Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19318.roa
File:                     AS19318.roa (raw, json)
Hash identifier:          YTWBTz9DtwWoSChB59RhNUswYeN3YAO3gIq1lYAvQr4=
Subject key identifier:   32:2A:83:F0:7F:53:4E:DD:78:C4:3F:E2:96:49:EE:D9:39:D5:38:EC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1E4E8E801E73C823D36DDD775C5842F4FBCF98D4
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19318.roa
Signing time:             Thu 30 Nov 2023 13:05:07 +0000
ROA not before:           Thu 30 Nov 2023 13:00:07 +0000
ROA not after:            Thu 28 Nov 2024 13:05:07 +0000
asID:                     19318
IP address blocks:        194.104.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:4e:8e:80:1e:73:c8:23:d3:6d:dd:77:5c:58:42:f4:fb:cf:98:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 30 13:00:07 2023 GMT
            Not After : Nov 28 13:05:07 2024 GMT
        Subject: CN=322A83F07F534EDD78C43FE29649EED939D538EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:96:c2:2c:df:92:c0:89:d2:27:dc:36:49:2f:
                    a0:30:16:a6:9a:22:ff:c3:6d:53:42:3c:34:93:59:
                    83:69:13:88:3f:77:17:9f:bb:36:97:ea:11:00:58:
                    db:07:ac:a8:4c:2c:ad:1a:cc:2a:3e:74:e8:39:36:
                    b1:21:cb:ce:18:d2:8b:a2:05:c4:02:89:7a:b5:05:
                    2d:a6:ac:70:83:b0:a0:cf:63:db:9c:f4:4d:61:e9:
                    93:dc:0e:e0:82:02:58:07:69:ee:54:a8:7a:14:63:
                    ae:dd:a6:36:54:74:70:cd:85:cc:41:e2:85:ec:b9:
                    04:ea:c4:a0:38:60:f1:5b:ff:84:ab:11:c9:ff:72:
                    af:96:54:7f:e4:63:ac:da:2e:8a:45:ed:85:de:8b:
                    2c:aa:d2:6c:35:0c:f8:4f:bd:c9:08:21:47:ff:7c:
                    33:3d:51:7e:a9:b4:0f:91:8a:67:fe:bf:95:45:4d:
                    d6:d4:3a:88:97:c7:7c:c5:cd:b6:19:8c:3f:01:33:
                    29:5e:a5:f2:c4:a0:93:79:18:54:52:9d:09:16:ac:
                    9b:af:c0:ab:01:f6:81:e4:f8:be:2d:4a:e9:18:b4:
                    76:d4:4f:5b:8f:bf:fb:1d:17:2f:d2:7f:11:2a:09:
                    97:af:d6:2a:d6:08:c6:32:67:d8:a6:30:6f:1b:7e:
                    b6:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:2A:83:F0:7F:53:4E:DD:78:C4:3F:E2:96:49:EE:D9:39:D5:38:EC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b3:e3:69:65:6a:70:c3:10:81:5e:1d:be:e3:69:2f:e1:23:
         76:a5:f5:90:ef:71:2e:5d:42:48:7b:a1:d2:a2:9c:55:de:e7:
         e0:d9:aa:84:ba:7f:f6:66:85:2b:8e:2f:c9:4b:d9:a1:a0:67:
         de:2c:d2:fd:ef:8c:2b:89:6b:df:89:d4:66:b4:05:80:e8:28:
         bd:b9:e8:71:03:6e:45:d8:de:17:65:f4:e6:97:e6:25:b0:5a:
         04:ab:68:f5:05:0f:35:1a:14:61:f0:3d:94:cc:7a:70:72:de:
         87:7b:e7:cc:13:35:6e:d4:be:7b:70:b2:52:80:6d:2b:b5:56:
         2e:6b:36:b5:59:e8:6b:8b:5d:36:c4:07:20:09:fe:0f:b2:77:
         15:b5:95:09:ef:ae:40:c6:31:80:58:48:e8:f4:33:00:7a:73:
         44:7f:9e:41:71:7d:77:32:ee:89:6e:17:b4:e1:77:50:7d:20:
         32:28:92:cd:c9:5c:20:b3:ea:a3:6c:7e:dd:8c:3b:96:82:c1:
         96:1d:28:d5:f0:9c:6d:a6:e8:2a:54:9e:43:ed:a7:22:8b:0f:
         ee:95:98:f5:2c:04:8d:b3:7f:5e:2f:20:ab:85:98:ae:d9:6a:
         06:22:85:58:3f:51:55:63:59:30:15:e3:4e:4f:39:72:65:8c:
         c9:62:26:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHk6OgB5zyCPTbd13XFhC9PvPmNQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzExMzAxMzAwMDdaFw0yNDExMjgxMzA1MDdaMDMxMTAvBgNV
BAMTKDMyMkE4M0YwN0Y1MzRFREQ3OEM0M0ZFMjk2NDlFRUQ5MzlENTM4RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwlsIs35LAidIn3DZJL6AwFqaa
Iv/DbVNCPDSTWYNpE4g/dxefuzaX6hEAWNsHrKhMLK0azCo+dOg5NrEhy84Y0oui
BcQCiXq1BS2mrHCDsKDPY9uc9E1h6ZPcDuCCAlgHae5UqHoUY67dpjZUdHDNhcxB
4oXsuQTqxKA4YPFb/4SrEcn/cq+WVH/kY6zaLopF7YXeiyyq0mw1DPhPvckIIUf/
fDM9UX6ptA+Rimf+v5VFTdbUOoiXx3zFzbYZjD8BMylepfLEoJN5GFRSnQkWrJuv
wKsB9oHk+L4tSukYtHbUT1uPv/sdFy/SfxEqCZev1irWCMYyZ9imMG8bfrYzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUMiqD8H9TTt14xD/ilknu2TnVOOwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTkzMTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCaJww
DQYJKoZIhvcNAQELBQADggEBAD6z42llanDDEIFeHb7jaS/hI3al9ZDvcS5dQkh7
odKinFXe5+DZqoS6f/ZmhSuOL8lL2aGgZ94s0v3vjCuJa9+J1Ga0BYDoKL256HED
bkXY3hdl9OaX5iWwWgSraPUFDzUaFGHwPZTMenBy3od758wTNW7UvntwslKAbSu1
Vi5rNrVZ6GuLXTbEByAJ/g+ydxW1lQnvrkDGMYBYSOj0MwB6c0R/nkFxfXcy7olu
F7Thd1B9IDIoks3JXCCz6qNsft2MO5aCwZYdKNXwnG2m6CpUnkPtpyKLD+6VmPUs
BI2zf14vIKuFmK7ZagYihVg/UVVjWTAV405POXJljMliJgk=
-----END CERTIFICATE-----