Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          okr3F6L+Bp5DMXLz99Hx80h5aNvtMO9uD+pV8BsUdAs=
Subject key identifier:   21:47:BE:01:A6:33:1D:75:22:38:78:87:86:80:5C:5B:47:3B:5B:D5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1FF4523BB8965573DD7C686951408AE4FDFFF19A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
Signing time:             Fri 01 Mar 2024 00:05:14 +0000
ROA not before:           Fri 01 Mar 2024 00:00:14 +0000
ROA not after:            Fri 28 Feb 2025 00:05:14 +0000
asID:                     14618
IP address blocks:        194.5.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:f4:52:3b:b8:96:55:73:dd:7c:68:69:51:40:8a:e4:fd:ff:f1:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar  1 00:00:14 2024 GMT
            Not After : Feb 28 00:05:14 2025 GMT
        Subject: CN=2147BE01A6331D752238788786805C5B473B5BD5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:61:41:c0:26:c7:27:c5:1c:13:fa:3c:4c:4f:
                    e3:27:59:bb:d9:fb:55:e4:10:15:f1:9e:84:4f:2c:
                    44:1b:b8:07:27:8c:65:10:49:cf:97:2b:8c:21:c1:
                    a3:d4:a7:2a:b0:49:98:1e:85:52:1a:f1:51:e0:50:
                    49:0f:91:13:cc:93:d7:21:a3:7b:62:e9:09:c1:cf:
                    07:48:0f:5e:f9:88:f9:b0:da:d5:b8:9d:02:7b:a2:
                    91:43:7a:91:fd:cf:a8:fb:f2:2e:bd:5c:06:fb:1f:
                    c3:d2:d9:e6:ff:11:4e:58:19:fb:20:90:6c:bd:37:
                    20:09:1a:d8:3c:93:76:ac:75:dd:87:0f:9d:97:8d:
                    2b:93:9f:b4:92:8b:b4:9e:7b:41:f8:fe:73:11:c9:
                    51:e4:10:ee:f0:f2:a8:b8:26:02:d5:a6:42:86:81:
                    47:16:99:2e:a8:34:f6:35:26:34:56:aa:e2:37:19:
                    c1:8e:1d:43:f6:49:d9:d6:73:79:82:9a:0b:8f:41:
                    c5:74:05:43:7d:3e:76:7c:87:6f:15:c0:6f:79:63:
                    1f:23:ee:7b:78:2d:67:6a:ba:97:22:8f:93:f3:aa:
                    5f:1b:12:0b:2c:16:76:5b:a6:1b:96:b6:cf:34:c9:
                    19:fb:8e:0b:5f:81:01:6c:d1:8e:6a:1d:65:51:ff:
                    24:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:47:BE:01:A6:33:1D:75:22:38:78:87:86:80:5C:5B:47:3B:5B:D5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:37:80:4f:83:3f:58:3e:ca:d5:99:6c:26:61:b4:12:63:2d:
         04:cf:10:dc:93:93:33:a5:7b:46:95:b9:f2:8b:66:c8:a6:7a:
         fd:59:0e:71:57:db:82:a7:e2:1a:24:fb:84:c5:f9:b2:8f:86:
         0c:b3:f4:07:c8:00:b9:31:0c:b5:28:30:8b:07:a3:1b:d9:1d:
         96:d4:68:a2:e9:90:45:50:5b:96:3e:55:f4:40:77:55:40:10:
         a8:6d:df:f7:22:59:2f:f1:a7:9d:c9:a6:96:71:80:c2:46:d0:
         93:24:a2:45:88:89:c0:1a:b0:14:d5:1d:2e:b1:90:6e:33:be:
         9f:2b:82:82:a3:03:d7:9e:27:a2:62:fa:63:e0:27:53:06:2d:
         d2:2a:44:b7:01:a8:2f:5a:60:fe:91:04:71:94:8c:3e:1b:a5:
         1b:3d:30:61:42:65:b7:46:db:f6:15:e6:91:30:ed:c7:2f:21:
         25:af:44:62:91:52:66:64:65:9c:5c:14:2a:bb:93:09:86:29:
         48:23:7c:27:54:78:38:cd:cd:6c:be:85:76:7b:f4:43:d8:04:
         b9:9e:2e:12:b1:f5:50:f5:8d:76:d1:73:4a:5d:92:bc:49:c4:
         2a:5b:44:2c:7a:04:b8:fa:a6:63:8b:fa:1d:3f:fe:06:82:9e:
         5a:a7:f1:f2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUH/RSO7iWVXPdfGhpUUCK5P3/8ZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAzMDEwMDAwMTRaFw0yNTAyMjgwMDA1MTRaMDMxMTAvBgNV
BAMTKDIxNDdCRTAxQTYzMzFENzUyMjM4Nzg4Nzg2ODA1QzVCNDczQjVCRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcYUHAJscnxRwT+jxMT+MnWbvZ
+1XkEBXxnoRPLEQbuAcnjGUQSc+XK4whwaPUpyqwSZgehVIa8VHgUEkPkRPMk9ch
o3ti6QnBzwdID175iPmw2tW4nQJ7opFDepH9z6j78i69XAb7H8PS2eb/EU5YGfsg
kGy9NyAJGtg8k3asdd2HD52XjSuTn7SSi7See0H4/nMRyVHkEO7w8qi4JgLVpkKG
gUcWmS6oNPY1JjRWquI3GcGOHUP2SdnWc3mCmguPQcV0BUN9PnZ8h28VwG95Yx8j
7nt4LWdqupcij5Pzql8bEgssFnZbphuWts80yRn7jgtfgQFs0Y5qHWVR/yR9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUIUe+AaYzHXUiOHiHhoBcW0c7W9UwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCBZMw
DQYJKoZIhvcNAQELBQADggEBABQ3gE+DP1g+ytWZbCZhtBJjLQTPENyTkzOle0aV
ufKLZsimev1ZDnFX24Kn4hok+4TF+bKPhgyz9AfIALkxDLUoMIsHoxvZHZbUaKLp
kEVQW5Y+VfRAd1VAEKht3/ciWS/xp53JppZxgMJG0JMkokWIicAasBTVHS6xkG4z
vp8rgoKjA9eeJ6Ji+mPgJ1MGLdIqRLcBqC9aYP6RBHGUjD4bpRs9MGFCZbdG2/YV
5pEw7ccvISWvRGKRUmZkZZxcFCq7kwmGKUgjfCdUeDjNzWy+hXZ79EPYBLmeLhKx
9VD1jXbRc0pdkrxJxCpbRCx6BLj6pmOL+h0//gaCnlqn8fI=
-----END CERTIFICATE-----