Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
File:                     AS12874.roa (raw, json)
Hash identifier:          yVto7FNazyk4OLenHYQRW4PHzsK+eN5A9ZFWabkUAeA=
Subject key identifier:   2C:96:93:5C:CE:92:A0:FD:C4:37:07:A5:01:4B:DD:FC:4F:A3:FE:DD
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7FC5A8AFAB75122C31D51881C41FBAAAF0537445
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
Signing time:             Mon 05 May 2025 18:54:07 +0000
ROA not before:           Mon 05 May 2025 18:49:07 +0000
ROA not after:            Mon 04 May 2026 18:54:07 +0000
asID:                     12874
IP address blocks:        194.5.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:c5:a8:af:ab:75:12:2c:31:d5:18:81:c4:1f:ba:aa:f0:53:74:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May  5 18:49:07 2025 GMT
            Not After : May  4 18:54:07 2026 GMT
        Subject: CN=2C96935CCE92A0FDC43707A5014BDDFC4FA3FEDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:31:7d:e6:bf:4c:e8:67:8c:8a:87:f7:12:97:
                    6f:1f:ae:06:44:e8:7f:2d:26:e5:d4:9d:9a:9a:c4:
                    c3:71:8d:60:fa:09:3c:51:a0:c3:68:7b:bd:2c:eb:
                    ea:4c:ec:0e:c8:2d:5a:b9:1d:20:74:07:6a:a8:1d:
                    b2:1b:0d:9e:ad:ad:7f:21:26:3e:f0:48:9c:ea:fa:
                    59:a8:19:70:01:1d:86:16:1b:eb:4a:63:3c:59:51:
                    05:1d:97:39:b4:ce:b5:85:b9:b4:01:5a:e4:24:cf:
                    79:1e:57:70:77:0b:a0:d0:2e:47:f3:7b:1d:46:7d:
                    78:c7:f7:ef:5a:25:fb:6b:09:7f:cf:7c:e4:e7:eb:
                    c1:92:81:16:65:87:b3:a4:9a:ac:e4:86:f4:3f:64:
                    6d:da:0f:07:cf:45:d3:75:10:d4:29:a7:cf:c2:21:
                    db:9a:88:4f:33:34:d9:d5:a4:ca:27:01:66:fe:00:
                    fd:91:fc:dc:5f:95:f2:f6:ea:ae:67:68:0b:39:0a:
                    b5:6b:18:8c:a4:ab:bd:8f:72:ad:81:12:4e:e6:66:
                    1e:18:93:85:c3:35:2f:58:23:cc:06:0f:d9:a0:c7:
                    c8:65:21:a1:36:b9:b6:75:22:ff:e5:e4:93:9e:50:
                    19:2d:b2:5c:c2:9e:1d:9d:dd:7a:09:9b:c4:b8:d6:
                    f5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:96:93:5C:CE:92:A0:FD:C4:37:07:A5:01:4B:DD:FC:4F:A3:FE:DD
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:1a:14:7e:94:2c:5c:8c:79:3e:d8:7b:61:e4:37:dd:28:52:
         bf:4b:57:6b:18:d5:ff:20:0a:91:c3:3a:dc:bb:46:5b:b3:83:
         5d:25:10:f2:6d:bc:20:f9:6e:a5:5f:dc:ac:3b:64:23:58:fc:
         f1:49:a0:10:5b:42:1a:44:48:a9:38:cc:02:16:66:47:08:b2:
         a5:77:9f:46:04:99:b4:04:b0:41:34:1a:ef:1c:48:8f:0d:55:
         c0:30:8e:73:ea:5d:2f:a6:02:82:a0:51:3d:2b:46:6f:2a:9b:
         f2:a4:f9:1a:b2:08:16:ec:f2:9a:71:bd:6a:b4:27:dd:45:02:
         95:45:26:e5:e4:89:43:18:eb:64:67:cf:b9:56:3a:24:2c:5f:
         e3:f4:13:d2:bb:4a:d8:2a:30:2e:30:e3:db:61:46:a5:7b:54:
         c2:48:48:bf:1e:42:a0:5d:b5:99:26:c2:b3:aa:a4:62:79:9f:
         cb:8a:cc:be:f7:71:de:f5:88:93:12:61:5d:90:bc:7f:fd:29:
         b2:92:0a:1c:35:ba:98:80:72:c4:3c:9e:93:03:15:09:4b:c4:
         8a:87:35:da:2e:c0:3a:0e:47:1c:36:03:cc:05:a1:4a:33:10:
         2f:ab:5a:6e:89:be:70:c8:62:e3:05:74:8b:6f:7c:4a:35:f7:
         3a:8a:cb:cb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUf8Wor6t1Eiwx1RiBxB+6qvBTdEUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA1MDUxODQ5MDdaFw0yNjA1MDQxODU0MDdaMDMxMTAvBgNV
BAMTKDJDOTY5MzVDQ0U5MkEwRkRDNDM3MDdBNTAxNEJEREZDNEZBM0ZFREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNMX3mv0zoZ4yKh/cSl28frgZE
6H8tJuXUnZqaxMNxjWD6CTxRoMNoe70s6+pM7A7ILVq5HSB0B2qoHbIbDZ6trX8h
Jj7wSJzq+lmoGXABHYYWG+tKYzxZUQUdlzm0zrWFubQBWuQkz3keV3B3C6DQLkfz
ex1GfXjH9+9aJftrCX/PfOTn68GSgRZlh7OkmqzkhvQ/ZG3aDwfPRdN1ENQpp8/C
IduaiE8zNNnVpMonAWb+AP2R/NxflfL26q5naAs5CrVrGIykq72Pcq2BEk7mZh4Y
k4XDNS9YI8wGD9mgx8hlIaE2ubZ1Iv/l5JOeUBktslzCnh2d3XoJm8S41vVPAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQULJaTXM6SoP3ENwelAUvd/E+j/t0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTI4NzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCBZIw
DQYJKoZIhvcNAQELBQADggEBAAEaFH6ULFyMeT7Ye2HkN90oUr9LV2sY1f8gCpHD
Oty7Rluzg10lEPJtvCD5bqVf3Kw7ZCNY/PFJoBBbQhpESKk4zAIWZkcIsqV3n0YE
mbQEsEE0Gu8cSI8NVcAwjnPqXS+mAoKgUT0rRm8qm/Kk+RqyCBbs8ppxvWq0J91F
ApVFJuXkiUMY62Rnz7lWOiQsX+P0E9K7StgqMC4w49thRqV7VMJISL8eQqBdtZkm
wrOqpGJ5n8uKzL73cd71iJMSYV2QvH/9KbKSChw1upiAcsQ8npMDFQlLxIqHNdou
wDoORxw2A8wFoUozEC+rWm6JvnDIYuMFdItvfEo19zqKy8s=
-----END CERTIFICATE-----