Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa
File:                     AS141968.roa (raw, json)
Hash identifier:          ia6WbgXaEOmjGqN6QwqgR1zDvEnF7eJA16GZzZW9Z9o=
Subject key identifier:   E3:F5:A1:F1:1F:7A:77:E9:22:97:01:72:9B:C9:5F:0E:E8:AF:91:61
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0FC2F3F2F47CF2600DBA77553783B678F6300E6F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa
Signing time:             Wed 20 Nov 2024 08:43:28 +0000
ROA not before:           Wed 20 Nov 2024 08:38:28 +0000
ROA not after:            Wed 19 Nov 2025 08:43:28 +0000
asID:                     141968
IP address blocks:        45.149.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:c2:f3:f2:f4:7c:f2:60:0d:ba:77:55:37:83:b6:78:f6:30:0e:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 20 08:38:28 2024 GMT
            Not After : Nov 19 08:43:28 2025 GMT
        Subject: CN=E3F5A1F11F7A77E9229701729BC95F0EE8AF9161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6e:6d:4d:0e:90:af:b3:44:95:38:df:b1:26:
                    1e:17:f9:fb:81:5e:29:2a:f6:40:4a:f6:c7:7f:b5:
                    c4:11:c5:e3:53:1d:b8:f1:d5:07:1d:19:24:c7:be:
                    04:f1:62:29:a8:d9:71:7d:4c:07:97:bd:b8:88:5f:
                    fb:e0:12:82:0d:e6:38:1f:6a:2f:29:01:26:85:d5:
                    f7:bc:7a:5a:fc:01:73:88:dc:fa:15:75:fc:0a:7e:
                    24:bd:ac:f8:e4:b3:c4:ba:39:1a:f6:a0:ac:68:38:
                    63:77:30:f4:33:2d:5b:29:c3:33:fe:dd:25:b2:73:
                    ed:8d:97:ee:7e:3f:11:0c:2b:eb:48:82:12:26:fd:
                    76:cb:cb:ac:25:56:7e:ee:07:bb:d2:85:b1:6d:c9:
                    2a:a2:92:d1:b8:8b:e9:cf:32:22:90:05:9e:5d:30:
                    aa:50:1f:ba:68:ab:e9:2a:dd:36:35:0d:d5:15:f1:
                    df:7c:e6:74:db:08:b8:fa:71:51:c8:3f:f7:12:67:
                    60:81:47:f7:70:1b:37:c7:ce:f5:04:5b:76:b4:86:
                    3a:dc:7b:87:7d:82:5d:d8:af:b9:04:c3:1b:d6:75:
                    28:0a:59:9f:8a:02:3f:1f:fc:90:59:4f:b1:34:83:
                    7d:4c:5e:41:b8:af:31:f7:4c:ec:a4:80:f4:31:54:
                    83:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F5:A1:F1:1F:7A:77:E9:22:97:01:72:9B:C9:5F:0E:E8:AF:91:61
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:36:96:e6:33:cd:db:9b:d5:59:0b:2b:c9:65:45:a2:ab:eb:
         83:8e:b6:d3:29:b0:7f:8e:c1:6d:91:56:eb:f9:da:6e:e1:d9:
         08:3e:87:2d:1f:77:62:f9:41:5a:94:fc:23:41:0e:15:87:d8:
         8c:0a:33:87:53:a3:43:93:db:2d:84:d3:bf:d2:76:fc:25:ce:
         4a:dc:2f:19:7a:6a:4a:65:a5:19:f9:52:a8:eb:5e:ec:20:e5:
         05:70:e7:96:24:a4:12:b2:9d:76:88:52:4f:19:3c:b4:86:fc:
         f0:64:51:48:6e:9f:20:72:75:2b:05:18:09:a2:49:0d:99:37:
         f6:86:f1:8b:bc:05:80:8e:a1:91:75:9a:51:15:26:53:e8:c8:
         bd:7f:77:fd:3f:47:f5:20:c4:2a:e4:4f:c2:76:e9:00:1c:72:
         f4:e7:24:81:5b:47:99:f6:e5:b1:ae:0c:2a:10:30:ec:ea:6b:
         f8:fa:1d:a3:4a:73:2d:7e:d5:cb:ab:5b:f1:2a:e7:0e:83:a4:
         ba:66:98:4f:d1:92:9c:f9:ca:88:72:45:c7:08:81:e0:ab:05:
         b4:84:a3:bd:f8:49:a1:f1:21:cd:31:dd:2d:02:39:b6:02:8a:
         e2:61:f0:c8:4e:e3:2b:31:37:95:32:5c:d1:c8:f1:c7:e1:2e:
         b5:b4:76:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUD8Lz8vR88mANundVN4O2ePYwDm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMjAwODM4MjhaFw0yNTExMTkwODQzMjhaMDMxMTAvBgNV
BAMTKEUzRjVBMUYxMUY3QTc3RTkyMjk3MDE3MjlCQzk1RjBFRThBRjkxNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlbm1NDpCvs0SVON+xJh4X+fuB
Xikq9kBK9sd/tcQRxeNTHbjx1QcdGSTHvgTxYimo2XF9TAeXvbiIX/vgEoIN5jgf
ai8pASaF1fe8elr8AXOI3PoVdfwKfiS9rPjks8S6ORr2oKxoOGN3MPQzLVspwzP+
3SWyc+2Nl+5+PxEMK+tIghIm/XbLy6wlVn7uB7vShbFtySqiktG4i+nPMiKQBZ5d
MKpQH7poq+kq3TY1DdUV8d985nTbCLj6cVHIP/cSZ2CBR/dwGzfHzvUEW3a0hjrc
e4d9gl3Yr7kEwxvWdSgKWZ+KAj8f/JBZT7E0g31MXkG4rzH3TOykgPQxVIOZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4/Wh8R96d+kilwFym8lfDuivkWEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQxOTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZW7
MA0GCSqGSIb3DQEBCwUAA4IBAQCWNpbmM83bm9VZCyvJZUWiq+uDjrbTKbB/jsFt
kVbr+dpu4dkIPoctH3di+UFalPwjQQ4Vh9iMCjOHU6NDk9sthNO/0nb8Jc5K3C8Z
empKZaUZ+VKo617sIOUFcOeWJKQSsp12iFJPGTy0hvzwZFFIbp8gcnUrBRgJokkN
mTf2hvGLvAWAjqGRdZpRFSZT6Mi9f3f9P0f1IMQq5E/CdukAHHL05ySBW0eZ9uWx
rgwqEDDs6mv4+h2jSnMtftXLq1vxKucOg6S6ZphP0ZKc+cqIckXHCIHgqwW0hKO9
+Emh8SHNMd0tAjm2AoriYfDITuMrMTeVMlzRyPHH4S61tHYN
-----END CERTIFICATE-----