Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199856.roa
File:                     AS199856.roa (raw, json)
Hash identifier:          fU18c2+WnUbAAx9hd/D4JeH7iDH/B2VmHZsZW/nqWN0=
Subject key identifier:   45:33:B1:CA:EB:9B:A7:D3:8B:A7:89:E1:6B:F9:03:26:64:30:B7:3E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0FE5847940960F0CA86335F5B2D4BE9A8E38E4AA
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199856.roa
Signing time:             Fri 02 Feb 2024 13:05:12 +0000
ROA not before:           Fri 02 Feb 2024 13:00:12 +0000
ROA not after:            Fri 31 Jan 2025 13:05:12 +0000
asID:                     199856
IP address blocks:        176.105.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e5:84:79:40:96:0f:0c:a8:63:35:f5:b2:d4:be:9a:8e:38:e4:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb  2 13:00:12 2024 GMT
            Not After : Jan 31 13:05:12 2025 GMT
        Subject: CN=4533B1CAEB9BA7D38BA789E16BF903266430B73E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:35:dc:f1:6d:3b:23:a9:1a:ab:17:5b:f4:68:
                    09:1a:31:fd:c0:7b:cd:45:84:00:75:1d:15:05:06:
                    b3:65:28:3d:57:ca:b6:97:2c:71:9b:95:36:51:c4:
                    bc:91:86:a4:7a:ae:a7:fa:93:86:cb:eb:36:6c:7d:
                    0e:cd:e4:d0:a4:7f:82:69:12:aa:2b:af:72:bd:27:
                    e2:e6:ff:22:19:82:28:cb:ec:5d:aa:80:3d:0a:45:
                    f8:a7:e1:9a:71:81:80:f2:2e:24:fb:49:51:2f:05:
                    ae:a7:aa:65:e3:07:cb:be:00:ff:f1:0f:90:97:af:
                    07:99:b5:43:15:c1:bc:5a:b9:45:fd:d2:6d:02:1f:
                    9e:37:e2:b7:5f:c0:b3:2b:d3:86:2f:ae:8d:5a:b7:
                    2a:23:c0:4c:58:11:38:e3:06:c7:97:07:be:0e:fa:
                    a9:35:d7:27:70:ab:c3:e0:d6:af:33:9b:8c:b6:99:
                    70:1d:05:75:df:af:52:bb:a7:30:6d:55:8a:e2:13:
                    2c:e4:4f:88:4d:a5:ae:87:91:09:d9:dc:5c:62:8f:
                    3d:c2:65:de:c6:47:aa:d2:76:a2:94:b4:a5:bc:4b:
                    12:8e:22:08:f3:bf:79:08:b8:de:21:ae:19:37:d6:
                    a8:c7:49:30:93:85:2e:40:10:8a:e8:b7:c9:7d:41:
                    60:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:33:B1:CA:EB:9B:A7:D3:8B:A7:89:E1:6B:F9:03:26:64:30:B7:3E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:25:42:ff:40:7f:8d:ba:1e:a8:da:f8:52:e6:43:11:d2:c9:
         bf:8b:04:23:93:68:e7:9d:d0:de:b2:1b:40:bd:ce:d0:d4:2c:
         38:41:8f:fb:95:f1:db:df:65:6a:5b:c2:15:af:17:be:e5:9b:
         fb:01:fe:ab:9a:08:59:29:08:c9:b8:c7:f1:af:c5:3e:f7:93:
         f4:ee:2b:4a:02:06:0e:fe:2c:41:ef:b3:d9:02:30:00:95:67:
         4a:ff:23:c1:6b:5c:3b:1b:15:48:6c:06:d3:4a:7c:8e:06:32:
         c4:46:ef:9c:d0:11:d7:97:fb:d9:2d:b9:7b:34:de:be:d0:8b:
         eb:dd:16:49:b2:70:a0:97:45:a6:2f:22:59:da:c2:0c:fe:5a:
         67:d4:fc:b2:78:2a:c0:95:8d:f6:5c:15:1c:cf:76:98:f0:fa:
         e9:4d:87:e0:dd:56:8a:56:44:03:66:38:de:46:2a:34:09:be:
         b7:42:17:95:ec:65:c8:09:3d:d1:cf:b6:8d:65:d7:67:92:85:
         37:34:e8:62:fe:9a:ab:75:93:a5:fa:39:9b:45:12:b5:cd:c4:
         5a:86:26:df:bb:43:09:67:4b:2e:0d:e6:f6:44:18:57:cf:50:
         a5:53:eb:3d:03:9b:0f:79:23:7c:46:f7:30:15:a7:1c:09:64:
         78:a4:58:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUD+WEeUCWDwyoYzX1stS+mo445KowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMDIxMzAwMTJaFw0yNTAxMzExMzA1MTJaMDMxMTAvBgNV
BAMTKDQ1MzNCMUNBRUI5QkE3RDM4QkE3ODlFMTZCRjkwMzI2NjQzMEI3M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGNdzxbTsjqRqrF1v0aAkaMf3A
e81FhAB1HRUFBrNlKD1XyraXLHGblTZRxLyRhqR6rqf6k4bL6zZsfQ7N5NCkf4Jp
Eqorr3K9J+Lm/yIZgijL7F2qgD0KRfin4ZpxgYDyLiT7SVEvBa6nqmXjB8u+AP/x
D5CXrweZtUMVwbxauUX90m0CH5434rdfwLMr04Yvro1atyojwExYETjjBseXB74O
+qk11ydwq8Pg1q8zm4y2mXAdBXXfr1K7pzBtVYriEyzkT4hNpa6HkQnZ3Fxijz3C
Zd7GR6rSdqKUtKW8SxKOIgjzv3kIuN4hrhk31qjHSTCThS5AEIrot8l9QWCPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURTOxyuubp9OLp4nha/kDJmQwtz4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTk5ODU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGni
MA0GCSqGSIb3DQEBCwUAA4IBAQBkJUL/QH+Nuh6o2vhS5kMR0sm/iwQjk2jnndDe
shtAvc7Q1Cw4QY/7lfHb32VqW8IVrxe+5Zv7Af6rmghZKQjJuMfxr8U+95P07itK
AgYO/ixB77PZAjAAlWdK/yPBa1w7GxVIbAbTSnyOBjLERu+c0BHXl/vZLbl7NN6+
0Ivr3RZJsnCgl0WmLyJZ2sIM/lpn1PyyeCrAlY32XBUcz3aY8PrpTYfg3VaKVkQD
ZjjeRio0Cb63QheV7GXICT3Rz7aNZddnkoU3NOhi/pqrdZOl+jmbRRK1zcRahibf
u0MJZ0suDeb2RBhXz1ClU+s9A5sPeSN8RvcwFaccCWR4pFig
-----END CERTIFICATE-----