Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa
File:                     AS142111.roa (raw, json)
Hash identifier:          0F1VmKbmPTFnMsSzr8R3lQFDyrwn2WRJlVB5skfzvdo=
Subject key identifier:   26:03:0A:6D:98:1F:A2:25:9C:24:6E:F1:A3:5C:F0:26:61:B0:D0:2D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4703CDE70A8109E83B5FB6E61242C62C453BD7D1
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa
Signing time:             Thu 25 Jan 2024 00:00:08 +0000
ROA not before:           Wed 24 Jan 2024 23:55:08 +0000
ROA not after:            Thu 23 Jan 2025 00:00:08 +0000
asID:                     142111
IP address blocks:        45.146.82.0/24 maxlen: 24
                          45.158.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:03:cd:e7:0a:81:09:e8:3b:5f:b6:e6:12:42:c6:2c:45:3b:d7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 24 23:55:08 2024 GMT
            Not After : Jan 23 00:00:08 2025 GMT
        Subject: CN=26030A6D981FA2259C246EF1A35CF02661B0D02D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0a:63:9f:5d:5c:58:89:18:58:dd:84:02:a4:
                    ba:3c:58:51:ac:bc:7e:b9:db:f1:ab:1c:c0:d4:32:
                    c2:16:4d:07:ba:65:2b:66:61:ef:6f:ee:ba:9e:d4:
                    37:36:70:7e:99:bb:7a:52:09:9c:86:74:bb:25:50:
                    a4:be:09:48:14:e8:a8:28:e4:30:51:e2:5d:b3:45:
                    40:e5:ff:b1:c9:9a:b9:ef:ae:f3:c4:2c:4f:5b:22:
                    82:7c:ab:6a:ab:a0:58:1f:0b:7a:1c:9b:b2:89:57:
                    14:00:b7:c4:7c:46:f1:11:d1:78:d7:bd:d3:19:f2:
                    86:5b:39:46:e3:06:55:a5:dd:72:35:c8:f1:eb:79:
                    98:60:f2:72:97:ed:bd:22:de:6e:e7:14:bd:ee:25:
                    35:41:94:e6:99:b4:57:50:87:25:28:ab:ee:0c:a2:
                    c2:ea:80:4b:90:2a:31:de:29:c8:b5:7a:89:54:63:
                    75:be:e8:00:95:5a:97:b3:68:a9:7a:4c:0c:56:fa:
                    6c:62:2a:e2:41:ae:23:4f:0d:57:01:b6:79:89:9f:
                    84:3e:77:5c:7b:d2:9a:a2:9d:dc:8a:bc:11:ec:c0:
                    52:01:58:1b:5c:67:23:b2:d1:16:8d:c3:b1:7c:b2:
                    a4:82:f6:41:0c:e7:44:04:2d:ba:7c:bf:2b:d9:03:
                    8d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:03:0A:6D:98:1F:A2:25:9C:24:6E:F1:A3:5C:F0:26:61:B0:D0:2D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.82.0/24
                  45.158.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:16:c4:70:cc:a7:f8:c4:43:51:14:85:ca:5e:99:14:02:a4:
         38:5e:1d:4e:0a:8f:84:30:66:05:6f:0a:00:f1:35:4f:bc:65:
         70:60:ee:2d:58:b5:be:bc:c2:06:ed:01:51:8d:9e:54:80:b6:
         ba:05:f2:37:fd:f5:3c:c8:6a:16:3e:53:94:e4:c5:bf:4d:9b:
         1a:cb:f5:dd:fa:bb:cc:1f:54:35:ae:03:9a:db:c7:52:ce:56:
         e3:d1:5e:df:f7:28:e9:bc:0f:33:52:88:0a:a2:20:74:af:90:
         74:1a:d1:4b:61:b7:d6:8e:c6:c3:8a:c6:cf:86:b4:f3:1c:32:
         cb:e8:a7:45:db:8e:73:da:c6:55:6b:30:29:e8:50:3f:51:94:
         ca:69:51:05:aa:95:0f:be:13:19:7e:fd:b7:1f:14:5c:6c:15:
         45:82:df:cd:8c:6a:1c:e3:37:ea:42:40:e7:96:c2:6d:ab:02:
         a1:ec:a2:3b:bc:30:87:e8:b8:e2:41:1c:f2:25:a3:af:18:4f:
         6e:a4:82:69:90:9f:18:91:a8:72:e6:ca:fc:f6:d5:4a:8b:c7:
         92:fb:9f:9a:12:1d:b6:36:fa:72:a2:ab:c6:2d:3e:c7:5f:92:
         15:20:aa:ae:de:55:43:63:1c:13:92:18:1c:34:4e:07:bf:25:
         29:eb:53:74
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURwPN5wqBCeg7X7bmEkLGLEU719EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjQyMzU1MDhaFw0yNTAxMjMwMDAwMDhaMDMxMTAvBgNV
BAMTKDI2MDMwQTZEOTgxRkEyMjU5QzI0NkVGMUEzNUNGMDI2NjFCMEQwMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1CmOfXVxYiRhY3YQCpLo8WFGs
vH652/GrHMDUMsIWTQe6ZStmYe9v7rqe1Dc2cH6Zu3pSCZyGdLslUKS+CUgU6Kgo
5DBR4l2zRUDl/7HJmrnvrvPELE9bIoJ8q2qroFgfC3ocm7KJVxQAt8R8RvER0XjX
vdMZ8oZbOUbjBlWl3XI1yPHreZhg8nKX7b0i3m7nFL3uJTVBlOaZtFdQhyUoq+4M
osLqgEuQKjHeKci1eolUY3W+6ACVWpezaKl6TAxW+mxiKuJBriNPDVcBtnmJn4Q+
d1x70pqindyKvBHswFIBWBtcZyOy0RaNw7F8sqSC9kEM50QELbp8vyvZA42JAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUJgMKbZgfoiWcJG7xo1zwJmGw0C0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQyMTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZJS
AwQALZ4LMA0GCSqGSIb3DQEBCwUAA4IBAQAbFsRwzKf4xENRFIXKXpkUAqQ4Xh1O
Co+EMGYFbwoA8TVPvGVwYO4tWLW+vMIG7QFRjZ5UgLa6BfI3/fU8yGoWPlOU5MW/
TZsay/Xd+rvMH1Q1rgOa28dSzlbj0V7f9yjpvA8zUogKoiB0r5B0GtFLYbfWjsbD
isbPhrTzHDLL6KdF245z2sZVazAp6FA/UZTKaVEFqpUPvhMZfv23HxRcbBVFgt/N
jGoc4zfqQkDnlsJtqwKh7KI7vDCH6LjiQRzyJaOvGE9upIJpkJ8Ykahy5sr89tVK
i8eS+5+aEh22NvpyoqvGLT7HX5IVIKqu3lVDYxwTkhgcNE4HvyUp61N0
-----END CERTIFICATE-----