Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/Tou15RsswsqvPmkVgHNvkewNz4U.roa
File:                     Tou15RsswsqvPmkVgHNvkewNz4U.roa (raw, json)
Hash identifier:          sRVbf2T9+ueKcSBA91VjJaXnax5nRytHwlDUn+VMY0A=
Subject key identifier:   4E:8B:B5:E5:1B:2C:C2:CA:AF:3E:69:15:80:73:6F:91:EC:0D:CF:85
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018CC7956A9289C66757C17B5A14994D1AC2
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/Tou15RsswsqvPmkVgHNvkewNz4U.roa
Signing time:             Tue 02 Jan 2024 00:31:47 +0000
ROA not before:           Tue 02 Jan 2024 00:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202564
IP address blocks:        45.66.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 07:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6a:92:89:c6:67:57:c1:7b:5a:14:99:4d:1a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 00:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e8bb5e51b2cc2caaf3e691580736f91ec0dcf85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:37:8c:12:df:8f:d8:a0:94:ae:bb:35:90:90:
                    9c:16:e4:85:97:eb:11:16:53:1d:fd:c1:f7:77:67:
                    38:fa:0c:9a:fb:fa:8e:c4:82:16:7d:8e:c4:a9:45:
                    ee:5c:01:3c:83:f4:dc:aa:40:49:6c:d0:6e:a1:b3:
                    61:99:2d:23:c5:94:75:2f:5e:e8:e0:47:6d:38:90:
                    ea:2f:6d:0b:6a:d6:f2:6f:6e:1c:5a:9e:2f:96:46:
                    13:46:cf:34:3e:d8:c8:46:a9:66:67:39:0c:dd:b2:
                    5a:27:e7:1a:37:0e:69:28:1f:d1:86:1b:da:aa:36:
                    d5:fc:d9:66:cb:af:c5:93:6c:09:71:ea:22:0b:d7:
                    4c:39:81:eb:ac:ce:0b:47:7a:0e:6d:3b:80:ae:9a:
                    33:f6:c4:39:d9:44:cd:e3:15:2d:af:d8:ff:68:8d:
                    11:d2:ed:96:24:da:a6:0a:34:3b:14:64:a8:12:1a:
                    29:c0:27:8d:83:09:0f:a6:57:76:0f:16:be:88:1a:
                    48:e6:b5:7a:8f:e4:09:48:26:3a:2e:5a:bf:7e:e9:
                    9d:75:1f:a7:52:a4:b4:56:33:89:b4:0b:27:7f:ab:
                    2b:88:4f:aa:bc:aa:8c:45:f7:64:df:16:93:c2:22:
                    5f:98:1f:fe:c6:1c:42:d1:a6:bc:91:bf:be:44:48:
                    e1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8B:B5:E5:1B:2C:C2:CA:AF:3E:69:15:80:73:6F:91:EC:0D:CF:85
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/Tou15RsswsqvPmkVgHNvkewNz4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:b5:2d:03:21:d7:0e:aa:b3:52:49:b1:b8:ea:d3:bd:d0:97:
         be:52:a3:e1:bc:7a:c2:d2:6b:3b:19:cf:c1:aa:bb:8b:09:ed:
         51:84:97:c3:88:96:d3:fb:d8:56:d3:be:3c:a0:88:ca:b6:a5:
         2f:a5:a1:8c:cf:10:9f:e5:2a:57:49:30:de:99:e5:7c:fd:9d:
         5f:cf:2d:20:95:32:04:68:a3:fa:0d:cb:fc:aa:b7:23:26:66:
         83:d0:5e:56:74:b9:eb:91:dd:df:61:aa:0e:d3:ec:d7:e9:3b:
         14:7e:c0:37:a8:43:28:19:7e:17:98:fe:bd:bf:d6:a8:30:1d:
         f6:92:74:9e:d1:19:6b:ea:5a:48:09:b6:2f:a5:d4:91:0e:8f:
         ad:5b:b1:74:d4:7b:d3:2a:47:dd:ef:86:d8:10:2f:28:80:33:
         87:2d:13:24:96:e0:a4:15:3b:44:7f:51:3e:4f:cc:1f:5a:d4:
         cb:8a:62:58:d5:16:99:2b:4e:a9:12:d0:0f:e4:63:f8:6c:84:
         75:29:b3:4e:7e:d4:1d:6e:9f:3c:96:81:d4:c2:9e:ec:8a:7f:
         6a:4b:c3:64:42:3d:d0:02:66:82:a2:41:bd:3b:7a:ca:0a:8f:
         48:c0:25:4c:a1:88:54:0f:34:29:23:9e:a8:bf:fc:c1:6d:a1:
         f4:f1:b2:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWqSicZnV8F7WhSZTRrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwMTAyMDAzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThiYjVlNTFiMmNjMmNhYWYzZTY5MTU4MDczNmY5MWVjMGRjZjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjeMEt+P2KCUrrs1kJCcFuSFl+sR
FlMd/cH3d2c4+gya+/qOxIIWfY7EqUXuXAE8g/TcqkBJbNBuobNhmS0jxZR1L17o
4EdtOJDqL20Latbyb24cWp4vlkYTRs80PtjIRqlmZzkM3bJaJ+caNw5pKB/Rhhva
qjbV/Nlmy6/Fk2wJceoiC9dMOYHrrM4LR3oObTuArpoz9sQ52UTN4xUtr9j/aI0R
0u2WJNqmCjQ7FGSoEhopwCeNgwkPpld2Dxa+iBpI5rV6j+QJSCY6Llq/fumddR+n
UqS0VjOJtAsnf6sriE+qvKqMRfdk3xaTwiJfmB/+xhxC0aa8kb++REjhAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6LteUbLMLKrz5pFYBzb5HsDc+FMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvVG91MTVSc3N3c3F2UG1rVmdITnZrZXdOejRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUI2MA0G
CSqGSIb3DQEBCwUAA4IBAQAbtS0DIdcOqrNSSbG46tO90Je+UqPhvHrC0ms7Gc/B
qruLCe1RhJfDiJbT+9hW0748oIjKtqUvpaGMzxCf5SpXSTDemeV8/Z1fzy0glTIE
aKP6Dcv8qrcjJmaD0F5WdLnrkd3fYaoO0+zX6TsUfsA3qEMoGX4XmP69v9aoMB32
knSe0Rlr6lpICbYvpdSRDo+tW7F01HvTKkfd74bYEC8ogDOHLRMkluCkFTtEf1E+
T8wfWtTLimJY1RaZK06pEtAP5GP4bIR1KbNOftQdbp88loHUwp7sin9qS8NkQj3Q
AmaCokG9O3rKCo9IwCVMoYhUDzQpI56ov/zBbaH08bJU
-----END CERTIFICATE-----