Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14445.roa
File:                     AS14445.roa (raw, json)
Hash identifier:          571JeU1aRMMla1KrII9Vq4QQioe1xJao84HkpyVajJc=
Subject key identifier:   C2:09:77:3E:4E:5A:87:4F:E0:06:28:66:5E:67:E9:09:4D:04:91:F7
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       32E7BC76570A962A49BA87BC3CF8685F8321CC44
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14445.roa
Signing time:             Wed 13 Mar 2024 00:00:19 +0000
ROA not before:           Tue 12 Mar 2024 23:55:19 +0000
ROA not after:            Wed 12 Mar 2025 00:00:19 +0000
asID:                     14445
IP address blocks:        195.20.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e7:bc:76:57:0a:96:2a:49:ba:87:bc:3c:f8:68:5f:83:21:cc:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 12 23:55:19 2024 GMT
            Not After : Mar 12 00:00:19 2025 GMT
        Subject: CN=C209773E4E5A874FE00628665E67E9094D0491F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9d:b3:93:f3:53:e1:df:f8:80:fb:a3:50:2d:
                    8e:18:6e:88:1f:98:5f:6a:ac:11:25:28:0e:85:cf:
                    35:7c:74:bc:11:a1:df:9f:ee:6c:c7:0f:9e:31:89:
                    2e:7c:aa:e4:99:af:d1:b6:cf:f8:a1:98:04:14:f7:
                    b0:39:e0:fb:dd:72:bd:eb:14:ef:95:14:d8:27:3e:
                    c4:c2:e2:b1:58:e8:98:48:47:cd:23:43:43:62:14:
                    bd:50:fd:25:4f:c8:1f:56:2e:52:af:af:b0:7c:4f:
                    74:e0:a1:b1:36:73:76:3f:f7:6b:ed:2e:ef:21:95:
                    33:62:9d:84:2a:95:ed:df:67:2a:21:44:d3:a3:3c:
                    d1:31:56:a9:e2:43:9f:a5:6f:fc:cb:c9:b3:7e:3d:
                    dd:36:cd:31:d8:9a:41:a0:10:fa:08:27:45:11:f1:
                    2a:57:bd:ae:fc:f4:6b:04:c5:e6:a7:0e:e5:bc:4f:
                    75:01:4b:9a:49:b7:f8:80:a0:2f:39:a3:dd:ec:e2:
                    11:5a:f8:02:6c:55:a6:39:92:14:87:8a:f9:a5:b6:
                    5f:62:d0:20:28:92:cd:9b:d3:cd:13:f5:8f:08:3b:
                    ba:1f:34:d4:9a:7f:ec:f2:d1:ad:26:4d:81:26:41:
                    c5:38:9c:81:80:00:ec:66:a9:c3:cd:de:1a:09:a2:
                    71:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:09:77:3E:4E:5A:87:4F:E0:06:28:66:5E:67:E9:09:4D:04:91:F7
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:18:36:9a:73:66:94:b5:05:59:d5:0a:51:64:39:49:de:26:
         64:fb:db:f1:fb:98:32:c4:59:51:95:1e:08:2f:35:38:fa:de:
         d1:c6:89:ba:09:b2:80:f7:25:f9:17:8b:82:50:95:a3:15:b8:
         70:85:23:f0:f7:cc:98:08:47:9a:86:c5:b0:e7:b8:ab:52:ce:
         5a:d9:55:12:6d:df:25:53:c3:c5:be:8f:d1:1a:32:bb:9e:07:
         29:4b:25:93:01:e3:b3:53:d4:ac:52:1f:72:20:19:d8:23:71:
         68:ac:95:94:a9:0b:82:99:d1:bb:31:87:9e:aa:e4:3c:27:8a:
         71:97:ad:51:fc:0b:7f:cb:ff:26:b9:5f:d1:ed:ca:87:f6:e6:
         2c:39:de:92:ed:57:fb:8d:4d:88:6d:bb:e9:1a:48:b5:cd:3a:
         68:80:93:33:60:b0:08:b7:74:7e:79:76:79:80:f0:93:ba:cd:
         24:e7:e7:b8:eb:14:77:9e:63:7f:f4:e2:e1:cd:3d:3a:61:83:
         08:af:c3:fc:8c:d4:8e:86:2a:3d:ff:e3:d9:b3:c7:de:e5:bd:
         74:2f:5c:b3:a0:f4:ff:41:f8:db:df:23:ab:38:41:39:c4:31:
         f8:eb:f9:4b:35:90:57:44:c8:a9:35:28:47:15:07:15:71:15:
         77:dd:10:7f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMue8dlcKlipJuoe8PPhoX4MhzEQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAzMTIyMzU1MTlaFw0yNTAzMTIwMDAwMTlaMDMxMTAvBgNV
BAMTKEMyMDk3NzNFNEU1QTg3NEZFMDA2Mjg2NjVFNjdFOTA5NEQwNDkxRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnnbOT81Ph3/iA+6NQLY4Ybogf
mF9qrBElKA6FzzV8dLwRod+f7mzHD54xiS58quSZr9G2z/ihmAQU97A54Pvdcr3r
FO+VFNgnPsTC4rFY6JhIR80jQ0NiFL1Q/SVPyB9WLlKvr7B8T3TgobE2c3Y/92vt
Lu8hlTNinYQqle3fZyohRNOjPNExVqniQ5+lb/zLybN+Pd02zTHYmkGgEPoIJ0UR
8SpXva789GsExeanDuW8T3UBS5pJt/iAoC85o93s4hFa+AJsVaY5khSHivmltl9i
0CAoks2b080T9Y8IO7ofNNSaf+zy0a0mTYEmQcU4nIGAAOxmqcPN3hoJonHbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwgl3Pk5ah0/gBihmXmfpCU0EkfcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQ0NDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDFGgw
DQYJKoZIhvcNAQELBQADggEBANEYNppzZpS1BVnVClFkOUneJmT72/H7mDLEWVGV
HggvNTj63tHGiboJsoD3JfkXi4JQlaMVuHCFI/D3zJgIR5qGxbDnuKtSzlrZVRJt
3yVTw8W+j9EaMrueBylLJZMB47NT1KxSH3IgGdgjcWislZSpC4KZ0bsxh56q5Dwn
inGXrVH8C3/L/ya5X9Htyof25iw53pLtV/uNTYhtu+kaSLXNOmiAkzNgsAi3dH55
dnmA8JO6zSTn57jrFHeeY3/04uHNPTphgwivw/yM1I6GKj3/49mzx97lvXQvXLOg
9P9B+NvfI6s4QTnEMfjr+Us1kFdEyKk1KEcVBxVxFXfdEH8=
-----END CERTIFICATE-----