Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/3bf23a-904c-4e4f-9f02-f999e1beb961/1/lekZnMwCfasGMYPPf8NWcrNsPvk.roa
File:                     lekZnMwCfasGMYPPf8NWcrNsPvk.roa (raw, json)
Hash identifier:          NYgsg0jaOTcDItxj3A37yrzmpJgBNcKG+hqNSV5rbvU=
Subject key identifier:   95:E9:19:9C:CC:02:7D:AB:06:31:83:CF:7F:C3:56:72:B3:6C:3E:F9
Certificate issuer:       /CN=8d7faa5bb9b3ea40137db86c4072fce158f6a5cf
Certificate serial:       018CC64B4CECDDD86507D4A69E5C8784F10C
Authority key identifier: 8D:7F:AA:5B:B9:B3:EA:40:13:7D:B8:6C:40:72:FC:E1:58:F6:A5:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jX-qW7mz6kATfbhsQHL84Vj2pc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/3bf23a-904c-4e4f-9f02-f999e1beb961/1/lekZnMwCfasGMYPPf8NWcrNsPvk.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200548
IP address blocks:        37.16.92.0/22 maxlen: 22
                          37.16.93.0/24 maxlen: 24
                          37.16.94.0/24 maxlen: 24
                          37.16.92.0/24 maxlen: 24
                          37.16.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/3bf23a-904c-4e4f-9f02-f999e1beb961/1/jX-qW7mz6kATfbhsQHL84Vj2pc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/3bf23a-904c-4e4f-9f02-f999e1beb961/1/jX-qW7mz6kATfbhsQHL84Vj2pc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jX-qW7mz6kATfbhsQHL84Vj2pc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4c:ec:dd:d8:65:07:d4:a6:9e:5c:87:84:f1:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d7faa5bb9b3ea40137db86c4072fce158f6a5cf
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95e9199ccc027dab063183cf7fc35672b36c3ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:63:93:e9:c1:a4:16:4f:21:12:29:93:5f:16:
                    7b:3f:da:ef:4b:c8:ec:bc:4e:c5:1a:24:8e:13:17:
                    70:d9:51:2b:d0:5a:e3:9b:3c:e7:31:91:ac:11:31:
                    cb:9d:8a:7f:6c:39:56:f8:f6:1b:1b:64:03:fc:05:
                    12:1d:c5:a4:19:44:cc:83:20:46:44:dd:74:74:b9:
                    9f:68:70:29:e4:c8:62:ed:b0:38:d5:5c:7d:95:51:
                    03:af:37:ed:2d:7e:8e:e8:40:8f:e3:52:5d:9b:22:
                    45:df:78:c9:a0:1b:1b:23:d6:84:58:78:43:51:d3:
                    2d:5b:d5:c4:b5:61:a6:ef:c7:9d:be:c5:0c:d5:f6:
                    33:e1:7d:06:7f:6c:bc:cb:45:de:93:1f:07:6d:cf:
                    97:0e:b6:20:90:78:d8:d2:20:c9:1f:ff:f7:85:df:
                    4f:34:21:04:f7:3f:93:c0:18:f9:3e:29:4e:6c:08:
                    07:0d:f8:8a:1b:5a:74:26:84:32:38:cb:5c:b9:e6:
                    2b:76:73:a5:47:dc:ce:91:6f:d7:52:65:ad:9f:0d:
                    ac:4c:86:5e:71:10:b1:dc:07:c3:63:36:73:0a:2a:
                    03:7b:65:14:f5:eb:09:3d:22:a6:a4:35:95:b1:f1:
                    6a:a6:24:9c:19:8b:95:91:3d:5f:9b:65:f8:5b:bd:
                    38:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E9:19:9C:CC:02:7D:AB:06:31:83:CF:7F:C3:56:72:B3:6C:3E:F9
            X509v3 Authority Key Identifier:
