Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS2914.roa
File:                     AS2914.roa (raw, json)
Hash identifier:          l7wp8bRw7fjs4Mqhre5LxtGgK/WQuY6/14UkQSeon00=
Subject key identifier:   0F:2D:A2:4E:B2:7F:01:8E:05:95:C9:76:E4:84:DE:DC:BA:83:BC:EB
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7AA1D4C7D2E3E2E1CA552F7ECD34B411CB0F8F2D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS2914.roa
Signing time:             Wed 13 Mar 2024 12:11:46 +0000
ROA not before:           Wed 13 Mar 2024 12:06:46 +0000
ROA not after:            Wed 12 Mar 2025 12:11:46 +0000
asID:                     2914
IP address blocks:        193.176.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 09:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:a1:d4:c7:d2:e3:e2:e1:ca:55:2f:7e:cd:34:b4:11:cb:0f:8f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 13 12:06:46 2024 GMT
            Not After : Mar 12 12:11:46 2025 GMT
        Subject: CN=0F2DA24EB27F018E0595C976E484DEDCBA83BCEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:66:13:51:61:c4:9a:a5:ad:2a:de:c0:53:09:
                    da:b7:30:76:7e:15:e1:d1:91:52:46:b5:98:f7:a4:
                    75:8e:c1:ba:85:ee:f2:db:d0:16:ba:38:8e:7d:20:
                    5b:21:3d:13:96:f0:48:10:66:9a:0c:de:c5:5b:60:
                    e7:a2:eb:f3:d2:e6:16:69:71:c8:b6:9a:f3:46:1f:
                    83:d7:96:14:4c:32:a7:ad:2e:35:c0:0e:66:c7:f7:
                    a8:7b:17:cd:3b:df:ba:99:33:84:82:1b:84:11:fe:
                    b7:46:b5:b5:99:fd:7f:7c:a5:25:76:d4:02:40:74:
                    c4:2a:b3:9f:44:3b:f2:ab:79:b1:d0:4b:53:3b:b7:
                    d5:c6:37:46:28:c0:84:4b:55:d4:59:6f:1d:b2:38:
                    14:88:64:6e:6e:e5:b1:89:30:a5:32:fe:f4:10:a2:
                    b6:f4:cd:47:13:46:eb:c1:92:80:a0:3a:33:c5:40:
                    72:3c:3a:5d:e4:d4:0d:17:a1:3b:74:76:78:99:d5:
                    01:31:3a:8f:88:81:e8:6c:38:34:a3:6b:79:f9:bb:
                    be:45:73:e3:5f:b0:b5:d7:c6:37:fa:8a:01:42:de:
                    b4:e3:55:d3:74:19:51:90:27:f1:db:74:a6:33:4b:
                    ca:de:70:db:2a:2f:70:e2:5c:83:6b:ec:ed:bf:6b:
                    3c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:2D:A2:4E:B2:7F:01:8E:05:95:C9:76:E4:84:DE:DC:BA:83:BC:EB
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS2914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:0f:db:41:c0:d4:81:f2:49:17:f1:45:3f:d1:94:16:4f:bb:
         e3:07:0f:90:0a:20:46:ba:ad:54:1e:89:77:0d:0f:59:0c:25:
         86:56:7f:34:bf:f1:a9:f2:f2:15:6f:f2:b1:1a:30:74:0d:18:
         0a:d6:e5:4f:8c:84:15:14:0f:e4:db:f1:51:33:be:f5:a7:74:
         4f:c0:ce:85:c7:46:24:09:e5:d4:b7:23:c2:41:1b:32:53:fe:
         95:60:43:22:23:b2:54:d7:a7:3a:80:b2:7c:de:10:aa:29:c5:
         03:5b:d3:7c:40:23:78:ae:84:4e:37:71:ef:c4:a1:3a:8e:87:
         38:1b:08:82:9e:26:7b:8e:51:66:92:e8:7b:1b:bf:75:14:41:
         a1:71:a8:e3:ba:ff:0f:e6:62:ce:fb:c5:42:a0:d1:00:e9:46:
         4a:f1:d7:b7:8f:b0:2e:a7:49:57:a7:88:22:f4:61:8f:7d:c6:
         8c:a7:e1:c8:9c:1f:89:57:33:36:f9:f0:2d:68:39:46:1d:ef:
         95:36:dd:b1:af:58:45:16:ca:05:01:f8:14:9b:07:0d:e5:5b:
         8f:1e:3e:b4:2d:13:42:78:47:90:f3:e0:20:46:53:b3:02:8f:
         26:e6:42:de:0b:f1:ac:26:bc:2c:0e:2b:2b:21:24:9a:ff:2c:
         a2:1d:f7:cc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUeqHUx9Lj4uHKVS9+zTS0EcsPjy0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAzMTMxMjA2NDZaFw0yNTAzMTIxMjExNDZaMDMxMTAvBgNV
BAMTKDBGMkRBMjRFQjI3RjAxOEUwNTk1Qzk3NkU0ODRERURDQkE4M0JDRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsZhNRYcSapa0q3sBTCdq3MHZ+
FeHRkVJGtZj3pHWOwbqF7vLb0Ba6OI59IFshPROW8EgQZpoM3sVbYOei6/PS5hZp
cci2mvNGH4PXlhRMMqetLjXADmbH96h7F80737qZM4SCG4QR/rdGtbWZ/X98pSV2
1AJAdMQqs59EO/KrebHQS1M7t9XGN0YowIRLVdRZbx2yOBSIZG5u5bGJMKUy/vQQ
orb0zUcTRuvBkoCgOjPFQHI8Ol3k1A0XoTt0dniZ1QExOo+IgehsODSja3n5u75F
c+NfsLXXxjf6igFC3rTjVdN0GVGQJ/HbdKYzS8recNsqL3DiXINr7O2/azxZAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUDy2iTrJ/AY4Flcl25ITe3LqDvOswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjkxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMGwgTAN
BgkqhkiG9w0BAQsFAAOCAQEAJg/bQcDUgfJJF/FFP9GUFk+74wcPkAogRrqtVB6J
dw0PWQwlhlZ/NL/xqfLyFW/ysRowdA0YCtblT4yEFRQP5NvxUTO+9ad0T8DOhcdG
JAnl1LcjwkEbMlP+lWBDIiOyVNenOoCyfN4QqinFA1vTfEAjeK6ETjdx78ShOo6H
OBsIgp4me45RZpLoexu/dRRBoXGo47r/D+ZizvvFQqDRAOlGSvHXt4+wLqdJV6eI
IvRhj33GjKfhyJwfiVczNvnwLWg5Rh3vlTbdsa9YRRbKBQH4FJsHDeVbjx4+tC0T
QnhHkPPgIEZTswKPJuZC3gvxrCa8LA4rKyEkmv8soh33zA==
-----END CERTIFICATE-----