Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19148.roa
File:                     AS19148.roa (raw, json)
Hash identifier:          JTTe6YpJ9H5vjEy+z2yUdp43ji/1OIWPUEXApSgGwH4=
Subject key identifier:   87:C0:1F:C0:0F:51:8B:8E:49:02:35:49:20:36:06:CE:C6:60:19:1A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       689FBD809094B8E0DA1640ED728A1D681AF2B197
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19148.roa
Signing time:             Thu 12 Dec 2024 19:00:55 +0000
ROA not before:           Thu 12 Dec 2024 18:55:55 +0000
ROA not after:            Thu 11 Dec 2025 19:00:55 +0000
asID:                     19148
IP address blocks:        195.206.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 20:47:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:9f:bd:80:90:94:b8:e0:da:16:40:ed:72:8a:1d:68:1a:f2:b1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 12 18:55:55 2024 GMT
            Not After : Dec 11 19:00:55 2025 GMT
        Subject: CN=87C01FC00F518B8E49023549203606CEC660191A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4b:13:25:4f:07:cc:13:c0:d2:ff:b3:e6:42:
                    8d:7d:b6:da:a6:9e:0a:2d:7a:80:e4:9f:ca:ca:a3:
                    6a:99:5b:ea:e6:c6:c9:76:73:c6:74:f8:5b:3f:56:
                    e8:20:8c:ca:b7:75:03:dc:91:b8:87:12:c8:00:da:
                    66:cb:6f:bf:80:e7:0e:2c:9f:a2:69:20:24:3c:24:
                    e6:d1:a9:62:e1:cd:e8:0e:dd:78:d6:a0:08:07:3a:
                    41:e8:c2:11:02:f5:e5:f0:49:78:93:ce:a9:52:df:
                    08:a9:4e:8e:d8:af:49:17:69:52:6c:92:92:e6:1c:
                    9c:c4:7b:89:da:01:4b:e9:46:73:ba:0b:d5:5f:9a:
                    d7:28:97:91:e4:56:79:fa:7f:79:9c:41:8f:68:01:
                    cb:63:48:30:03:e2:14:35:24:94:4c:ae:71:2b:21:
                    1f:82:61:6a:80:69:19:05:11:74:90:e5:c3:4c:e1:
                    f6:73:a0:3b:c5:6d:84:1c:d0:c1:1a:19:e3:f6:8a:
                    17:7e:37:a8:58:8d:be:c9:6f:dc:b6:4c:b9:9a:7a:
                    9a:fc:81:96:a3:5a:6c:a9:fc:63:87:69:f7:2c:3b:
                    a7:9a:bb:52:f6:17:95:9d:d3:61:4a:5e:86:5c:f2:
                    5b:81:7c:3c:57:6d:aa:26:9b:a5:16:64:5e:f7:e3:
                    80:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C0:1F:C0:0F:51:8B:8E:49:02:35:49:20:36:06:CE:C6:60:19:1A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19148.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:52:4f:6f:02:90:c6:94:f6:9b:9f:cd:93:1d:72:2d:51:4f:
         79:e4:9e:dd:0c:32:e7:db:c9:f0:c9:c9:fe:c4:01:e0:6f:91:
         78:d6:0f:1d:0c:3f:04:e5:e7:72:fd:ba:11:38:67:60:89:4c:
         f9:da:54:42:47:40:c1:bc:ea:23:cc:72:04:b3:6e:c4:6e:2d:
         37:31:98:78:eb:84:e7:9a:14:1e:61:08:6b:f5:df:3a:af:6b:
         39:8c:c0:bb:a8:34:20:c3:37:58:84:14:af:19:9e:fb:f8:50:
         ca:79:e3:b2:53:df:f0:d5:91:9c:42:cc:06:d4:d1:d5:27:4a:
         21:91:4a:5c:b1:8e:49:5e:5e:23:e6:79:0d:bd:b1:2b:58:67:
         a1:e6:e0:31:ae:f8:eb:1f:5c:33:e4:3b:47:8d:ee:2c:d3:3c:
         44:c6:e1:dd:47:36:2a:6d:9c:e6:7f:1b:32:d5:5e:bb:da:74:
         76:b9:bd:4d:34:95:af:2b:a8:db:22:f2:6e:2a:50:90:be:7f:
         6b:10:2e:5b:a3:14:2b:31:72:df:ff:86:70:92:80:db:f5:22:
         00:0d:69:0c:4e:1e:f5:81:e4:a6:bf:24:d8:f9:86:1f:ef:46:
         32:d0:b2:8c:33:9b:1e:61:31:3b:7a:99:da:4e:83:f7:c8:50:
         ec:76:f4:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaJ+9gJCUuODaFkDtcoodaBrysZcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEyMTIxODU1NTVaFw0yNTEyMTExOTAwNTVaMDMxMTAvBgNV
BAMTKDg3QzAxRkMwMEY1MThCOEU0OTAyMzU0OTIwMzYwNkNFQzY2MDE5MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCSxMlTwfME8DS/7PmQo19ttqm
ngoteoDkn8rKo2qZW+rmxsl2c8Z0+Fs/VuggjMq3dQPckbiHEsgA2mbLb7+A5w4s
n6JpICQ8JObRqWLhzegO3XjWoAgHOkHowhEC9eXwSXiTzqlS3wipTo7Yr0kXaVJs
kpLmHJzEe4naAUvpRnO6C9Vfmtcol5HkVnn6f3mcQY9oActjSDAD4hQ1JJRMrnEr
IR+CYWqAaRkFEXSQ5cNM4fZzoDvFbYQc0MEaGeP2ihd+N6hYjb7Jb9y2TLmaepr8
gZajWmyp/GOHafcsO6eau1L2F5Wd02FKXoZc8luBfDxXbaomm6UWZF7344CPAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUh8AfwA9Ri45JAjVJIDYGzsZgGRowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTkxNDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDzuow
DQYJKoZIhvcNAQELBQADggEBAHFST28CkMaU9pufzZMdci1RT3nknt0MMufbyfDJ
yf7EAeBvkXjWDx0MPwTl53L9uhE4Z2CJTPnaVEJHQMG86iPMcgSzbsRuLTcxmHjr
hOeaFB5hCGv13zqvazmMwLuoNCDDN1iEFK8Znvv4UMp547JT3/DVkZxCzAbU0dUn
SiGRSlyxjkleXiPmeQ29sStYZ6Hm4DGu+OsfXDPkO0eN7izTPETG4d1HNiptnOZ/
GzLVXrvadHa5vU00la8rqNsi8m4qUJC+f2sQLlujFCsxct//hnCSgNv1IgANaQxO
HvWB5Ka/JNj5hh/vRjLQsowzmx5hMTt6mdpOg/fIUOx29AY=
-----END CERTIFICATE-----