Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/LES-4NZ2gVtnFASVcYj5bV4jo4M.roa
File:                     LES-4NZ2gVtnFASVcYj5bV4jo4M.roa (raw, json)
Hash identifier:          2G3ShlRTsn405STqDwUmkyh047FRwXPBWPG0OI/1t/0=
Subject key identifier:   2C:44:BE:E0:D6:76:81:5B:67:14:04:95:71:88:F9:6D:5E:23:A3:83
Certificate issuer:       /CN=84bfc451fc4f2411addd00a9fbb17346ad6e8996
Certificate serial:       0195C983C12BED67200C6EDCB6B7968DD648
Authority key identifier: 84:BF:C4:51:FC:4F:24:11:AD:DD:00:A9:FB:B1:73:46:AD:6E:89:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/LES-4NZ2gVtnFASVcYj5bV4jo4M.roa
Signing time:             Mon 24 Mar 2025 18:56:49 +0000
ROA not before:           Mon 24 Mar 2025 18:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39647
IP address blocks:        185.160.74.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 04:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c9:83:c1:2b:ed:67:20:0c:6e:dc:b6:b7:96:8d:d6:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bfc451fc4f2411addd00a9fbb17346ad6e8996
        Validity
            Not Before: Mar 24 18:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c44bee0d676815b671404957188f96d5e23a383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:42:63:a4:23:8a:49:5c:7b:fe:9f:b4:61:70:
                    ae:b9:59:6f:2d:89:7f:bb:68:0a:48:95:f2:7f:da:
                    7f:48:fc:02:4a:48:92:0e:df:30:d1:d5:b6:5f:d9:
                    73:c1:ca:af:c8:2f:9d:88:9f:10:45:ae:d3:90:da:
                    21:0c:6b:4b:9e:fe:0a:04:32:53:35:e1:d5:12:4d:
                    82:14:86:22:57:bd:07:7d:c5:40:81:02:d7:e8:96:
                    64:35:d3:52:0c:bc:29:e1:d7:7f:e8:67:4f:b6:eb:
                    7b:0c:48:e7:41:e8:81:43:f3:38:2b:87:0a:69:53:
                    ad:fe:18:e3:c3:5a:e7:62:fa:14:f6:5a:69:36:a7:
                    cf:c4:ef:44:88:ee:f7:43:bb:29:ff:89:5e:3b:05:
                    88:bc:3e:58:cc:8a:0c:6e:3e:aa:36:25:5b:8d:4b:
                    95:52:94:b1:d5:83:ad:a5:89:80:36:4b:73:53:f9:
                    12:c6:2c:2d:fa:bc:ad:9f:ce:98:90:ea:44:a6:b1:
                    90:5a:da:40:0c:ac:ad:21:f1:01:33:4a:37:32:3a:
                    4b:58:15:de:bf:f4:d2:99:02:f6:7e:e9:1c:a4:0c:
                    32:9c:a1:6a:fd:40:f6:16:04:28:cc:e9:5f:e7:4e:
                    af:43:d9:c9:91:9c:6d:64:3c:eb:52:0d:8b:16:e5:
                    da:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:44:BE:E0:D6:76:81:5B:67:14:04:95:71:88:F9:6D:5E:23:A3:83
            X509v3 Authority Key Identifier:
