Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
File:                     AS12874.roa (raw, json)
Hash identifier:          kxNJU0CkXxGUI2PsPmLRbgYNyOKacnoFVy/SAMRIKD0=
Subject key identifier:   EF:FD:87:D4:D8:B4:74:FB:97:74:03:6A:25:C7:7F:0A:8E:FA:16:C0
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1AE2A3A0C951218E6165E5A30E298C9579315FFC
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
Signing time:             Mon 03 Jul 2023 17:34:30 +0000
ROA not before:           Mon 03 Jul 2023 17:29:30 +0000
ROA not after:            Mon 01 Jul 2024 17:34:30 +0000
asID:                     12874
IP address blocks:        194.5.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:e2:a3:a0:c9:51:21:8e:61:65:e5:a3:0e:29:8c:95:79:31:5f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul  3 17:29:30 2023 GMT
            Not After : Jul  1 17:34:30 2024 GMT
        Subject: CN=EFFD87D4D8B474FB9774036A25C77F0A8EFA16C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8f:60:e0:64:91:4b:3a:47:ed:e6:16:f8:2c:
                    d2:10:7a:8f:57:73:94:86:dd:9c:e3:64:65:75:b5:
                    ca:50:ab:95:dc:a7:ae:5f:e3:6d:63:dd:f7:bb:71:
                    90:60:bd:70:23:81:25:a7:c3:dc:00:e1:55:b4:c1:
                    a6:f6:ac:b2:fa:2a:bc:b8:45:32:eb:85:72:7d:ae:
                    c9:78:95:a4:dc:4e:db:40:18:f4:da:15:d1:52:25:
                    bf:ef:41:75:8b:8d:32:f1:21:93:5c:a4:2d:d5:0e:
                    69:57:b1:23:9c:45:fe:89:65:37:57:d9:96:04:94:
                    b9:55:03:36:6e:f9:c2:0b:27:ef:a4:99:4e:5f:30:
                    67:82:2e:60:cd:3c:3b:22:e0:e1:a2:b2:74:77:0a:
                    1a:79:b9:fe:26:e2:ee:c2:c3:4c:68:79:b2:e3:32:
                    cb:27:98:8e:cf:b8:80:0f:87:65:16:95:c9:a1:65:
                    13:c5:ee:73:64:5f:78:c2:79:f6:80:1d:2c:4f:18:
                    e4:11:94:0a:e5:54:eb:cc:02:14:c9:7f:69:55:9b:
                    63:53:d0:65:97:a1:6b:7a:71:8f:2a:76:38:1a:e2:
                    14:b3:3a:46:66:89:0a:e4:0f:43:47:e9:3c:89:3d:
                    9e:7f:c6:fb:45:0a:bf:74:e0:0b:c1:29:25:0f:5b:
                    b9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FD:87:D4:D8:B4:74:FB:97:74:03:6A:25:C7:7F:0A:8E:FA:16:C0
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:42:bc:44:5f:73:78:00:60:83:08:75:61:0b:db:87:7d:19:
         e4:d3:2e:80:51:36:90:d8:e0:57:3f:50:e2:7b:cb:02:c8:2b:
         55:32:ce:f9:6c:23:12:e0:68:08:ff:88:c3:db:87:8d:41:76:
         a2:af:80:57:a3:d4:0e:bd:1f:83:c9:75:0a:56:61:e2:cc:fd:
         d9:79:1c:03:ad:de:79:f6:12:bf:5f:30:d7:57:e9:55:1c:83:
         0d:fe:6d:5d:d2:b3:b1:42:33:bc:bb:fb:d2:04:66:20:59:57:
         63:cd:83:a2:b9:f5:15:fd:c6:d0:ee:ff:6f:71:ce:8b:50:36:
         4c:ab:fb:74:71:28:3d:b4:f6:73:f9:9d:a0:c9:4d:16:eb:93:
         1b:e8:f7:e4:2a:f1:83:32:09:67:7c:93:1e:f8:c5:c7:53:f2:
         0b:93:42:b1:d8:21:44:a7:dd:87:eb:42:2f:2e:e6:39:92:31:
         59:de:4e:3e:0c:9f:a0:c1:07:89:c8:08:72:24:b4:95:5b:e3:
         4a:22:a1:d4:f8:5c:07:94:7b:cc:5a:7a:86:18:39:70:41:34:
         b7:82:cc:90:86:cf:f5:10:d9:9c:75:4b:29:61:25:be:73:ed:
         11:93:d8:19:d4:31:1f:51:d0:f3:4a:53:30:aa:8b:aa:db:e8:
         f5:23:3a:4b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGuKjoMlRIY5hZeWjDimMlXkxX/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA3MDMxNzI5MzBaFw0yNDA3MDExNzM0MzBaMDMxMTAvBgNV
BAMTKEVGRkQ4N0Q0RDhCNDc0RkI5Nzc0MDM2QTI1Qzc3RjBBOEVGQTE2QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwj2DgZJFLOkft5hb4LNIQeo9X
c5SG3ZzjZGV1tcpQq5Xcp65f421j3fe7cZBgvXAjgSWnw9wA4VW0wab2rLL6Kry4
RTLrhXJ9rsl4laTcTttAGPTaFdFSJb/vQXWLjTLxIZNcpC3VDmlXsSOcRf6JZTdX
2ZYElLlVAzZu+cILJ++kmU5fMGeCLmDNPDsi4OGisnR3Chp5uf4m4u7Cw0xoebLj
MssnmI7PuIAPh2UWlcmhZRPF7nNkX3jCefaAHSxPGOQRlArlVOvMAhTJf2lVm2NT
0GWXoWt6cY8qdjga4hSzOkZmiQrkD0NH6TyJPZ5/xvtFCr904AvBKSUPW7njAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU7/2H1Ni0dPuXdANqJcd/Co76FsAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTI4NzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCBZIw
DQYJKoZIhvcNAQELBQADggEBANNCvERfc3gAYIMIdWEL24d9GeTTLoBRNpDY4Fc/
UOJ7ywLIK1UyzvlsIxLgaAj/iMPbh41BdqKvgFej1A69H4PJdQpWYeLM/dl5HAOt
3nn2Er9fMNdX6VUcgw3+bV3Ss7FCM7y7+9IEZiBZV2PNg6K59RX9xtDu/29xzotQ
Nkyr+3RxKD209nP5naDJTRbrkxvo9+Qq8YMyCWd8kx74xcdT8guTQrHYIUSn3Yfr
Qi8u5jmSMVneTj4Mn6DBB4nICHIktJVb40oiodT4XAeUe8xaeoYYOXBBNLeCzJCG
z/UQ2Zx1SylhJb5z7RGT2BnUMR9R0PNKUzCqi6rb6PUjOks=
-----END CERTIFICATE-----