Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
File:                     AS12874.roa (raw, json)
Hash identifier:          Bq6KantTHaQiIOsWIl5aT9iMWCUnj/WRI4k98d5X7q4=
Subject key identifier:   A2:1F:F1:C0:AC:C0:05:78:7E:E3:10:9B:1B:38:F2:F3:E1:19:2E:68
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0BB05AA0DDD80E33E02E381D929EE30B8DE56403
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
Signing time:             Mon 03 Jun 2024 18:05:18 +0000
ROA not before:           Mon 03 Jun 2024 18:00:18 +0000
ROA not after:            Mon 02 Jun 2025 18:05:18 +0000
asID:                     12874
IP address blocks:        194.5.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:b0:5a:a0:dd:d8:0e:33:e0:2e:38:1d:92:9e:e3:0b:8d:e5:64:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun  3 18:00:18 2024 GMT
            Not After : Jun  2 18:05:18 2025 GMT
        Subject: CN=A21FF1C0ACC005787EE3109B1B38F2F3E1192E68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:85:46:a7:31:63:94:b5:49:b5:ae:87:92:cf:
                    a1:1c:8b:4f:df:33:84:03:45:7d:47:4c:0f:9d:f4:
                    46:2b:33:96:44:72:29:48:b2:81:e7:da:05:a1:21:
                    6b:51:62:19:11:a8:ef:dd:9a:38:1f:43:b8:0c:d9:
                    90:1e:8f:87:b5:c6:c9:53:12:9c:70:2a:76:a1:03:
                    26:5f:58:41:90:e9:77:43:27:47:0d:57:93:6e:49:
                    24:db:0a:8f:3f:33:6f:60:3c:51:02:36:0f:58:dc:
                    ea:a4:d2:bc:57:8d:9d:dc:ec:11:44:29:fb:01:5c:
                    5b:04:86:84:14:1d:ee:45:e9:d9:95:d7:6a:ce:f1:
                    8b:5e:6f:69:e3:97:9f:f1:c4:d2:04:11:64:0d:55:
                    fc:26:05:8e:68:21:ee:ce:a9:3a:6b:11:16:0a:78:
                    4c:e4:0d:e8:c6:d5:9f:7d:80:01:ff:fb:39:cd:34:
                    80:59:85:10:5a:af:0e:5f:07:02:cf:c4:c1:50:94:
                    0f:95:42:cb:63:f3:7a:83:eb:a5:ea:cb:2b:19:9f:
                    41:10:b2:03:fb:11:f7:ec:ff:e7:6d:27:8c:aa:df:
                    9b:55:d7:91:06:ea:e7:72:f5:a7:db:90:f5:ee:6e:
                    cc:26:fc:bc:6c:c0:ea:c8:b6:13:8c:46:53:42:df:
                    2c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:1F:F1:C0:AC:C0:05:78:7E:E3:10:9B:1B:38:F2:F3:E1:19:2E:68
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:90:ff:4d:4a:23:c6:c5:44:06:9d:d6:58:74:8c:e6:70:91:
         00:96:9d:49:41:49:f9:71:11:54:bc:82:63:86:aa:d7:f1:00:
         c5:3d:e0:fc:f0:ef:2d:cf:ee:15:6d:0e:d6:19:db:a0:cb:f9:
         c3:78:17:55:dc:a9:9f:11:11:54:4a:32:3b:76:8f:ce:d5:12:
         4c:50:39:85:59:46:39:52:bf:6f:df:38:bf:71:1a:9f:b7:52:
         28:45:1e:7c:66:c3:a5:a8:65:ab:f5:9a:15:ce:55:47:1c:87:
         21:a9:a3:a8:59:ac:3f:f5:81:6a:25:33:2c:d5:e4:b8:9b:06:
         82:2a:73:15:82:75:9a:ce:c0:24:f1:9a:2c:58:33:f8:01:b2:
         91:6a:b2:33:da:03:2f:1c:95:5b:f7:7d:77:05:e3:62:10:b8:
         df:e7:ca:11:94:f1:ca:a3:85:a7:cf:b4:62:56:4f:d9:3f:9f:
         0c:0b:86:e5:94:01:90:48:67:42:47:1d:68:81:44:46:49:73:
         2e:23:83:0b:ee:a9:f9:ef:e2:4d:73:6e:81:d5:74:0b:dc:07:
         f6:97:e8:1b:a2:8b:1d:4d:b9:ca:dd:f6:3e:16:e5:27:6c:e3:
         52:d8:0e:42:05:e2:21:ca:95:55:76:e4:e1:64:d7:aa:63:54:
         ba:ed:b0:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUC7BaoN3YDjPgLjgdkp7jC43lZAMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA2MDMxODAwMThaFw0yNTA2MDIxODA1MThaMDMxMTAvBgNV
BAMTKEEyMUZGMUMwQUNDMDA1Nzg3RUUzMTA5QjFCMzhGMkYzRTExOTJFNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDthUanMWOUtUm1roeSz6Eci0/f
M4QDRX1HTA+d9EYrM5ZEcilIsoHn2gWhIWtRYhkRqO/dmjgfQ7gM2ZAej4e1xslT
EpxwKnahAyZfWEGQ6XdDJ0cNV5NuSSTbCo8/M29gPFECNg9Y3Oqk0rxXjZ3c7BFE
KfsBXFsEhoQUHe5F6dmV12rO8Yteb2njl5/xxNIEEWQNVfwmBY5oIe7OqTprERYK
eEzkDejG1Z99gAH/+znNNIBZhRBarw5fBwLPxMFQlA+VQstj83qD66XqyysZn0EQ
sgP7Effs/+dtJ4yq35tV15EG6udy9afbkPXubswm/LxswOrIthOMRlNC3yyzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUoh/xwKzABXh+4xCbGzjy8+EZLmgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTI4NzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCBZIw
DQYJKoZIhvcNAQELBQADggEBAE6Q/01KI8bFRAad1lh0jOZwkQCWnUlBSflxEVS8
gmOGqtfxAMU94Pzw7y3P7hVtDtYZ26DL+cN4F1XcqZ8REVRKMjt2j87VEkxQOYVZ
RjlSv2/fOL9xGp+3UihFHnxmw6WoZav1mhXOVUcchyGpo6hZrD/1gWolMyzV5Lib
BoIqcxWCdZrOwCTxmixYM/gBspFqsjPaAy8clVv3fXcF42IQuN/nyhGU8cqjhafP
tGJWT9k/nwwLhuWUAZBIZ0JHHWiBREZJcy4jgwvuqfnv4k1zboHVdAvcB/aX6Bui
ix1Nucrd9j4W5Sds41LYDkIF4iHKlVV25OFk16pjVLrtsOI=
-----END CERTIFICATE-----