Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/les_6wsnsgt3N6J3jrSt8FGLh2o.roa
File:                     les_6wsnsgt3N6J3jrSt8FGLh2o.roa (raw, json)
Hash identifier:          w/OoB0CohLCCVJmsCqR/wlJuBKJFnQYzzH1QL/J31rg=
Subject key identifier:   95:EB:3F:EB:0B:27:B2:0B:77:37:A2:77:8E:B4:AD:F0:51:8B:87:6A
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B881CFF7645A9E2DBB00126A57FD1
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/les_6wsnsgt3N6J3jrSt8FGLh2o.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206717
IP address blocks:        93.109.217.0/24 maxlen: 24
                          213.7.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:88:1c:ff:76:45:a9:e2:db:b0:01:26:a5:7f:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95eb3feb0b27b20b7737a2778eb4adf0518b876a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ac:b7:c1:ec:63:2c:4d:6b:ba:b8:16:7d:9e:
                    60:de:fb:76:6b:5f:a2:42:d3:6a:53:e8:9f:d2:db:
                    e8:42:86:dc:a3:ca:2d:d0:fc:36:56:82:83:49:ca:
                    9c:b4:a9:7c:f6:47:4c:f4:a3:c4:bd:7b:51:62:38:
                    c1:ff:2c:e6:0c:86:e8:0e:03:73:80:bc:bf:07:41:
                    41:45:f9:9b:41:48:71:10:ab:07:27:3c:2a:61:2f:
                    7d:08:47:dd:1b:ad:e5:99:66:7c:23:c6:f1:4c:18:
                    20:1e:bd:e7:c3:e3:45:35:73:1b:7d:da:ba:70:86:
                    c3:07:2e:d7:35:17:ba:5d:c0:5b:a8:50:50:33:e4:
                    c0:6f:10:ed:48:1a:5e:54:8b:6d:2d:3b:89:90:a8:
                    3e:67:f2:5b:01:c1:f2:31:2b:87:18:f0:5b:1a:9e:
                    75:b3:68:97:d4:46:fc:e1:aa:06:9d:26:cf:9d:7c:
                    74:58:45:89:0f:d5:cb:a3:ee:80:21:6a:64:a9:55:
                    5b:cf:7a:1e:cf:95:ad:d7:3a:b2:31:f7:75:e0:4d:
                    3a:93:af:98:fe:e8:e4:06:88:bf:01:12:7b:59:40:
                    fd:48:ea:2b:f7:8b:a4:4f:31:5b:9a:5e:83:73:ee:
                    83:4c:7f:62:00:23:57:48:2e:c2:86:39:e7:5d:3a:
                    32:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EB:3F:EB:0B:27:B2:0B:77:37:A2:77:8E:B4:AD:F0:51:8B:87:6A
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/les_6wsnsgt3N6J3jrSt8FGLh2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.109.217.0/24
                  213.7.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:a2:88:eb:74:b8:ee:24:37:f1:7d:fb:c2:90:9b:ef:63:10:
         1a:45:9f:d1:a3:d2:82:13:fd:01:cb:af:a2:b5:fe:bb:11:00:
         12:22:5d:da:72:1f:40:e5:cd:ba:b2:89:1b:40:a2:88:a6:a5:
         99:c0:4d:b7:0c:1c:81:33:7f:ef:30:44:0f:e9:53:04:f9:2b:
         58:b9:f8:2a:cd:4a:9a:12:6a:b5:c8:5d:49:86:8e:db:77:a7:
         63:13:01:86:5b:b8:ef:85:de:82:51:a9:b3:06:5d:fb:f1:a7:
         dd:fe:41:5c:ac:b5:55:b9:05:3d:77:3d:a7:9b:22:8a:ec:3c:
         30:01:ac:e2:08:2f:be:03:e6:ae:73:8f:6c:72:42:1b:1a:4b:
         9c:ce:3d:14:ca:4f:16:1c:31:60:50:da:19:46:48:19:b2:4c:
         7f:8d:e5:77:03:27:5d:5f:41:e7:3c:8a:29:21:13:80:a0:03:
         21:52:02:cd:9a:61:3a:b3:28:04:8b:93:cc:fd:58:f9:17:0d:
         c5:57:97:49:09:9e:85:bc:0a:c4:08:c1:0b:af:85:38:de:a6:
         87:38:08:4d:dd:4a:4d:0d:b0:a4:64:f5:60:2f:94:3f:25:29:
         9e:99:a3:91:91:d9:13:48:fc:80:43:ba:24:b3:d5:bb:8a:0f:
         7b:fa:28:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma4gc/3ZFqeLbsAEmpX/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWViM2ZlYjBiMjdiMjBiNzczN2EyNzc4ZWI0YWRmMDUxOGI4NzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqy3wexjLE1rurgWfZ5g3vt2a1+i
QtNqU+if0tvoQobco8ot0Pw2VoKDScqctKl89kdM9KPEvXtRYjjB/yzmDIboDgNz
gLy/B0FBRfmbQUhxEKsHJzwqYS99CEfdG63lmWZ8I8bxTBggHr3nw+NFNXMbfdq6
cIbDBy7XNRe6XcBbqFBQM+TAbxDtSBpeVIttLTuJkKg+Z/JbAcHyMSuHGPBbGp51
s2iX1Eb84aoGnSbPnXx0WEWJD9XLo+6AIWpkqVVbz3oez5Wt1zqyMfd14E06k6+Y
/ujkBoi/ARJ7WUD9SOor94ukTzFbml6Dc+6DTH9iACNXSC7ChjnnXToylQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJXrP+sLJ7ILdzeid460rfBRi4dqMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvbGVzXzZ3c25zZ3QzTjZKM2pyU3Q4RkdMaDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXW3ZAwQA
1QfRMA0GCSqGSIb3DQEBCwUAA4IBAQCmoojrdLjuJDfxffvCkJvvYxAaRZ/Ro9KC
E/0By6+itf67EQASIl3ach9A5c26sokbQKKIpqWZwE23DByBM3/vMEQP6VME+StY
ufgqzUqaEmq1yF1Jho7bd6djEwGGW7jvhd6CUamzBl378afd/kFcrLVVuQU9dz2n
myKK7DwwAaziCC++A+auc49sckIbGkuczj0Uyk8WHDFgUNoZRkgZskx/jeV3Aydd
X0HnPIopIROAoAMhUgLNmmE6sygEi5PM/Vj5Fw3FV5dJCZ6FvArECMELr4U43qaH
OAhN3UpNDbCkZPVgL5Q/JSmemaORkdkTSPyAQ7oks9W7ig97+ihc
-----END CERTIFICATE-----