Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19148.roa
File:                     AS19148.roa (raw, json)
Hash identifier:          em4oH63R3euljhLbE2avMJos2kW3RpbwFgAWjf+6M3M=
Subject key identifier:   05:0B:9C:D4:E5:99:CC:2B:78:1F:D5:C3:E2:69:23:E2:6F:CB:9C:18
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1EA4A6C527120742C4F079CFD12CFF7212FCD74E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19148.roa
Signing time:             Mon 07 Oct 2024 09:50:32 +0000
ROA not before:           Mon 07 Oct 2024 09:45:32 +0000
ROA not after:            Mon 06 Oct 2025 09:50:32 +0000
asID:                     19148
IP address blocks:        191.101.26.0/24 maxlen: 24
                          191.101.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a4:a6:c5:27:12:07:42:c4:f0:79:cf:d1:2c:ff:72:12:fc:d7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  7 09:45:32 2024 GMT
            Not After : Oct  6 09:50:32 2025 GMT
        Subject: CN=050B9CD4E599CC2B781FD5C3E26923E26FCB9C18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:15:33:6e:51:c7:fb:7b:2c:d4:73:e6:51:a0:
                    75:09:84:63:ee:54:0b:dc:d6:ba:9e:e7:66:a5:be:
                    54:d1:24:f8:14:2b:67:f9:e4:f1:42:ba:12:4a:e0:
                    7d:8d:b3:f5:1f:8a:e2:6c:3b:cf:b9:21:35:1e:de:
                    8e:2e:f2:b7:e9:07:0f:1e:68:35:af:43:9b:45:a1:
                    4a:85:4e:6e:09:e1:fd:1e:4d:14:f3:60:62:40:77:
                    e7:df:09:0c:9b:92:d6:18:06:00:17:37:f4:e5:2e:
                    6e:e7:2c:5e:44:4a:32:f0:9f:6f:17:a0:e7:a7:19:
                    9e:c8:38:b7:d3:8c:73:63:f7:f4:9e:f9:80:12:4a:
                    80:4d:cf:40:a2:01:ab:62:db:72:70:a3:79:fb:d6:
                    a5:94:af:ab:fe:b1:53:e6:8f:2b:c5:de:f5:dd:c5:
                    7c:5b:74:75:a1:af:7d:c3:8d:fa:dd:7f:86:20:9e:
                    ab:31:52:ee:cf:7a:0c:ba:94:99:62:48:8c:60:c9:
                    1c:91:c9:b8:62:6f:46:5f:de:1e:f5:5b:a2:66:52:
                    c9:f2:51:90:c4:f3:28:f8:cc:06:f1:bc:a5:7f:a8:
                    b2:be:b8:52:d3:0f:fa:9a:50:8d:fc:b6:01:83:bd:
                    9a:51:09:08:1f:f4:4b:b8:46:55:99:d5:30:1f:3c:
                    ab:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:0B:9C:D4:E5:99:CC:2B:78:1F:D5:C3:E2:69:23:E2:6F:CB:9C:18
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19148.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.26.0/24
                  191.101.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:a4:d4:b7:c2:46:12:56:45:f2:3e:f0:0e:2f:b8:0c:15:ae:
         d1:ff:03:78:6a:13:b5:7c:20:ba:de:0c:b6:4a:03:db:a1:bc:
         96:fc:22:98:83:39:f3:21:b6:0a:d3:96:88:3e:ef:84:b5:1e:
         4f:37:a3:5d:ea:67:36:3c:57:f0:29:42:1f:16:c0:40:66:78:
         53:83:1b:38:fb:ea:b8:ef:d7:03:73:49:eb:57:16:01:d1:51:
         e3:63:a9:9e:90:44:cf:1d:c3:91:c5:15:66:3a:04:59:8f:3e:
         e0:34:aa:e7:e9:c0:b6:e9:02:83:96:74:b4:86:fc:b0:61:e9:
         95:81:7a:e1:7c:ef:b8:1a:dc:45:27:f7:72:dc:80:a2:89:04:
         f8:ae:90:6c:a0:df:bc:f7:f8:99:33:1e:b3:fd:6a:bc:92:88:
         c5:27:48:07:fd:3a:f0:27:c1:06:58:b7:8a:f5:4e:88:4a:a6:
         2b:76:03:fd:9c:6a:db:6b:e3:a2:99:df:73:99:b0:32:03:5d:
         b9:1b:39:aa:b9:01:ef:b8:3a:90:01:0c:20:c8:d5:91:eb:17:
         9b:f4:19:19:bc:6c:d5:8e:cc:2c:93:8d:24:8a:6f:fd:7d:a5:
         57:ec:07:4c:b8:99:26:3e:79:47:aa:a8:98:7b:1f:84:ad:00:
         f8:f8:da:3d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUHqSmxScSB0LE8HnP0Sz/chL8104wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMDcwOTQ1MzJaFw0yNTEwMDYwOTUwMzJaMDMxMTAvBgNV
BAMTKDA1MEI5Q0Q0RTU5OUNDMkI3ODFGRDVDM0UyNjkyM0UyNkZDQjlDMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOFTNuUcf7eyzUc+ZRoHUJhGPu
VAvc1rqe52alvlTRJPgUK2f55PFCuhJK4H2Ns/UfiuJsO8+5ITUe3o4u8rfpBw8e
aDWvQ5tFoUqFTm4J4f0eTRTzYGJAd+ffCQybktYYBgAXN/TlLm7nLF5ESjLwn28X
oOenGZ7IOLfTjHNj9/Se+YASSoBNz0CiAati23Jwo3n71qWUr6v+sVPmjyvF3vXd
xXxbdHWhr33Djfrdf4YgnqsxUu7Pegy6lJliSIxgyRyRybhib0Zf3h71W6JmUsny
UZDE8yj4zAbxvKV/qLK+uFLTD/qaUI38tgGDvZpRCQgf9Eu4RlWZ1TAfPKsFAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUBQuc1OWZzCt4H9XD4mkj4m/LnBgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTkxNDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC/ZRoD
BAC/Za4wDQYJKoZIhvcNAQELBQADggEBAHCk1LfCRhJWRfI+8A4vuAwVrtH/A3hq
E7V8ILreDLZKA9uhvJb8IpiDOfMhtgrTlog+74S1Hk83o13qZzY8V/ApQh8WwEBm
eFODGzj76rjv1wNzSetXFgHRUeNjqZ6QRM8dw5HFFWY6BFmPPuA0qufpwLbpAoOW
dLSG/LBh6ZWBeuF877ga3EUn93LcgKKJBPiukGyg37z3+JkzHrP9arySiMUnSAf9
OvAnwQZYt4r1TohKpit2A/2cattr46KZ33OZsDIDXbkbOaq5Ae+4OpABDCDI1ZHr
F5v0GRm8bNWOzCyTjSSKb/19pVfsB0y4mSY+eUeqqJh7H4StAPj42j0=
-----END CERTIFICATE-----