Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          YLJhIIUJieeXAvzxkV7KAOqnnYlD7fzD86+W6av8YHc=
Subject key identifier:   5A:35:DB:D2:BD:E9:7B:A3:E0:EC:94:B9:B7:D0:76:08:E9:6E:BE:CF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2D1A2FE3CEB9019F893EFE6807F69C8328C1FD8D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
Signing time:             Mon 11 Nov 2024 10:07:16 +0000
ROA not before:           Mon 11 Nov 2024 10:02:16 +0000
ROA not after:            Mon 10 Nov 2025 10:07:16 +0000
asID:                     14618
IP address blocks:        193.164.10.0/24 maxlen: 24
                          194.5.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:1a:2f:e3:ce:b9:01:9f:89:3e:fe:68:07:f6:9c:83:28:c1:fd:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 11 10:02:16 2024 GMT
            Not After : Nov 10 10:07:16 2025 GMT
        Subject: CN=5A35DBD2BDE97BA3E0EC94B9B7D07608E96EBECF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c3:f6:fd:de:d8:53:10:b6:ea:51:48:9b:c5:
                    13:7e:c9:a7:c6:7d:35:c1:d0:fa:bd:73:d1:1e:2e:
                    fe:4e:3c:85:ed:40:c9:ec:a7:b5:54:f2:58:2e:6f:
                    51:7b:63:96:71:74:50:f7:63:f1:e7:c5:90:5e:3e:
                    45:b0:33:0a:10:33:0b:9b:9d:ea:7b:31:e4:e4:75:
                    09:98:3a:7c:97:5e:cd:1b:b2:22:ae:f9:73:70:9a:
                    cb:e6:7e:fa:34:0d:ed:58:7f:11:2c:d4:ed:6d:50:
                    74:87:d2:3d:38:41:6f:0e:0f:34:7f:cd:87:9d:66:
                    b2:e1:25:1c:73:25:5d:0d:ce:96:56:8d:e7:94:70:
                    c0:03:88:d0:02:08:c2:2f:55:e3:b3:b4:34:4f:e8:
                    ba:14:b1:50:d5:13:67:20:b5:b3:51:ec:06:9c:12:
                    08:b9:e0:1a:63:13:44:ad:11:2b:ec:75:15:6d:c5:
                    13:f9:2a:54:ba:0d:b0:49:b9:57:c1:85:ad:91:57:
                    71:65:f7:e3:fd:0b:75:a1:9e:62:ed:07:e4:b9:5b:
                    e8:5b:34:ab:1c:62:21:68:1d:80:b2:0e:fb:ff:82:
                    e3:9f:1b:c0:5e:6d:cb:d2:6f:13:3d:8e:b7:20:33:
                    14:28:0e:a9:1f:fd:59:64:2c:d3:90:7f:43:13:85:
                    14:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:35:DB:D2:BD:E9:7B:A3:E0:EC:94:B9:B7:D0:76:08:E9:6E:BE:CF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.10.0/24
                  194.5.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:24:cd:00:3c:23:a5:8b:33:8e:ee:a8:ba:f8:79:53:b9:0d:
         e9:a2:5f:58:a7:9b:8b:ce:19:71:f6:3b:5d:dc:8f:cf:3a:b8:
         5f:8d:f8:17:f5:65:71:0f:46:dc:8e:38:b5:c5:74:91:1f:ec:
         a5:c8:ca:ce:38:ef:17:81:e9:54:e4:07:f9:e4:05:27:70:46:
         a9:1d:45:04:ac:cd:af:62:44:a7:53:c5:25:dd:fa:14:06:68:
         b2:2b:94:49:40:6e:8c:be:54:fb:a0:2e:90:43:75:61:6d:eb:
         3c:30:e2:ad:6d:05:7c:7f:0c:0e:9b:e2:32:b0:73:82:31:4c:
         de:67:66:e0:b7:95:c5:de:dc:f2:57:06:1d:68:66:81:6f:12:
         2a:38:f4:5e:e5:9a:3f:d5:06:d3:1c:42:8c:c1:c7:fa:9b:30:
         d5:74:13:66:4e:4f:0b:cf:00:c8:e0:7e:a8:ff:ad:59:45:a6:
         5b:b6:0a:6e:cb:01:77:ad:06:f2:9d:25:da:3b:ce:4e:0a:af:
         7b:56:6a:3e:8d:09:bc:cf:c0:cf:5b:01:55:cb:d2:5d:c5:ab:
         9f:30:1b:85:f2:a9:26:8c:10:d8:20:f3:2b:64:7f:0f:37:3b:
         3a:58:12:ea:ac:78:77:b5:0d:df:42:bb:5e:7a:dd:80:cf:84:
         95:47:29:b8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIULRov4865AZ+JPv5oB/acgyjB/Y0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMTExMDAyMTZaFw0yNTExMTAxMDA3MTZaMDMxMTAvBgNV
BAMTKDVBMzVEQkQyQkRFOTdCQTNFMEVDOTRCOUI3RDA3NjA4RTk2RUJFQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpw/b93thTELbqUUibxRN+yafG
fTXB0Pq9c9EeLv5OPIXtQMnsp7VU8lgub1F7Y5ZxdFD3Y/HnxZBePkWwMwoQMwub
nep7MeTkdQmYOnyXXs0bsiKu+XNwmsvmfvo0De1YfxEs1O1tUHSH0j04QW8ODzR/
zYedZrLhJRxzJV0NzpZWjeeUcMADiNACCMIvVeOztDRP6LoUsVDVE2cgtbNR7Aac
Egi54BpjE0StESvsdRVtxRP5KlS6DbBJuVfBha2RV3Fl9+P9C3WhnmLtB+S5W+hb
NKscYiFoHYCyDvv/guOfG8BebcvSbxM9jrcgMxQoDqkf/VlkLNOQf0MThRRzAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUWjXb0r3pe6Pg7JS5t9B2COluvs8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBADBpAoD
BADCBZMwDQYJKoZIhvcNAQELBQADggEBADEkzQA8I6WLM47uqLr4eVO5DemiX1in
m4vOGXH2O13cj886uF+N+Bf1ZXEPRtyOOLXFdJEf7KXIys447xeB6VTkB/nkBSdw
RqkdRQSsza9iRKdTxSXd+hQGaLIrlElAboy+VPugLpBDdWFt6zww4q1tBXx/DA6b
4jKwc4IxTN5nZuC3lcXe3PJXBh1oZoFvEio49F7lmj/VBtMcQozBx/qbMNV0E2ZO
TwvPAMjgfqj/rVlFplu2Cm7LAXetBvKdJdo7zk4Kr3tWaj6NCbzPwM9bAVXL0l3F
q58wG4XyqSaMENgg8ytkfw83OzpYEuqseHe1Dd9Cu1563YDPhJVHKbg=
-----END CERTIFICATE-----