Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214139.roa
File:                     AS214139.roa (raw, json)
Hash identifier:          LHTysp9H8kYpcDRGCCKYDR38Tvnvtqy9c+klIRCmAjE=
Subject key identifier:   A8:8C:1E:CA:29:B0:36:0A:18:57:11:DA:0A:E3:D9:72:CA:15:01:45
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1513F4557AC074AE03C39F33BA000AEBBCBB06B7
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214139.roa
Signing time:             Tue 17 Dec 2024 16:27:50 +0000
ROA not before:           Tue 17 Dec 2024 16:22:50 +0000
ROA not after:            Tue 16 Dec 2025 16:27:50 +0000
asID:                     214139
IP address blocks:        195.20.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 20:47:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:13:f4:55:7a:c0:74:ae:03:c3:9f:33:ba:00:0a:eb:bc:bb:06:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 17 16:22:50 2024 GMT
            Not After : Dec 16 16:27:50 2025 GMT
        Subject: CN=A88C1ECA29B0360A185711DA0AE3D972CA150145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:7f:d1:b8:f2:c4:1d:0e:f3:93:50:6f:36:
                    99:78:3e:67:98:c0:6e:47:cc:21:75:a6:01:8a:ff:
                    09:59:97:fe:8d:1a:21:b7:35:ae:22:ab:ae:62:b6:
                    54:dc:bf:90:61:b7:02:60:2a:4b:94:10:8f:55:08:
                    d8:d5:e2:90:46:ee:7c:d9:4c:2d:d7:30:d0:be:33:
                    00:af:fb:2c:01:c6:58:a0:29:9f:5b:26:2e:ac:70:
                    37:ae:90:f1:23:16:9b:9d:0d:cb:40:98:58:07:eb:
                    c5:ce:c5:f0:e8:6e:ce:1b:04:ad:fc:92:1d:5e:a4:
                    a7:2a:09:2a:6c:8b:7a:33:f5:bc:06:6e:a1:c2:bc:
                    d9:4c:05:dc:dd:48:be:96:df:0a:29:0a:02:96:a3:
                    be:89:18:1e:10:35:90:54:aa:7c:fc:89:2e:cb:0a:
                    e6:81:04:65:99:c9:87:e8:04:c6:33:72:67:e5:b7:
                    b9:d5:5c:7c:dd:73:d5:8d:5c:38:db:9b:5d:20:c1:
                    7f:98:e4:14:66:47:99:d3:f9:9a:1e:14:cc:a1:56:
                    3f:95:5d:b9:e2:32:1a:2e:99:5d:86:aa:e3:27:b5:
                    52:a5:8e:53:22:c9:25:49:f6:b9:1e:e9:13:1d:f3:
                    aa:1a:38:bd:15:46:f5:a6:82:a1:25:dd:8b:0c:de:
                    0b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8C:1E:CA:29:B0:36:0A:18:57:11:DA:0A:E3:D9:72:CA:15:01:45
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:17:99:8a:6d:c6:66:82:85:a6:7b:49:ed:46:f1:c8:49:17:
         6e:85:48:9d:9d:b4:a6:36:8d:16:fa:89:e5:ff:9f:3a:56:ae:
         57:2a:45:05:fb:95:2c:b8:d3:c2:25:52:b4:40:72:90:f3:d2:
         71:6f:de:74:9c:c2:bc:95:8c:05:a9:52:cb:56:f1:a5:a6:bb:
         47:e8:e6:d4:3e:84:ce:d2:da:ed:c6:1c:8f:d1:56:b0:94:7f:
         fd:c5:bc:4b:f3:7e:17:cf:19:de:74:93:0e:c6:03:38:80:7d:
         ce:f8:e2:af:c9:3a:8a:bc:12:75:f1:3c:e8:33:f7:33:fe:23:
         c8:ed:52:16:1a:26:d2:4d:10:a6:23:b5:75:70:2a:1a:61:e0:
         3f:0f:91:13:3e:09:76:0d:3a:6e:82:3e:24:98:af:b8:d0:49:
         3f:15:5a:8c:2c:ba:26:14:19:71:60:0d:ac:1e:ff:2e:0c:7f:
         01:19:23:7d:c6:42:cf:e8:a8:1a:95:00:c9:47:6e:76:d1:e5:
         7b:7d:f4:a4:e1:8f:b4:13:84:28:c2:aa:0d:44:31:a9:be:0c:
         08:e5:b0:a3:dc:fc:0c:eb:8d:e1:f5:57:14:bf:a6:05:d4:f4:
         65:3a:41:30:93:52:47:b0:e7:6b:f3:2a:c7:67:dc:d0:0f:1a:
         c9:16:a0:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFRP0VXrAdK4Dw58zugAK67y7BrcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEyMTcxNjIyNTBaFw0yNTEyMTYxNjI3NTBaMDMxMTAvBgNV
BAMTKEE4OEMxRUNBMjlCMDM2MEExODU3MTFEQTBBRTNEOTcyQ0ExNTAxNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1on/RuPLEHQ7zk1BvNpl4PmeY
wG5HzCF1pgGK/wlZl/6NGiG3Na4iq65itlTcv5BhtwJgKkuUEI9VCNjV4pBG7nzZ
TC3XMNC+MwCv+ywBxligKZ9bJi6scDeukPEjFpudDctAmFgH68XOxfDobs4bBK38
kh1epKcqCSpsi3oz9bwGbqHCvNlMBdzdSL6W3wopCgKWo76JGB4QNZBUqnz8iS7L
CuaBBGWZyYfoBMYzcmflt7nVXHzdc9WNXDjbm10gwX+Y5BRmR5nT+ZoeFMyhVj+V
XbniMhoumV2GquMntVKljlMiySVJ9rke6RMd86oaOL0VRvWmgqEl3YsM3gvHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqIweyimwNgoYVxHaCuPZcsoVAUUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE0MTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxRo
MA0GCSqGSIb3DQEBCwUAA4IBAQAKF5mKbcZmgoWme0ntRvHISRduhUidnbSmNo0W
+onl/586Vq5XKkUF+5UsuNPCJVK0QHKQ89Jxb950nMK8lYwFqVLLVvGlprtH6ObU
PoTO0trtxhyP0VawlH/9xbxL834XzxnedJMOxgM4gH3O+OKvyTqKvBJ18TzoM/cz
/iPI7VIWGibSTRCmI7V1cCoaYeA/D5ETPgl2DTpugj4kmK+40Ek/FVqMLLomFBlx
YA2sHv8uDH8BGSN9xkLP6KgalQDJR2520eV7ffSk4Y+0E4QowqoNRDGpvgwI5bCj
3PwM643h9VcUv6YF1PRlOkEwk1JHsOdr8yrHZ9zQDxrJFqDv
-----END CERTIFICATE-----