA not before:           Wed 29 May 2024 11:01:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205330
IP address blocks:        37.130.216.0/21 maxlen: 24
                          185.109.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/3F-syhTeCBdO9clskfHngl9C0Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/3F-syhTeCBdO9clskfHngl9C0Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3F-syhTeCBdO9clskfHngl9C0Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:03:50:ac:06:30:ce:ae:9e:44:15:66:bb:d0:e9:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5facca14de08174ef5c96c91f1e7825f42d07b
        Validity
            Not Before: May 29 11:01:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95eb07597e2cbdcd1f21960bd93474a1b77b8ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:91:88:9c:bb:97:e0:c3:99:7d:99:c7:31:55:
                    5e:8c:c6:8b:71:37:bb:85:8f:fb:63:70:eb:a2:24:
                    9b:8f:9e:7a:8e:31:fe:58:17:68:65:e7:87:d9:72:
                    a7:77:b3:3a:14:37:e7:a5:fa:b9:b1:7c:79:48:eb:
                    55:54:d0:48:d1:cf:05:11:3a:a4:54:f8:31:60:fd:
                    37:8c:d3:70:b5:86:73:bc:ef:c1:ce:62:33:02:5e:
                    e6:b2:9e:5f:36:80:4d:2e:90:5a:dc:9e:98:89:06:
                    da:a9:eb:0f:8d:18:84:06:90:14:86:79:6d:36:37:
                    6e:f2:e9:3f:c1:95:b9:ad:20:1f:7e:4c:41:93:50:
                    02:98:6e:a6:77:14:cb:6f:5a:c9:90:16:cd:e9:22:
                    d5:7c:af:7c:ef:98:72:ad:70:8a:a4:f5:6b:33:45:
                    e4:8d:00:0f:c7:22:c8:77:62:4c:0c:d8:6d:90:e3:
                    75:15:5d:d8:74:79:57:49:4e:e5:ce:36:8c:c4:fe:
                    00:32:b0:f4:94:f1:43:70:d3:e8:5e:91:02:09:4f:
                    11:9d:47:13:72:83:a2:e6:14:90:ab:da:89:b3:c2:
                    db:ec:3f:a4:ca:b5:60:d6:86:c2:cd:c6:2b:38:04:
                    80:24:b5:3a:c0:54:ef:37:2e:6d:c1:94:81:8a:8a:
                    34:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EB:07:59:7E:2C:BD:CD:1F:21:96:0B:D9:34:74:A1:B7:7B:8B:A2
            X509v3 Authority Key Identifier:
                keyid:DC:5F:AC:CA:14:DE:08:17:4E:F5:C9:6C:91:F1:E7:82:5F:42:D0:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3F-syhTeCBdO9clskfHngl9C0Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/lesHWX4svc0fIZYL2TR0obd7i6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/3F-syhTeCBdO9clskfHngl9C0Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.130.216.0/21
                  185.109.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:78:11:22:d8:8f:26:f5:46:e9:4c:2a:79:c4:c2:ea:30:24:
         3f:33:07:c1:8c:e9:99:87:46:4c:4d:7e:2c:6d:eb:d5:4b:97:
         c8:ce:84:06:3b:c7:48:9c:2f:58:ad:30:31:76:5b:22:51:fd:
         f4:ea:8d:34:f1:59:5a:e5:be:28:ca:5a:a2:e0:17:85:bb:2b:
         76:8e:68:71:48:f9:f7:17:9e:58:e6:57:c2:2d:7a:af:e5:6c:
         c5:fb:45:6d:66:6d:75:b2:e3:86:01:b9:27:79:30:32:9b:1c:
         a9:78:d3:e0:1d:f8:de:c1:b7:d7:36:66:a0:03:8f:f8:1e:19:
         8a:19:38:9f:a9:04:75:f9:9d:a1:b1:06:e2:a9:c1:ad:7f:3b:
         f1:2a:54:fc:3d:c2:46:6f:54:d1:8a:cf:e0:27:db:ef:ba:10:
         02:29:c3:9b:4c:1d:b0:97:b1:d5:ea:72:de:83:de:07:4b:e7:
         51:6a:55:4c:5c:79:04:2d:8f:5a:8b:b3:fb:de:42:c4:10:58:
         b9:74:ad:4f:d0:21:d2:3d:4b:7a:23:a1:bd:58:22:27:60:64:
         3b:8d:f4:3d:90:db:b8:fc:f1:85:a6:a6:19:86:c3:06:b9:cc:
         1b:80:19:6d:c2:21:2c:be:c5:38:d6:b4:71:15:64:cb:1e:c2:
         9f:6e:f6:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/EA1CsBjDOrp5EFWa70OnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWZhY2NhMTRkZTA4MTc0ZWY1Yzk2YzkxZjFlNzgyNWY0
MmQwN2IwHhcNMjQwNTI5MTEwMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWViMDc1OTdlMmNiZGNkMWYyMTk2MGJkOTM0NzRhMWI3N2I4YmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15GInLuX4MOZfZnHMVVejMaLcTe7
hY/7Y3DroiSbj556jjH+WBdoZeeH2XKnd7M6FDfnpfq5sXx5SOtVVNBI0c8FETqk
VPgxYP03jNNwtYZzvO/BzmIzAl7msp5fNoBNLpBa3J6YiQbaqesPjRiEBpAUhnlt
Njdu8uk/wZW5rSAffkxBk1ACmG6mdxTLb1rJkBbN6SLVfK9875hyrXCKpPVrM0Xk
jQAPxyLId2JMDNhtkON1FV3YdHlXSU7lzjaMxP4AMrD0lPFDcNPoXpECCU8RnUcT
coOi5hSQq9qJs8Lb7D+kyrVg1obCzcYrOASAJLU6wFTvNy5twZSBioo0uwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJXrB1l+LL3NHyGWC9k0dKG3e4uiMB8GA1UdIwQY
MBaAFNxfrMoU3ggXTvXJbJHx54JfQtB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Ytc3loVGVDQmRPOWNsc2tmSG5nbDlDMEhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8wODkzZjEtZmZiNC00NmIzLWJmMjct
YTcwMTY5ODBjODZmLzEvbGVzSFdYNHN2YzBmSVpZTDJUUjBvYmQ3aTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8wODkzZjEtZmZiNC00NmIzLWJmMjctYTcwMTY5ODBjODZm
LzEvM0Ytc3loVGVDQmRPOWNsc2tmSG5nbDlDMEhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJYLYAwQC
uW04MA0GCSqGSIb3DQEBCwUAA4IBAQAGeBEi2I8m9UbpTCp5xMLqMCQ/MwfBjOmZ
h0ZMTX4sbevVS5fIzoQGO8dInC9YrTAxdlsiUf306o008Vla5b4oylqi4BeFuyt2
jmhxSPn3F55Y5lfCLXqv5WzF+0VtZm11suOGAbkneTAymxypeNPgHfjewbfXNmag
A4/4HhmKGTifqQR1+Z2hsQbiqcGtfzvxKlT8PcJGb1TRis/gJ9vvuhACKcObTB2w
l7HV6nLeg94HS+dRalVMXHkELY9ai7P73kLEEFi5dK1P0CHSPUt6I6G9WCInYGQ7
jfQ9kNu4/PGFpqYZhsMGucwbgBltwiEsvsU41rRxFWTLHsKfbvZu
-----END CERTIFICATE-----