Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa
File:                     AS141968.roa (raw, json)
Hash identifier:          rUn32cxgR16dxD9ivbgI6aLeqHOthwBgV12wXLvx91A=
Subject key identifier:   F0:94:E7:BA:91:31:9B:98:65:4C:56:1A:8B:B4:C2:5D:7F:EE:60:8E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4144E677B59AD633B4E7456DB95375A61AB432D9
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa
Signing time:             Wed 20 Dec 2023 08:05:08 +0000
ROA not before:           Wed 20 Dec 2023 08:00:08 +0000
ROA not after:            Wed 18 Dec 2024 08:05:08 +0000
asID:                     141968
IP address blocks:        45.149.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:44:e6:77:b5:9a:d6:33:b4:e7:45:6d:b9:53:75:a6:1a:b4:32:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 20 08:00:08 2023 GMT
            Not After : Dec 18 08:05:08 2024 GMT
        Subject: CN=F094E7BA91319B98654C561A8BB4C25D7FEE608E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2c:30:21:85:27:fb:35:13:fa:b4:7e:43:12:
                    8a:28:ce:47:44:42:73:0b:9a:ae:ff:3f:e6:dd:ec:
                    45:e3:e6:40:e8:78:d2:b1:98:a8:0d:27:d7:43:5a:
                    a4:95:09:15:95:a1:3c:d9:44:1b:ce:ff:e1:0f:f0:
                    2c:e7:ad:c0:ee:66:cc:dd:e1:a7:c0:49:5f:8a:80:
                    e6:54:64:da:97:35:1c:3a:cb:08:3a:9f:aa:d3:5c:
                    8b:3e:97:eb:96:1f:f8:a8:99:91:5c:c7:80:c2:4a:
                    71:b3:96:11:1b:0f:b1:59:a2:c3:2b:ee:7d:ef:5a:
                    dd:ef:70:7c:2d:93:f5:b4:4b:87:3f:dc:dd:c4:b5:
                    51:66:db:c6:70:0c:fd:4f:ac:00:34:c7:98:cb:4c:
                    f7:4b:dc:05:3e:9b:b8:2d:98:6b:f2:98:40:28:be:
                    ae:18:b3:b6:60:be:84:9b:9d:77:22:33:47:75:e1:
                    fa:d3:21:37:c0:1a:f8:13:40:9a:e8:8b:8a:77:9a:
                    86:4f:96:bc:4b:09:41:01:8c:4b:1b:c1:56:71:c9:
                    33:7c:8b:1c:d7:9b:18:cc:b8:91:b8:be:73:27:1c:
                    27:be:db:e0:f8:87:86:0e:28:c3:e1:9c:bf:bf:23:
                    be:8d:65:10:2f:e5:90:b1:61:6b:75:27:f9:e4:12:
                    77:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:94:E7:BA:91:31:9B:98:65:4C:56:1A:8B:B4:C2:5D:7F:EE:60:8E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:dd:68:b2:2c:6b:e7:9b:d7:3e:a6:9f:a4:5e:e8:43:b0:20:
         49:8a:49:31:cf:25:cf:0d:a4:34:45:01:43:b7:90:aa:4c:d8:
         76:08:4d:de:6a:f3:89:ff:36:41:d1:4b:89:4d:4f:82:69:77:
         5b:f5:ad:7f:4e:b2:9c:18:1f:d4:38:c9:37:94:70:97:a2:6a:
         a9:78:20:55:e5:4b:76:15:ea:1b:11:da:04:b3:d9:3e:0f:d3:
         3e:e5:af:64:dc:d1:b0:20:62:11:cc:de:bd:1f:26:e7:04:08:
         7c:db:eb:ba:f5:ac:9e:9e:c3:76:8f:25:04:d0:d4:05:56:e1:
         6a:34:00:35:c1:b9:d0:47:c8:b8:93:6c:8a:32:31:1d:68:12:
         2f:68:29:49:9f:2a:fe:c8:7b:2e:78:ac:17:eb:b9:7b:6b:3d:
         d4:51:6c:9d:e6:da:a1:c5:d8:de:37:8b:40:a5:91:ac:38:f9:
         0c:b2:c0:b6:60:7c:53:1b:81:75:dd:4b:cc:e1:e2:47:74:93:
         08:16:ab:07:1e:0f:10:e7:7e:2f:68:07:bc:c4:88:1a:c3:34:
         f0:cc:d0:ae:46:c2:0f:77:7e:f1:ff:98:e0:84:a1:64:33:ef:
         fd:52:32:21:41:92:9d:d3:2f:5b:4e:45:45:07:0d:5c:28:1e:
         ef:fe:c7:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQUTmd7Wa1jO050VtuVN1phq0MtkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEyMjAwODAwMDhaFw0yNDEyMTgwODA1MDhaMDMxMTAvBgNV
BAMTKEYwOTRFN0JBOTEzMTlCOTg2NTRDNTYxQThCQjRDMjVEN0ZFRTYwOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKLDAhhSf7NRP6tH5DEooozkdE
QnMLmq7/P+bd7EXj5kDoeNKxmKgNJ9dDWqSVCRWVoTzZRBvO/+EP8CznrcDuZszd
4afASV+KgOZUZNqXNRw6ywg6n6rTXIs+l+uWH/iomZFcx4DCSnGzlhEbD7FZosMr
7n3vWt3vcHwtk/W0S4c/3N3EtVFm28ZwDP1PrAA0x5jLTPdL3AU+m7gtmGvymEAo
vq4Ys7ZgvoSbnXciM0d14frTITfAGvgTQJroi4p3moZPlrxLCUEBjEsbwVZxyTN8
ixzXmxjMuJG4vnMnHCe+2+D4h4YOKMPhnL+/I76NZRAv5ZCxYWt1J/nkEneLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8JTnupExm5hlTFYai7TCXX/uYI4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQxOTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZW7
MA0GCSqGSIb3DQEBCwUAA4IBAQAq3WiyLGvnm9c+pp+kXuhDsCBJikkxzyXPDaQ0
RQFDt5CqTNh2CE3eavOJ/zZB0UuJTU+CaXdb9a1/TrKcGB/UOMk3lHCXomqpeCBV
5Ut2FeobEdoEs9k+D9M+5a9k3NGwIGIRzN69HybnBAh82+u69ayensN2jyUE0NQF
VuFqNAA1wbnQR8i4k2yKMjEdaBIvaClJnyr+yHsueKwX67l7az3UUWyd5tqhxdje
N4tApZGsOPkMssC2YHxTG4F13UvM4eJHdJMIFqsHHg8Q534vaAe8xIgawzTwzNCu
RsIPd37x/5jghKFkM+/9UjIhQZKd0y9bTkVFBw1cKB7v/sdS
-----END CERTIFICATE-----