Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/f3mqz2GdY-hGnQZb7cJp0oxMo_U.roa
File:                     f3mqz2GdY-hGnQZb7cJp0oxMo_U.roa (raw, json)
Hash identifier:          1NUhPkiY3XXcZszhiKpqJP8g6CIZbr1jvoZJf3dG5nY=
Subject key identifier:   7F:79:AA:CF:61:9D:63:E8:46:9D:06:5B:ED:C2:69:D2:8C:4C:A3:F5
Certificate issuer:       /CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
Certificate serial:       018CC86EFFC2A57B2FAC1F714B4EE6165C31
Authority key identifier: 5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/f3mqz2GdY-hGnQZb7cJp0oxMo_U.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        45.15.104.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ff:c2:a5:7b:2f:ac:1f:71:4b:4e:e6:16:5c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f79aacf619d63e8469d065bedc269d28c4ca3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:07:dd:b0:fc:34:87:05:81:67:d0:d3:6c:a4:
                    94:7f:65:9d:3a:93:a7:df:79:17:38:e7:11:33:63:
                    24:3d:d1:f9:96:83:b2:10:16:3f:63:b9:e1:24:12:
                    56:d7:ef:7c:30:cc:dc:76:94:88:0f:56:6c:b2:bb:
                    f3:f9:72:09:2e:a8:7c:0e:1f:fa:4b:a7:ff:62:95:
                    e8:d7:2b:60:f9:02:7d:f7:21:bd:62:85:29:51:72:
                    ad:fb:15:06:b6:5f:2a:1a:8c:d3:ed:21:9a:52:74:
                    7e:2c:44:bc:f3:fe:d5:8a:b0:b3:d3:7d:5a:2c:9f:
                    53:a7:6f:e3:46:41:d2:b0:63:bb:a7:44:b0:0e:b7:
                    9e:da:dd:44:f0:ac:9d:ab:96:53:71:8c:20:ed:a0:
                    5a:68:9c:45:e7:29:ed:85:30:37:92:c1:47:6d:03:
                    6d:44:e6:bd:57:45:4a:6c:86:64:b5:0e:2c:d5:6f:
                    c9:f7:b2:05:0d:b1:e9:4d:0e:b0:ef:60:2d:48:48:
                    7f:80:56:ee:5e:90:53:47:3c:e9:86:42:85:e5:9a:
                    6c:8b:97:70:ec:91:6d:2f:04:a5:7b:3a:b4:35:46:
                    1a:5b:60:7f:f3:3b:9b:96:fc:1a:53:db:ff:7d:bd:
                    65:77:b7:6c:79:f7:d0:88:05:b2:43:29:fa:15:6b:
                    e5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:79:AA:CF:61:9D:63:E8:46:9D:06:5B:ED:C2:69:D2:8C:4C:A3:F5
            X509v3 Authority Key Identifier:
                keyid:5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/f3mqz2GdY-hGnQZb7cJp0oxMo_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:22:ce:8a:15:89:cc:1e:76:cc:5c:43:8c:1b:31:e8:ee:38:
         3c:40:45:ce:7b:38:c4:8e:78:83:aa:66:e1:2e:05:de:d0:95:
         2c:0f:06:5a:7b:c8:f7:0a:00:d0:ed:f6:b1:db:5d:47:0e:87:
         64:d7:79:89:e0:c6:3c:35:81:3f:14:d0:d1:3e:30:a0:63:98:
         12:f1:88:a8:00:3c:3a:63:8b:a2:be:fb:4d:62:d2:76:9f:f6:
         1f:84:6a:b1:02:78:9d:59:5f:49:4f:59:16:a5:14:e0:8c:61:
         65:26:b7:80:8f:35:c4:d9:12:fc:b7:09:d1:93:b1:3e:93:0e:
         20:aa:e1:cb:d9:ed:d5:ed:d2:45:68:b3:ad:37:24:bb:0a:80:
         f5:1f:e8:cd:f2:ee:4f:9c:c4:eb:c2:d6:c1:29:0b:33:50:af:
         01:20:6b:9a:23:e9:7a:9a:43:91:23:1c:e3:11:f8:b6:cf:f7:
         ea:7a:81:93:a4:18:d4:3f:cb:c4:fe:f8:2c:a0:69:7d:ea:eb:
         da:5a:05:bc:94:02:84:6a:6b:13:72:10:23:99:19:46:84:46:
         8b:4e:33:49:0a:4e:8a:ea:27:1f:1f:a2:0d:7e:92:de:a6:d8:
         32:f0:ea:d9:6b:28:65:5c:71:ef:80:1c:ee:a5:34:e6:40:c5:
         44:f9:b4:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbv/CpXsvrB9xS07mFlwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGQwN2I0NWY3ZDgzMTI0YzlmOGMwZmFjMDNiZWMwMjQ2
OGIzN2UwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjc5YWFjZjYxOWQ2M2U4NDY5ZDA2NWJlZGMyNjlkMjhjNGNhM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAfdsPw0hwWBZ9DTbKSUf2WdOpOn
33kXOOcRM2MkPdH5loOyEBY/Y7nhJBJW1+98MMzcdpSID1Zssrvz+XIJLqh8Dh/6
S6f/YpXo1ytg+QJ99yG9YoUpUXKt+xUGtl8qGozT7SGaUnR+LES88/7VirCz031a
LJ9Tp2/jRkHSsGO7p0SwDree2t1E8Kydq5ZTcYwg7aBaaJxF5ynthTA3ksFHbQNt
ROa9V0VKbIZktQ4s1W/J97IFDbHpTQ6w72AtSEh/gFbuXpBTRzzphkKF5Zpsi5dw
7JFtLwSlezq0NUYaW2B/8zublvwaU9v/fb1ld7dseffQiAWyQyn6FWvljwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH95qs9hnWPoRp0GW+3CadKMTKP1MB8GA1UdIwQY
MBaAFF6NB7RffYMSTJ+MD6wDvsAkaLN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQt
NmM4ZmQ4NGJiNWY1LzEvZjNtcXoyR2RZLWhHblFaYjdjSnAwb3hNb19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQtNmM4ZmQ4NGJiNWY1
LzEvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQ9oMA0G
CSqGSIb3DQEBCwUAA4IBAQAqIs6KFYnMHnbMXEOMGzHo7jg8QEXOezjEjniDqmbh
LgXe0JUsDwZae8j3CgDQ7fax211HDodk13mJ4MY8NYE/FNDRPjCgY5gS8YioADw6
Y4uivvtNYtJ2n/YfhGqxAnidWV9JT1kWpRTgjGFlJreAjzXE2RL8twnRk7E+kw4g
quHL2e3V7dJFaLOtNyS7CoD1H+jN8u5PnMTrwtbBKQszUK8BIGuaI+l6mkORIxzj
Efi2z/fqeoGTpBjUP8vE/vgsoGl96uvaWgW8lAKEamsTchAjmRlGhEaLTjNJCk6K
6icfH6INfpLeptgy8OrZayhlXHHvgBzupTTmQMVE+bR5
-----END CERTIFICATE-----