Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa
File:                     AS142111.roa (raw, json)
Hash identifier:          Yij+0K8GrwswuxSSrkZ/Bh4+u767Sp7GkSiJnG71/hk=
Subject key identifier:   BC:18:B1:ED:A4:CC:2D:B8:EB:B7:DB:7B:27:91:86:27:C7:92:D6:DF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1823CCB9210EB7E73C606F280D5A3AD6B90B5927
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa
Signing time:             Mon 01 Jun 2026 21:47:22 +0000
ROA not before:           Mon 01 Jun 2026 21:42:22 +0000
ROA not after:            Mon 31 May 2027 21:47:22 +0000
asID:                     142111
IP address blocks:        45.146.82.0/24 maxlen: 24
                          45.158.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:29:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:23:cc:b9:21:0e:b7:e7:3c:60:6f:28:0d:5a:3a:d6:b9:0b:59:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun  1 21:42:22 2026 GMT
            Not After : May 31 21:47:22 2027 GMT
        Subject: CN=BC18B1EDA4CC2DB8EBB7DB7B27918627C792D6DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:bf:79:df:3d:6e:ee:b0:ee:db:60:4d:f4:0b:
                    7b:db:d0:1f:7a:be:1c:e5:d8:d3:14:d1:04:45:f9:
                    fb:4a:12:06:f4:63:63:0b:8e:de:d4:51:07:eb:a6:
                    ff:04:54:63:67:46:1b:f5:c5:ea:59:82:ee:3f:37:
                    c7:67:cf:31:1d:e5:70:51:48:bd:1d:eb:f6:bc:50:
                    be:de:0e:71:22:f2:24:b2:50:14:76:f0:38:af:d5:
                    73:2a:e2:c6:d0:27:c1:24:78:1d:49:13:d3:76:d5:
                    44:ab:bc:fb:5b:47:72:71:04:50:8a:cd:ce:ca:66:
                    c7:09:db:aa:5b:b6:ea:0a:7e:ea:39:6c:2b:fc:8b:
                    b4:3b:c3:57:83:95:27:8f:d9:f6:5f:65:11:51:34:
                    90:b2:1f:39:ec:98:e6:79:7b:e5:ff:01:1c:04:76:
                    ba:f4:d0:52:bc:57:f3:9a:a6:fb:16:2d:fc:51:43:
                    c2:83:98:06:09:37:e5:69:ac:1f:1a:21:f1:62:f2:
                    bf:9e:5b:bd:f5:28:85:56:87:c5:f2:4e:be:66:05:
                    c7:d2:26:90:c2:f0:14:fd:3a:e1:31:2e:11:5d:c9:
                    67:b0:86:ad:4e:5f:94:4e:d4:5a:41:64:27:bd:95:
                    9a:82:40:a4:03:c0:f1:44:36:2a:18:cc:0f:21:00:
                    a7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:18:B1:ED:A4:CC:2D:B8:EB:B7:DB:7B:27:91:86:27:C7:92:D6:DF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS142111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.82.0/24
                  45.158.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:29:25:71:26:41:34:ea:ba:9a:01:9b:42:18:30:d4:e1:ea:
         65:64:06:0f:dd:14:dc:c8:99:d1:07:44:bb:de:07:40:1e:fb:
         59:ca:9d:50:1a:9f:2b:06:d0:15:28:15:a4:46:45:7a:86:c3:
         9e:42:8e:6f:6d:6e:1b:5b:2f:e8:19:aa:63:b3:7d:0d:e4:c3:
         a1:a7:00:ed:1a:18:13:34:c9:f6:88:a5:8c:70:0b:18:22:03:
         70:9a:5a:ff:f1:94:f6:64:b0:1c:72:69:98:9a:7b:0e:4b:2d:
         7e:70:a2:6e:dd:fd:fe:85:f1:65:55:26:27:82:6e:6c:89:8c:
         9d:1d:e0:65:53:fe:2c:fa:ac:bd:50:12:bd:83:c3:a6:6e:d2:
         e6:02:f4:29:31:5d:89:60:08:25:d6:47:bd:7f:8c:0d:6d:1e:
         ba:43:0c:fa:d3:2a:6b:f6:1d:4e:2e:ae:34:9a:5d:63:35:78:
         c6:67:a9:86:68:7c:f6:d4:e9:9b:bf:bb:ad:fa:17:ac:12:a1:
         15:8d:e5:9b:c7:89:de:26:6c:22:fc:ca:bd:ca:80:e0:ec:cd:
         4f:fb:89:4d:b8:6a:70:9c:2a:42:8d:9e:1b:4d:5b:63:31:48:
         2e:fe:c8:61:39:52:ef:03:bb:b7:3d:38:49:5c:9f:18:81:8c:
         15:64:de:ba
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGCPMuSEOt+c8YG8oDVo61rkLWScwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MDEyMTQyMjJaFw0yNzA1MzEyMTQ3MjJaMDMxMTAvBgNV
BAMTKEJDMThCMUVEQTRDQzJEQjhFQkI3REI3QjI3OTE4NjI3Qzc5MkQ2REYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzv3nfPW7usO7bYE30C3vb0B96
vhzl2NMU0QRF+ftKEgb0Y2MLjt7UUQfrpv8EVGNnRhv1xepZgu4/N8dnzzEd5XBR
SL0d6/a8UL7eDnEi8iSyUBR28Div1XMq4sbQJ8EkeB1JE9N21USrvPtbR3JxBFCK
zc7KZscJ26pbtuoKfuo5bCv8i7Q7w1eDlSeP2fZfZRFRNJCyHznsmOZ5e+X/ARwE
drr00FK8V/OapvsWLfxRQ8KDmAYJN+VprB8aIfFi8r+eW731KIVWh8XyTr5mBcfS
JpDC8BT9OuExLhFdyWewhq1OX5RO1FpBZCe9lZqCQKQDwPFENioYzA8hAKdzAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUvBix7aTMLbjrt9t7J5GGJ8eS1t8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQyMTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZJS
AwQALZ4LMA0GCSqGSIb3DQEBCwUAA4IBAQA0KSVxJkE06rqaAZtCGDDU4eplZAYP
3RTcyJnRB0S73gdAHvtZyp1QGp8rBtAVKBWkRkV6hsOeQo5vbW4bWy/oGapjs30N
5MOhpwDtGhgTNMn2iKWMcAsYIgNwmlr/8ZT2ZLAccmmYmnsOSy1+cKJu3f3+hfFl
VSYngm5siYydHeBlU/4s+qy9UBK9g8OmbtLmAvQpMV2JYAgl1ke9f4wNbR66Qwz6
0ypr9h1OLq40ml1jNXjGZ6mGaHz21Ombv7ut+hesEqEVjeWbx4neJmwi/Mq9yoDg
7M1P+4lNuGpwnCpCjZ4bTVtjMUgu/shhOVLvA7u3PThJXJ8YgYwVZN66
-----END CERTIFICATE-----