Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa
File:                     AS140543.roa (raw, json)
Hash identifier:          V+45TFUADZzHGhathVqAuJ0SeXsw9hMXi04MuApP1YU=
Subject key identifier:   93:F2:06:06:4F:EC:F7:83:32:4B:54:87:4F:15:C6:1C:8A:CB:B8:4F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       25001351A72014C608CAC09586C5E3C9A3596AA3
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa
Signing time:             Fri 01 Nov 2024 16:43:27 +0000
ROA not before:           Fri 01 Nov 2024 16:38:27 +0000
ROA not after:            Fri 31 Oct 2025 16:43:27 +0000
asID:                     140543
IP address blocks:        45.142.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:00:13:51:a7:20:14:c6:08:ca:c0:95:86:c5:e3:c9:a3:59:6a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov  1 16:38:27 2024 GMT
            Not After : Oct 31 16:43:27 2025 GMT
        Subject: CN=93F206064FECF783324B54874F15C61C8ACBB84F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:84:c8:e6:e9:93:b1:d2:28:9b:ab:86:f9:69:
                    af:31:7c:27:87:b7:7b:c0:86:2f:3e:57:2d:f6:c7:
                    f4:e6:91:50:96:b2:6c:38:99:78:1b:af:f7:64:e9:
                    22:c5:dc:0d:37:90:a7:73:a9:dd:e0:cc:1b:16:c9:
                    7a:86:48:6c:a0:63:3f:91:15:bd:f1:82:88:cb:e4:
                    fe:d3:d5:70:a5:d9:aa:ea:22:11:52:44:25:b8:e3:
                    45:d7:0d:3a:3d:0a:9e:25:1b:2d:21:e6:f9:20:21:
                    cc:8f:03:25:28:cc:f4:14:c6:4d:da:a6:d1:0d:0c:
                    c5:0f:b5:70:f8:34:c0:18:a1:97:87:91:8c:db:9c:
                    9d:4c:f3:38:f4:32:d4:44:69:ac:54:e1:12:db:54:
                    1c:60:87:75:ab:86:9e:a1:3f:4d:55:52:1a:07:e0:
                    89:c7:64:b8:f5:dc:17:09:7e:d2:d1:a1:0a:a5:a5:
                    25:b6:2b:27:d2:a3:99:b8:86:d0:d1:30:97:75:9c:
                    81:6c:bf:0d:0e:bb:ea:02:5f:00:c9:80:e5:c4:4e:
                    32:83:c4:85:84:01:f6:f1:dd:bd:36:bc:67:a4:10:
                    44:ae:50:34:54:7b:03:fd:aa:94:af:19:b4:25:3a:
                    93:b8:4c:2c:5c:45:3a:cb:35:c4:54:5c:94:1b:e1:
                    ab:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F2:06:06:4F:EC:F7:83:32:4B:54:87:4F:15:C6:1C:8A:CB:B8:4F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f5:8b:55:52:6e:06:f7:8e:d6:b9:b6:6a:14:c1:ef:9a:78:
         71:55:d2:5d:3b:f4:75:43:b7:13:00:10:49:e6:07:82:0f:88:
         c8:cf:11:1d:26:52:c7:cb:82:df:f6:db:b3:e5:b8:16:de:09:
         27:2d:ff:dc:8b:b5:51:86:d5:f1:37:4c:71:a3:26:31:99:a7:
         2f:a8:34:3f:77:b5:a8:ac:51:9c:a5:15:7c:95:d9:ef:6a:9b:
         6c:91:5a:1e:3d:53:6d:09:38:57:34:88:b1:76:31:5c:13:41:
         87:bc:76:12:4e:85:fd:f5:37:9e:31:85:cc:80:41:c0:45:4d:
         1e:89:98:06:01:6c:00:f5:c4:58:1c:95:af:6d:ad:88:73:37:
         ed:44:78:23:51:66:1d:d5:94:00:f5:8d:d7:2f:75:5b:48:a2:
         60:1c:ab:24:bb:a7:e5:31:2d:75:4c:83:e9:6e:4b:d4:b0:3f:
         6e:d6:8e:3f:50:06:1a:e9:6d:9f:bd:2b:84:e4:0d:26:f3:44:
         dd:7a:bc:9d:5e:12:9a:85:78:45:bd:2d:79:0a:2b:04:3f:d2:
         61:0f:d7:86:24:51:10:fb:7f:1d:fb:38:f5:8b:e7:4d:c9:46:
         03:51:79:ec:79:50:51:35:98:4f:af:c2:57:0a:15:5f:ff:51:
         93:b5:97:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJQATUacgFMYIysCVhsXjyaNZaqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMDExNjM4MjdaFw0yNTEwMzExNjQzMjdaMDMxMTAvBgNV
BAMTKDkzRjIwNjA2NEZFQ0Y3ODMzMjRCNTQ4NzRGMTVDNjFDOEFDQkI4NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdhMjm6ZOx0iibq4b5aa8xfCeH
t3vAhi8+Vy32x/TmkVCWsmw4mXgbr/dk6SLF3A03kKdzqd3gzBsWyXqGSGygYz+R
Fb3xgojL5P7T1XCl2arqIhFSRCW440XXDTo9Cp4lGy0h5vkgIcyPAyUozPQUxk3a
ptENDMUPtXD4NMAYoZeHkYzbnJ1M8zj0MtREaaxU4RLbVBxgh3Wrhp6hP01VUhoH
4InHZLj13BcJftLRoQqlpSW2KyfSo5m4htDRMJd1nIFsvw0Ou+oCXwDJgOXETjKD
xIWEAfbx3b02vGekEESuUDRUewP9qpSvGbQlOpO4TCxcRTrLNcRUXJQb4avRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUk/IGBk/s94MyS1SHTxXGHIrLuE8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQwNTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY7t
MA0GCSqGSIb3DQEBCwUAA4IBAQAk9YtVUm4G947WubZqFMHvmnhxVdJdO/R1Q7cT
ABBJ5geCD4jIzxEdJlLHy4Lf9tuz5bgW3gknLf/ci7VRhtXxN0xxoyYxmacvqDQ/
d7WorFGcpRV8ldnvaptskVoePVNtCThXNIixdjFcE0GHvHYSToX99TeeMYXMgEHA
RU0eiZgGAWwA9cRYHJWvba2IczftRHgjUWYd1ZQA9Y3XL3VbSKJgHKsku6flMS11
TIPpbkvUsD9u1o4/UAYa6W2fvSuE5A0m80TderydXhKahXhFvS15CisEP9JhD9eG
JFEQ+38d+zj1i+dNyUYDUXnseVBRNZhPr8JXChVf/1GTtZd3
-----END CERTIFICATE-----