                keyid:8D:7F:AA:5B:B9:B3:EA:40:13:7D:B8:6C:40:72:FC:E1:58:F6:A5:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jX-qW7mz6kATfbhsQHL84Vj2pc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/3bf23a-904c-4e4f-9f02-f999e1beb961/1/lekZnMwCfasGMYPPf8NWcrNsPvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/3bf23a-904c-4e4f-9f02-f999e1beb961/1/jX-qW7mz6kATfbhsQHL84Vj2pc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:80:22:95:08:81:96:e6:06:b2:d7:19:f0:f4:41:d1:62:9c:
         b3:ea:28:a2:70:33:89:10:b3:79:a5:74:9d:e9:69:26:2a:82:
         93:a3:37:d7:ff:de:40:bb:54:8a:20:ad:73:3d:bb:11:38:45:
         94:a5:6e:c3:d1:08:5a:db:8a:dd:e4:fd:4d:c4:7a:36:eb:06:
         94:ef:bb:da:4c:ac:13:45:98:2c:c0:59:f7:c7:77:00:b4:b6:
         ca:45:ed:06:45:2c:3a:08:df:3c:ec:6e:a2:ec:fa:22:5a:2d:
         1a:ea:8a:04:b0:37:80:03:c4:66:bb:83:1e:fe:b8:c4:d7:4c:
         bb:30:c8:5a:ea:e3:51:d3:dc:bc:0a:9e:22:78:04:49:b3:a7:
         94:b2:20:f0:9c:3c:a5:03:55:29:2b:64:a4:eb:ee:2d:79:92:
         a5:e8:68:e3:1f:7d:3e:fe:0b:f6:43:da:cc:f8:1b:56:91:06:
         c9:89:f8:f4:5e:63:95:c9:27:aa:8e:08:fc:3e:bf:1b:ca:49:
         98:92:d2:9e:99:51:2f:29:0a:72:ee:c1:20:11:d6:20:2a:e7:
         cb:a0:5c:6f:94:9d:13:74:11:9c:6c:d4:6b:5a:dd:a9:a0:a1:
         dd:c9:eb:0b:e9:43:14:da:e3:2e:5f:87:1e:a9:61:07:c4:3a:
         11:0f:95:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0zs3dhlB9SmnlyHhPEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkN2ZhYTViYjliM2VhNDAxMzdkYjg2YzQwNzJmY2UxNThm
NmE1Y2YwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWU5MTk5Y2NjMDI3ZGFiMDYzMTgzY2Y3ZmMzNTY3MmIzNmMzZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GOT6cGkFk8hEimTXxZ7P9rvS8js
vE7FGiSOExdw2VEr0FrjmzznMZGsETHLnYp/bDlW+PYbG2QD/AUSHcWkGUTMgyBG
RN10dLmfaHAp5Mhi7bA41Vx9lVEDrzftLX6O6ECP41JdmyJF33jJoBsbI9aEWHhD
UdMtW9XEtWGm78edvsUM1fYz4X0Gf2y8y0Xekx8Hbc+XDrYgkHjY0iDJH//3hd9P
NCEE9z+TwBj5PilObAgHDfiKG1p0JoQyOMtcueYrdnOlR9zOkW/XUmWtnw2sTIZe
cRCx3AfDYzZzCioDe2UU9esJPSKmpDWVsfFqpiScGYuVkT1fm2X4W704VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXpGZzMAn2rBjGDz3/DVnKzbD75MB8GA1UdIwQY
MBaAFI1/qlu5s+pAE324bEBy/OFY9qXPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalgtcVc3bXo2a0FUZmJoc1FITDg0VmoycGM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8zYmYyM2EtOTA0Yy00ZTRmLTlmMDIt
Zjk5OWUxYmViOTYxLzEvbGVrWm5Nd0NmYXNHTVlQUGY4Tldjck5zUHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8zYmYyM2EtOTA0Yy00ZTRmLTlmMDItZjk5OWUxYmViOTYx
LzEvalgtcVc3bXo2a0FUZmJoc1FITDg0VmoycGM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJRBcMA0G
CSqGSIb3DQEBCwUAA4IBAQATgCKVCIGW5gay1xnw9EHRYpyz6iiicDOJELN5pXSd
6WkmKoKTozfX/95Au1SKIK1zPbsROEWUpW7D0Qha24rd5P1NxHo26waU77vaTKwT
RZgswFn3x3cAtLbKRe0GRSw6CN887G6i7PoiWi0a6ooEsDeAA8Rmu4Me/rjE10y7
MMha6uNR09y8Cp4ieARJs6eUsiDwnDylA1UpK2Sk6+4teZKl6GjjH30+/gv2Q9rM
+BtWkQbJifj0XmOVySeqjgj8Pr8bykmYktKemVEvKQpy7sEgEdYgKufLoFxvlJ0T
dBGcbNRrWt2poKHdyesL6UMU2uMuX4ceqWEHxDoRD5X+
-----END CERTIFICATE-----