                keyid:84:BF:C4:51:FC:4F:24:11:AD:DD:00:A9:FB:B1:73:46:AD:6E:89:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/LES-4NZ2gVtnFASVcYj5bV4jo4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:c0:d2:c1:db:15:df:fe:b3:08:6a:00:21:6a:f8:a5:06:c0:
         7d:48:69:c4:ae:4c:36:9e:d4:c5:6b:63:ba:68:ab:f0:4a:68:
         07:70:43:03:95:7e:a9:d2:a6:6b:ef:e6:9f:6b:3a:16:ac:30:
         fe:51:1f:a8:de:37:6c:fd:c4:f3:09:fd:12:da:5f:59:93:e2:
         eb:92:aa:52:2c:27:c7:72:62:4e:5e:29:ac:83:89:73:09:1a:
         b7:81:3c:61:40:fb:22:7e:13:48:83:a7:ef:97:3e:6a:de:99:
         74:50:77:37:9e:42:22:32:f2:70:51:79:d3:45:ab:00:9c:48:
         0a:21:94:64:03:80:6c:97:80:d6:fd:41:21:e0:fe:57:90:b5:
         6e:24:97:a4:e4:d1:ec:9a:29:4d:6f:84:a9:30:74:6e:98:9a:
         33:c2:b5:5a:4a:4a:db:96:fa:0b:69:b9:e6:30:87:d9:64:9a:
         62:31:7a:2f:82:2f:7d:a7:df:be:ab:4f:d5:b7:66:d6:34:16:
         9b:c1:ca:4c:05:78:06:48:da:69:b7:a4:69:30:35:1a:6a:69:
         6e:58:77:29:70:87:fe:13:23:e2:7d:c1:b0:24:5f:75:70:8c:
         65:98:14:77:94:b5:1d:fd:6b:89:98:8f:6e:1d:2d:25:76:8a:
         46:a1:7b:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXJg8Er7WcgDG7ctreWjdZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmZjNDUxZmM0ZjI0MTFhZGRkMDBhOWZiYjE3MzQ2YWQ2
ZTg5OTYwHhcNMjUwMzI0MTg1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzQ0YmVlMGQ2NzY4MTViNjcxNDA0OTU3MTg4Zjk2ZDVlMjNhMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EJjpCOKSVx7/p+0YXCuuVlvLYl/
u2gKSJXyf9p/SPwCSkiSDt8w0dW2X9lzwcqvyC+diJ8QRa7TkNohDGtLnv4KBDJT
NeHVEk2CFIYiV70HfcVAgQLX6JZkNdNSDLwp4dd/6GdPtut7DEjnQeiBQ/M4K4cK
aVOt/hjjw1rnYvoU9lppNqfPxO9EiO73Q7sp/4leOwWIvD5YzIoMbj6qNiVbjUuV
UpSx1YOtpYmANktzU/kSxiwt+rytn86YkOpEprGQWtpADKytIfEBM0o3MjpLWBXe
v/TSmQL2fukcpAwynKFq/UD2FgQozOlf506vQ9nJkZxtZDzrUg2LFuXazwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxEvuDWdoFbZxQElXGI+W1eI6ODMB8GA1UdIwQY
MBaAFIS/xFH8TyQRrd0Aqfuxc0atbomWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExfRVVmeFBKQkd0M1FDcC03RnpScTF1aVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9iN2JlNjQtODZkNC00NDNiLTk2ODYt
ZjY2MzE3OTc3OTY4LzEvTEVTLTROWjJnVnRuRkFTVmNZajViVjRqbzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9iN2JlNjQtODZkNC00NDNiLTk2ODYtZjY2MzE3OTc3OTY4
LzEvaExfRVVmeFBKQkd0M1FDcC03RnpScTF1aVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaBKMA0G
CSqGSIb3DQEBCwUAA4IBAQA8wNLB2xXf/rMIagAhavilBsB9SGnErkw2ntTFa2O6
aKvwSmgHcEMDlX6p0qZr7+afazoWrDD+UR+o3jds/cTzCf0S2l9Zk+LrkqpSLCfH
cmJOXimsg4lzCRq3gTxhQPsifhNIg6fvlz5q3pl0UHc3nkIiMvJwUXnTRasAnEgK
IZRkA4Bsl4DW/UEh4P5XkLVuJJek5NHsmilNb4SpMHRumJozwrVaSkrblvoLabnm
MIfZZJpiMXovgi99p9++q0/Vt2bWNBabwcpMBXgGSNppt6RpMDUaamluWHcpcIf+
EyPifcGwJF91cIxlmBR3lLUd/WuJmI9uHS0ldopGoXsT
-----END CERTIFICATE-----