Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa
File:                     AS140543.roa (raw, json)
Hash identifier:          qJAYcsb/3il3Lwzq8Gv1e01OmrDWKCpS8ltF69AruWQ=
Subject key identifier:   A6:7C:30:E0:33:E7:96:0D:B1:53:24:1C:EA:DD:7A:0B:5D:74:22:57
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       047C6C659320527CDE8CBB01A78145A69D5A7F42
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa
Signing time:             Fri 01 Dec 2023 16:38:49 +0000
ROA not before:           Fri 01 Dec 2023 16:33:49 +0000
ROA not after:            Fri 29 Nov 2024 16:38:49 +0000
asID:                     140543
IP address blocks:        45.142.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:7c:6c:65:93:20:52:7c:de:8c:bb:01:a7:81:45:a6:9d:5a:7f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec  1 16:33:49 2023 GMT
            Not After : Nov 29 16:38:49 2024 GMT
        Subject: CN=A67C30E033E7960DB153241CEADD7A0B5D742257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7e:23:8c:e3:a4:c1:03:33:85:8f:27:84:4c:
                    b1:43:75:99:2b:25:46:83:9f:37:22:68:49:12:1f:
                    4a:08:3e:d7:46:a8:6b:77:c2:01:51:9b:b9:9f:0d:
                    d5:a0:c6:76:c2:a4:58:df:48:09:3a:3c:80:f4:5d:
                    d7:f9:fe:23:e9:69:7b:d4:3b:7d:52:e0:74:a1:8c:
                    f1:84:28:5f:79:b5:11:66:fe:ac:28:48:33:74:8c:
                    4b:16:10:01:8e:2f:c9:9d:a5:94:c6:c3:4c:40:fd:
                    97:80:57:7f:ce:8e:7c:1f:d0:17:a7:3a:12:38:48:
                    27:aa:44:e4:ea:f4:c6:8e:49:d4:28:9b:2b:0d:8b:
                    59:8b:b5:57:80:ba:45:a9:4d:76:c1:a3:ba:27:c3:
                    1d:64:c8:a3:a2:5d:4a:a1:b2:86:bb:c5:33:0c:c7:
                    78:54:6c:20:a6:e5:35:6f:51:40:b2:78:2a:3d:88:
                    b0:56:06:ae:39:63:4c:fc:89:78:f4:9f:71:ad:ee:
                    dd:4d:1c:0f:d7:0b:1c:f1:58:bf:41:9c:e8:5c:f4:
                    d6:c9:ac:0c:55:7a:c2:6e:98:5c:90:66:ab:ed:7c:
                    83:b8:e0:fa:0e:d1:96:29:e1:73:4a:55:11:db:4f:
                    30:9a:cb:74:b7:91:a1:68:f5:0f:90:db:b8:55:44:
                    72:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7C:30:E0:33:E7:96:0D:B1:53:24:1C:EA:DD:7A:0B:5D:74:22:57
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:af:04:d0:9a:9e:ce:3e:c9:62:89:d9:ef:25:4a:eb:c5:a8:
         01:dc:d9:44:86:f5:cd:16:cb:9f:fe:4d:ce:67:52:16:59:7a:
         98:79:46:a2:ee:f0:9e:e2:38:1c:01:4c:9c:e6:08:29:01:0d:
         c6:df:6d:07:8f:96:15:98:d4:73:1a:b3:3d:94:05:c6:21:94:
         df:c3:ec:e9:52:4e:1c:a8:21:80:07:1f:27:94:3a:1e:a5:34:
         82:1e:e3:f3:f8:e9:e5:32:f0:a7:2a:d2:5a:a7:a1:57:d2:c1:
         b8:c2:29:2c:71:86:6a:f5:0c:af:50:d1:c1:a0:2f:0c:95:3d:
         b0:2f:d1:dd:24:0d:ac:67:a0:0f:54:76:53:0e:13:ba:a4:49:
         76:f7:57:8d:38:a9:7f:5c:46:5f:61:b3:b2:21:62:b1:e4:d9:
         71:54:59:bd:a2:25:38:5b:85:1b:a1:d0:09:cf:7c:e7:7e:68:
         8e:a1:d7:17:dc:6e:76:28:b1:03:08:82:0e:00:b1:df:26:5f:
         23:82:29:d6:5d:02:7a:ea:1a:79:5f:fc:3c:59:16:74:e8:21:
         64:3d:10:cb:97:f9:49:76:c4:a3:99:16:5c:36:55:3e:fa:5a:
         32:2e:40:34:b0:52:d1:ee:1b:b0:cc:69:87:87:d8:ad:d4:34:
         b0:d2:6d:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBHxsZZMgUnzejLsBp4FFpp1af0IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEyMDExNjMzNDlaFw0yNDExMjkxNjM4NDlaMDMxMTAvBgNV
BAMTKEE2N0MzMEUwMzNFNzk2MERCMTUzMjQxQ0VBREQ3QTBCNUQ3NDIyNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnfiOM46TBAzOFjyeETLFDdZkr
JUaDnzciaEkSH0oIPtdGqGt3wgFRm7mfDdWgxnbCpFjfSAk6PID0Xdf5/iPpaXvU
O31S4HShjPGEKF95tRFm/qwoSDN0jEsWEAGOL8mdpZTGw0xA/ZeAV3/Ojnwf0Ben
OhI4SCeqROTq9MaOSdQomysNi1mLtVeAukWpTXbBo7onwx1kyKOiXUqhsoa7xTMM
x3hUbCCm5TVvUUCyeCo9iLBWBq45Y0z8iXj0n3Gt7t1NHA/XCxzxWL9BnOhc9NbJ
rAxVesJumFyQZqvtfIO44PoO0ZYp4XNKVRHbTzCay3S3kaFo9Q+Q27hVRHKbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpnww4DPnlg2xUyQc6t16C110IlcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQwNTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY7t
MA0GCSqGSIb3DQEBCwUAA4IBAQA+rwTQmp7OPsliidnvJUrrxagB3NlEhvXNFsuf
/k3OZ1IWWXqYeUai7vCe4jgcAUyc5ggpAQ3G320Hj5YVmNRzGrM9lAXGIZTfw+zp
Uk4cqCGABx8nlDoepTSCHuPz+OnlMvCnKtJap6FX0sG4wikscYZq9QyvUNHBoC8M
lT2wL9HdJA2sZ6APVHZTDhO6pEl291eNOKl/XEZfYbOyIWKx5NlxVFm9oiU4W4Ub
odAJz3znfmiOodcX3G52KLEDCIIOALHfJl8jginWXQJ66hp5X/w8WRZ06CFkPRDL
l/lJdsSjmRZcNlU++loyLkA0sFLR7huwzGmHh9it1DSw0m2t
-----END CERTIFICATE-----