Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa
File:                     AS142111.roa (raw, json)
Hash identifier:          CCqQ30ynz9Mq6+uIqvh+BHFWs1oTLyKrCRf7DdA3ohM=
Subject key identifier:   0B:2D:55:7C:66:1F:A6:6D:C6:BC:30:34:A4:50:6F:4D:52:09:01:37
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2183C44213FC80F2D72F7A9D68D4127BCA08A406
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa
Signing time:             Mon 30 Jun 2025 21:08:30 +0000
ROA not before:           Mon 30 Jun 2025 21:03:30 +0000
ROA not after:            Mon 29 Jun 2026 21:08:30 +0000
asID:                     142111
IP address blocks:        45.146.82.0/24 maxlen: 24
                          45.158.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 08:48:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:83:c4:42:13:fc:80:f2:d7:2f:7a:9d:68:d4:12:7b:ca:08:a4:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 30 21:03:30 2025 GMT
            Not After : Jun 29 21:08:30 2026 GMT
        Subject: CN=0B2D557C661FA66DC6BC3034A4506F4D52090137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:42:75:10:16:ed:0f:a8:26:ce:ec:23:22:46:
                    85:9d:2c:36:96:ca:9d:a6:0c:54:b4:8d:03:3a:c2:
                    71:79:71:d0:f7:4f:84:4b:bb:13:79:b6:4d:75:2a:
                    f6:70:3d:7e:63:f7:e5:4f:16:0e:c4:3b:cd:4c:83:
                    3a:84:ef:16:e0:05:a4:1f:52:ec:39:32:4b:9a:2b:
                    4b:c2:44:43:40:5b:74:fc:a6:b0:02:c2:17:66:81:
                    74:3e:bc:cd:03:aa:f8:95:5b:9d:6c:c2:2c:52:6d:
                    9f:c8:6b:b7:2e:54:18:69:76:b4:43:6a:2d:6a:65:
                    6a:43:e4:15:61:9c:ac:e2:36:0f:ed:6f:16:c5:09:
                    70:24:69:4d:14:6c:af:8e:76:1e:17:c0:e7:82:6f:
                    4c:4c:6e:c2:7f:14:18:51:16:04:fd:e1:96:69:63:
                    9d:5c:20:ff:38:1a:bd:86:f9:17:04:87:0a:f5:4e:
                    b1:fd:d4:05:61:e2:f7:14:b8:20:5e:75:a3:9b:da:
                    c5:ce:dd:88:3d:61:22:d2:2b:59:c4:a7:1a:37:4f:
                    33:bf:7e:74:ba:c8:9b:5e:99:d5:da:31:75:5b:b0:
                    7c:2c:da:b9:76:66:29:e2:e3:8f:11:4c:0d:13:88:
                    d7:b1:37:4f:d1:18:9b:08:52:1b:a5:9c:ae:8d:63:
                    99:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2D:55:7C:66:1F:A6:6D:C6:BC:30:34:A4:50:6F:4D:52:09:01:37
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.82.0/24
                  45.158.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:3f:ef:63:39:48:61:84:e9:10:a3:33:d2:d3:86:21:8a:ea:
         8a:35:d2:bd:ec:01:44:68:93:ea:ca:6e:a9:0c:d9:26:6a:98:
         0c:50:7c:fc:7b:70:fb:fd:9b:78:02:0b:40:eb:8b:c7:da:7c:
         9d:d0:54:8f:91:8b:a7:b5:a9:1f:4c:42:d7:4a:91:2d:69:f2:
         7c:89:ec:36:35:23:be:b1:ed:c4:16:b1:30:0c:54:fd:7e:4c:
         c0:7a:23:59:d2:39:dd:3d:71:46:93:4d:3e:29:85:86:f2:dc:
         ce:c3:1f:8e:53:b7:47:c8:07:69:75:01:dc:8c:76:5d:11:3f:
         1c:e7:84:46:e4:e6:c1:f0:a4:82:8e:0a:7c:53:06:d2:f1:0d:
         b7:a9:ad:1c:a4:cd:a1:4d:5a:56:28:25:f6:55:66:76:7f:ff:
         4c:9d:96:5b:5b:8d:53:57:a8:f3:f2:b0:25:38:b7:ed:7c:bf:
         dd:88:b1:62:57:c7:2b:86:59:ef:95:54:82:a5:4e:eb:d0:cf:
         f8:16:64:14:dc:07:16:24:ef:b1:2b:aa:26:d5:fc:fd:ab:e9:
         ec:fa:01:d0:76:cc:f5:24:39:55:1f:32:2a:2d:45:a3:e6:24:
         e6:ce:b3:61:36:31:ea:e5:d1:64:c0:fc:30:13:18:62:cc:89:
         97:21:2d:08
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUIYPEQhP8gPLXL3qdaNQSe8oIpAYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MzAyMTAzMzBaFw0yNjA2MjkyMTA4MzBaMDMxMTAvBgNV
BAMTKDBCMkQ1NTdDNjYxRkE2NkRDNkJDMzAzNEE0NTA2RjRENTIwOTAxMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEQnUQFu0PqCbO7CMiRoWdLDaW
yp2mDFS0jQM6wnF5cdD3T4RLuxN5tk11KvZwPX5j9+VPFg7EO81MgzqE7xbgBaQf
Uuw5MkuaK0vCRENAW3T8prACwhdmgXQ+vM0DqviVW51swixSbZ/Ia7cuVBhpdrRD
ai1qZWpD5BVhnKziNg/tbxbFCXAkaU0UbK+Odh4XwOeCb0xMbsJ/FBhRFgT94ZZp
Y51cIP84Gr2G+RcEhwr1TrH91AVh4vcUuCBedaOb2sXO3Yg9YSLSK1nEpxo3TzO/
fnS6yJtemdXaMXVbsHws2rl2Zini448RTA0TiNexN0/RGJsIUhulnK6NY5kRAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUCy1VfGYfpm3GvDA0pFBvTVIJATcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQyMTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZJS
AwQALZ4LMA0GCSqGSIb3DQEBCwUAA4IBAQCHP+9jOUhhhOkQozPS04YhiuqKNdK9
7AFEaJPqym6pDNkmapgMUHz8e3D7/Zt4AgtA64vH2nyd0FSPkYuntakfTELXSpEt
afJ8iew2NSO+se3EFrEwDFT9fkzAeiNZ0jndPXFGk00+KYWG8tzOwx+OU7dHyAdp
dQHcjHZdET8c54RG5ObB8KSCjgp8UwbS8Q23qa0cpM2hTVpWKCX2VWZ2f/9MnZZb
W41TV6jz8rAlOLftfL/diLFiV8crhlnvlVSCpU7r0M/4FmQU3AcWJO+xK6om1fz9
q+ns+gHQdsz1JDlVHzIqLUWj5iTmzrNhNjHq5dFkwPwwExhizImXIS0I
-----END CERTIFICATE-----