Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19318.roa
File:                     AS19318.roa (raw, json)
Hash identifier:          UVtELCxdaZQjiZWC1XN0bWszWkAVLLI6wlo0XNtqxzI=
Subject key identifier:   44:35:13:D1:D8:EB:9D:B6:46:10:CE:BA:BF:3B:B9:A8:76:B2:F1:69
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4FAE1DD736E69D8FBACC8B6EED3837A85A21A30F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19318.roa
Signing time:             Thu 31 Oct 2024 13:43:26 +0000
ROA not before:           Thu 31 Oct 2024 13:38:26 +0000
ROA not after:            Thu 30 Oct 2025 13:43:26 +0000
asID:                     19318
IP address blocks:        194.104.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:ae:1d:d7:36:e6:9d:8f:ba:cc:8b:6e:ed:38:37:a8:5a:21:a3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 31 13:38:26 2024 GMT
            Not After : Oct 30 13:43:26 2025 GMT
        Subject: CN=443513D1D8EB9DB64610CEBABF3BB9A876B2F169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f9:c5:d1:6e:23:f1:8f:32:e0:f5:3c:72:cc:
                    62:cd:64:1f:f9:3b:06:ed:ad:9b:0a:f8:f9:29:3b:
                    28:94:4f:dc:c7:44:37:db:8b:e0:53:8f:47:e8:09:
                    48:40:68:43:fe:fe:82:e3:8e:b1:04:7c:cb:35:4f:
                    c2:70:4e:16:27:2b:bc:d3:55:e0:70:11:43:6d:7b:
                    7e:bb:c2:a0:ed:a5:2b:4e:b9:ba:61:57:cf:24:d3:
                    8d:c7:f5:d3:4e:3b:b0:36:0d:1a:2f:76:d5:c7:1e:
                    ce:bf:ea:ef:06:0a:5c:e5:dc:0e:03:1a:04:81:26:
                    f4:15:11:45:9f:0b:be:63:bc:09:7d:77:13:08:1b:
                    fb:98:39:68:0d:d7:8e:16:0b:d7:7a:16:83:cd:25:
                    61:b0:53:70:90:1c:bc:ce:46:eb:5a:38:a7:ae:12:
                    97:c2:79:03:ca:5b:0b:42:54:16:a2:66:6a:e7:ee:
                    62:53:33:bf:33:44:0f:d5:8f:d9:88:b4:ac:79:df:
                    33:ac:79:f1:ef:00:30:41:e3:7f:27:fd:f3:d9:4b:
                    ce:72:1e:71:b1:05:c6:c3:03:b6:02:88:80:95:6f:
                    63:ce:61:d6:73:d0:60:f5:44:e8:af:11:fa:6a:39:
                    bd:b1:ec:6a:cc:f1:e6:10:69:56:bb:3d:55:fc:49:
                    77:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:35:13:D1:D8:EB:9D:B6:46:10:CE:BA:BF:3B:B9:A8:76:B2:F1:69
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS19318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:be:15:18:56:84:e5:46:89:9d:f2:1f:04:79:8c:0f:c4:f9:
         89:98:29:03:35:27:e8:83:cc:5b:22:56:d2:f6:16:a1:5a:b7:
         f1:3c:ed:fc:34:38:25:67:6a:26:15:41:bb:90:cb:3e:cc:c4:
         ac:6f:de:f6:a9:48:b0:1e:51:9a:e8:2f:32:32:c9:07:08:13:
         0f:0d:51:e6:01:d8:63:89:76:6e:2c:22:c7:87:62:e0:4c:d6:
         cc:2f:e6:4a:bf:49:f4:68:70:55:1f:aa:31:69:22:a9:9e:df:
         e2:e9:83:b7:29:8e:39:0a:25:9c:68:58:4c:d3:ba:c1:ce:3d:
         c2:bb:5d:6f:15:55:c3:54:0e:91:ed:92:cf:72:fe:32:3e:d7:
         7a:84:af:b2:1d:da:79:47:d0:ac:d7:94:4c:a0:15:d8:96:e6:
         e4:c8:c9:f6:66:b2:90:95:f7:49:15:40:a4:bc:b1:2f:fd:90:
         9d:e1:6d:64:8a:bb:1e:61:9c:e7:30:5c:82:04:ef:27:c8:de:
         5e:f8:df:7a:38:39:d8:38:c2:20:c2:50:39:8a:14:00:7a:fc:
         a5:e6:ee:65:f1:6e:f3:a9:5e:8e:47:e3:72:34:78:e5:98:cc:
         9d:77:dc:2d:96:77:45:a0:e2:91:1b:13:8b:09:04:93:5b:a9:
         3d:88:87:9d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUT64d1zbmnY+6zItu7Tg3qFohow8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMzExMzM4MjZaFw0yNTEwMzAxMzQzMjZaMDMxMTAvBgNV
BAMTKDQ0MzUxM0QxRDhFQjlEQjY0NjEwQ0VCQUJGM0JCOUE4NzZCMkYxNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF+cXRbiPxjzLg9TxyzGLNZB/5
OwbtrZsK+PkpOyiUT9zHRDfbi+BTj0foCUhAaEP+/oLjjrEEfMs1T8JwThYnK7zT
VeBwEUNte367wqDtpStOubphV88k043H9dNOO7A2DRovdtXHHs6/6u8GClzl3A4D
GgSBJvQVEUWfC75jvAl9dxMIG/uYOWgN144WC9d6FoPNJWGwU3CQHLzORutaOKeu
EpfCeQPKWwtCVBaiZmrn7mJTM78zRA/Vj9mItKx53zOsefHvADBB438n/fPZS85y
HnGxBcbDA7YCiICVb2POYdZz0GD1ROivEfpqOb2x7GrM8eYQaVa7PVX8SXe/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQURDUT0djrnbZGEM66vzu5qHay8WkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTkzMTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCaJww
DQYJKoZIhvcNAQELBQADggEBAAy+FRhWhOVGiZ3yHwR5jA/E+YmYKQM1J+iDzFsi
VtL2FqFat/E87fw0OCVnaiYVQbuQyz7MxKxv3vapSLAeUZroLzIyyQcIEw8NUeYB
2GOJdm4sIseHYuBM1swv5kq/SfRocFUfqjFpIqme3+Lpg7cpjjkKJZxoWEzTusHO
PcK7XW8VVcNUDpHtks9y/jI+13qEr7Id2nlH0KzXlEygFdiW5uTIyfZmspCV90kV
QKS8sS/9kJ3hbWSKux5hnOcwXIIE7yfI3l7433o4Odg4wiDCUDmKFAB6/KXm7mXx
bvOpXo5H43I0eOWYzJ133C2Wd0Wg4pEbE4sJBJNbqT2Ih50=
-----END CERTIFICATE-----