Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14935.roa
File:                     AS14935.roa (raw, json)
Hash identifier:          B925mqWKi+0LfXHNpDCfGkc8WWj4NEpYkOZQ7oiJlUw=
Subject key identifier:   CD:69:B0:DA:FB:9B:20:44:30:B8:EF:BC:39:81:A3:3E:8F:C3:B3:B0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4F1D396D8FF300D7BA186F70F9EA7548759D51CE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14935.roa
Signing time:             Wed 14 Aug 2024 14:29:10 +0000
ROA not before:           Wed 14 Aug 2024 14:24:10 +0000
ROA not after:            Wed 13 Aug 2025 14:29:10 +0000
asID:                     14935
IP address blocks:        191.96.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:1d:39:6d:8f:f3:00:d7:ba:18:6f:70:f9:ea:75:48:75:9d:51:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 14 14:24:10 2024 GMT
            Not After : Aug 13 14:29:10 2025 GMT
        Subject: CN=CD69B0DAFB9B204430B8EFBC3981A33E8FC3B3B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:70:dd:5f:a4:68:97:d0:36:4c:6d:4e:b1:44:
                    eb:56:9f:52:4f:4c:fa:85:c0:7b:c6:25:0c:d1:80:
                    a6:4b:a1:69:60:c0:df:41:7b:29:a6:1a:63:fe:08:
                    18:74:4c:b4:e8:dd:e0:b5:9a:dd:41:8c:02:e8:84:
                    31:57:db:b6:f8:6c:10:24:64:3f:27:b5:5b:65:21:
                    72:4f:09:61:f4:56:4d:d7:84:02:80:97:46:95:d9:
                    f4:3b:3a:66:b3:da:f4:6b:f8:92:ac:b3:77:e3:ee:
                    07:9a:30:67:68:62:d6:d3:e9:02:f3:52:79:ec:3c:
                    c4:ac:7b:ee:d2:03:8f:18:88:42:2d:a4:08:e3:09:
                    a7:5f:a9:5c:47:12:fe:08:54:83:bd:0e:15:75:08:
                    64:e9:a4:f3:b6:3d:4a:03:b4:4c:60:44:37:72:18:
                    60:5b:fc:e8:12:06:71:6f:b3:3b:93:85:1b:05:32:
                    8c:11:ff:db:82:61:41:87:d1:db:c9:6f:cb:11:4a:
                    b1:e1:4e:c4:1f:d7:46:c1:b6:cd:d2:6e:84:3a:24:
                    8b:63:07:1f:b4:81:11:b7:09:fd:e2:16:08:dd:dc:
                    61:e0:70:f3:fc:59:bd:2f:e4:0b:b2:d3:a3:c1:83:
                    6a:de:c3:06:d3:b7:ad:73:96:c2:55:1d:19:c0:82:
                    ca:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:69:B0:DA:FB:9B:20:44:30:B8:EF:BC:39:81:A3:3E:8F:C3:B3:B0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:26:92:07:6f:f9:ae:37:9c:d5:35:15:60:99:33:1c:4b:df:
         3f:34:bb:9a:f6:27:37:41:3b:44:5a:d7:c7:4d:fd:23:76:23:
         a7:47:cb:48:df:77:b3:ad:97:ea:51:f5:08:5e:91:2d:53:59:
         1e:6b:80:eb:7e:fc:4b:32:15:81:8a:7e:c0:ce:04:29:12:42:
         3f:07:c4:2d:ab:52:51:3c:4f:4c:b6:da:a7:40:52:66:a7:b1:
         d9:9d:47:d6:7a:28:17:04:66:86:12:53:9c:37:7d:37:9f:07:
         4c:b4:a0:b7:13:55:dd:98:4c:6d:c5:68:0d:33:93:fb:72:01:
         ee:b1:19:3e:db:6d:7c:c3:92:72:45:ff:9b:85:4a:40:47:4e:
         04:94:98:04:f3:a8:5e:aa:99:d2:c4:3f:5d:87:7b:d1:ec:1e:
         ec:74:b8:9a:38:c0:68:9d:c2:61:a1:f1:e6:ad:9e:0a:c0:6e:
         25:61:04:ca:dc:c6:b4:9d:4f:58:44:a4:3e:96:64:d7:cc:5c:
         b1:3c:89:15:79:19:5c:e1:13:09:ca:9d:81:e4:47:79:b9:1d:
         c4:7d:1a:07:fe:c9:10:4f:29:98:22:b3:b1:c0:a0:d9:c1:0d:
         2a:5d:4b:5b:2c:42:15:d2:19:75:60:92:6a:cd:17:c8:26:e2:
         43:ae:73:b4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTx05bY/zANe6GG9w+ep1SHWdUc4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MTQxNDI0MTBaFw0yNTA4MTMxNDI5MTBaMDMxMTAvBgNV
BAMTKENENjlCMERBRkI5QjIwNDQzMEI4RUZCQzM5ODFBMzNFOEZDM0IzQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjcN1fpGiX0DZMbU6xROtWn1JP
TPqFwHvGJQzRgKZLoWlgwN9BeymmGmP+CBh0TLTo3eC1mt1BjALohDFX27b4bBAk
ZD8ntVtlIXJPCWH0Vk3XhAKAl0aV2fQ7Omaz2vRr+JKss3fj7geaMGdoYtbT6QLz
UnnsPMSse+7SA48YiEItpAjjCadfqVxHEv4IVIO9DhV1CGTppPO2PUoDtExgRDdy
GGBb/OgSBnFvszuThRsFMowR/9uCYUGH0dvJb8sRSrHhTsQf10bBts3SboQ6JItj
Bx+0gRG3Cf3iFgjd3GHgcPP8Wb0v5Auy06PBg2rewwbTt61zlsJVHRnAgspRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzWmw2vubIEQwuO+8OYGjPo/Ds7AwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ5MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YB4w
DQYJKoZIhvcNAQELBQADggEBAGsmkgdv+a43nNU1FWCZMxxL3z80u5r2JzdBO0Ra
18dN/SN2I6dHy0jfd7Otl+pR9QhekS1TWR5rgOt+/EsyFYGKfsDOBCkSQj8HxC2r
UlE8T0y22qdAUmansdmdR9Z6KBcEZoYSU5w3fTefB0y0oLcTVd2YTG3FaA0zk/ty
Ae6xGT7bbXzDknJF/5uFSkBHTgSUmATzqF6qmdLEP12He9HsHux0uJo4wGidwmGh
8eatngrAbiVhBMrcxrSdT1hEpD6WZNfMXLE8iRV5GVzhEwnKnYHkR3m5HcR9Ggf+
yRBPKZgis7HAoNnBDSpdS1ssQhXSGXVgkmrNF8gm4kOuc7Q=
-----END CERTIFICATE-----