Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19844.roa
File:                     AS19844.roa (raw, json)
Hash identifier:          Vh3Pa06QqQBrX4tJQ02+2zLGkn+k7SRW42YAwukvMSc=
Subject key identifier:   DE:15:90:DC:5A:80:4D:E4:41:D1:FC:F4:FC:EF:97:39:F1:36:A8:59
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7F05B9E244C8E553183CBA2DF9CDA2646E73A3A0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19844.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     19844
IP address blocks:        191.96.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:05:b9:e2:44:c8:e5:53:18:3c:ba:2d:f9:cd:a2:64:6e:73:a3:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=DE1590DC5A804DE441D1FCF4FCEF9739F136A859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b2:cf:85:6b:d7:21:68:78:30:d2:9b:c5:3f:
                    ff:9b:3e:83:8a:57:c8:02:2e:43:2c:a4:4a:02:8b:
                    29:80:40:fd:61:2c:20:55:49:e4:aa:61:d1:4c:d8:
                    8c:56:50:42:21:3e:8e:1f:a2:cd:6e:c8:f5:eb:0f:
                    b7:1a:44:3d:5c:1c:74:9a:38:03:bf:2a:80:97:72:
                    f8:23:12:e3:e0:95:0f:87:b0:be:cd:26:e3:76:23:
                    58:15:76:bb:17:ed:32:8c:77:d0:b1:a5:8f:13:01:
                    ff:43:9c:d6:2d:d0:9e:9d:10:90:31:f3:99:95:d5:
                    e5:d7:26:c7:4c:a8:60:2c:92:20:eb:d7:67:dd:90:
                    b9:ab:06:c6:f7:3d:4f:69:89:05:80:58:8d:25:60:
                    14:ae:8f:91:ee:e0:15:49:ce:84:b6:0b:2e:da:59:
                    b2:80:99:55:80:e2:cc:d7:b2:43:b6:27:7e:e9:6b:
                    02:6d:c8:a2:de:8f:9e:ce:0b:16:e8:c3:ad:3c:d4:
                    09:67:da:97:cd:38:c7:f4:64:f4:2c:80:6d:48:49:
                    09:be:cb:1f:41:5b:b2:f9:14:f3:cd:90:48:f2:0c:
                    4a:84:67:d5:8c:f0:49:73:87:24:ad:7d:09:1b:23:
                    1c:39:1e:d3:c7:ed:fd:c6:8b:f1:6b:69:f5:c8:2d:
                    43:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:15:90:DC:5A:80:4D:E4:41:D1:FC:F4:FC:EF:97:39:F1:36:A8:59
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19844.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:81:99:35:c5:d8:12:57:28:f5:69:56:62:36:19:a9:6d:af:
         a7:56:bd:28:4c:93:e3:d2:6e:d8:6c:03:41:f8:09:0c:91:21:
         1a:36:e5:f0:c0:4d:36:39:3a:f4:9b:eb:31:31:0a:fd:e7:75:
         f5:85:50:2b:8d:da:cd:4a:13:15:90:ab:63:fb:42:ea:7a:16:
         1a:5f:9e:14:eb:18:e9:35:f2:ba:70:c0:44:12:06:46:0b:c9:
         a2:9c:b3:02:c0:97:a6:4c:45:2e:ba:3f:e6:96:08:67:03:ca:
         df:53:4f:7a:0c:4a:4f:8e:ce:5a:a6:1c:f6:48:1f:53:e7:17:
         9c:49:07:f0:66:92:18:90:5b:1a:02:ff:ea:82:48:be:2b:23:
         ca:95:fc:35:73:40:99:c8:a1:e5:65:37:76:ac:7c:b9:17:c9:
         7b:9a:bf:cb:56:08:9e:87:af:2f:39:c1:93:5d:9f:94:8f:e6:
         81:4c:91:a8:29:fa:ef:64:77:61:3d:b4:0e:90:c7:f3:55:c7:
         de:9c:5f:09:da:8e:4c:9e:8a:df:81:51:09:d3:cb:76:be:c0:
         59:c0:9c:e2:88:8a:46:38:ee:15:fd:bf:81:68:a6:14:83:24:
         71:49:a3:db:9c:23:34:54:10:bb:40:72:97:08:43:24:ae:64:
         cd:eb:20:e7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfwW54kTI5VMYPLot+c2iZG5zo6AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKERFMTU5MERDNUE4MDRERTQ0MUQxRkNGNEZDRUY5NzM5RjEzNkE4NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIss+Fa9chaHgw0pvFP/+bPoOK
V8gCLkMspEoCiymAQP1hLCBVSeSqYdFM2IxWUEIhPo4fos1uyPXrD7caRD1cHHSa
OAO/KoCXcvgjEuPglQ+HsL7NJuN2I1gVdrsX7TKMd9CxpY8TAf9DnNYt0J6dEJAx
85mV1eXXJsdMqGAskiDr12fdkLmrBsb3PU9piQWAWI0lYBSuj5Hu4BVJzoS2Cy7a
WbKAmVWA4szXskO2J37pawJtyKLej57OCxbow6081Aln2pfNOMf0ZPQsgG1ISQm+
yx9BW7L5FPPNkEjyDEqEZ9WM8ElzhyStfQkbIxw5HtPH7f3Gi/FrafXILUOHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU3hWQ3FqATeRB0fz0/O+XOfE2qFkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk4NDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YDEw
DQYJKoZIhvcNAQELBQADggEBAGmBmTXF2BJXKPVpVmI2Galtr6dWvShMk+PSbths
A0H4CQyRIRo25fDATTY5OvSb6zExCv3ndfWFUCuN2s1KExWQq2P7Qup6FhpfnhTr
GOk18rpwwEQSBkYLyaKcswLAl6ZMRS66P+aWCGcDyt9TT3oMSk+OzlqmHPZIH1Pn
F5xJB/BmkhiQWxoC/+qCSL4rI8qV/DVzQJnIoeVlN3asfLkXyXuav8tWCJ6Hry85
wZNdn5SP5oFMkagp+u9kd2E9tA6Qx/NVx96cXwnajkyeit+BUQnTy3a+wFnAnOKI
ikY47hX9v4FophSDJHFJo9ucIzRUELtAcpcIQySuZM3rIOc=
-----END CERTIFICATE-----