Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa
File:                     AS20141.roa (raw, json)
Hash identifier:          4TanywJOOMGvtahaFt+ey5IZhXNrep9gfHJCLlnE3sY=
Subject key identifier:   22:C0:F9:71:06:65:01:48:C8:E1:38:3C:C0:F4:E7:3F:7B:DD:2F:AE
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7BA4099D461F44CF1AD03D27EFB56FABF02CCAD6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa
Signing time:             Tue 13 Jun 2023 16:58:56 +0000
ROA not before:           Tue 13 Jun 2023 16:53:56 +0000
ROA not after:            Tue 11 Jun 2024 16:58:56 +0000
asID:                     20141
IP address blocks:        45.149.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:a4:09:9d:46:1f:44:cf:1a:d0:3d:27:ef:b5:6f:ab:f0:2c:ca:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 13 16:53:56 2023 GMT
            Not After : Jun 11 16:58:56 2024 GMT
        Subject: CN=22C0F97106650148C8E1383CC0F4E73F7BDD2FAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:88:00:e2:b0:80:9b:f4:97:7d:55:3c:f9:40:
                    a3:01:a0:49:ce:f9:c9:f5:35:da:ca:8d:52:37:82:
                    c5:36:3d:f1:4f:fd:49:89:9a:37:76:5a:b0:42:2e:
                    97:2b:dc:a9:20:83:66:8f:6b:55:be:b0:2c:e9:26:
                    bb:03:db:08:4d:de:29:36:ee:5f:b3:30:02:16:bf:
                    b0:86:66:7a:0a:de:11:47:4e:d4:30:47:82:4c:e8:
                    c9:3b:f6:d6:15:c3:ad:f6:a5:2c:73:85:37:c1:5b:
                    92:61:34:dd:0c:46:86:0d:d7:4a:4e:54:e3:d5:27:
                    43:b9:52:6f:f5:78:79:8e:00:03:d8:e7:a4:3e:65:
                    e5:26:8e:f6:5a:7b:10:2d:e6:79:13:e8:7e:28:1a:
                    d5:a8:05:8a:8f:e1:92:c0:c5:cc:c1:cc:be:28:a5:
                    65:00:7a:72:63:43:88:60:6b:ea:50:58:82:c4:bd:
                    10:71:c8:36:18:bc:ee:40:fd:c2:e9:8a:61:a4:db:
                    7d:30:a2:70:71:ad:30:4e:25:71:29:28:e2:18:35:
                    9a:c5:d2:fd:2c:64:ee:67:4f:f8:8c:ec:a0:0e:5a:
                    c5:16:6d:66:5b:7b:e5:9d:da:48:b9:16:9c:64:6b:
                    ae:81:0b:50:c5:bc:f9:3b:97:45:32:de:c0:7d:59:
                    2d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C0:F9:71:06:65:01:48:C8:E1:38:3C:C0:F4:E7:3F:7B:DD:2F:AE
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:5d:9f:7a:95:f0:fc:f4:76:6d:e5:30:44:28:9e:10:54:d2:
         c3:30:fb:be:99:7c:57:e9:67:be:fb:fa:93:1f:68:f1:c2:3f:
         c8:03:a7:f4:08:d1:6b:39:61:77:f9:5f:4e:02:c9:d5:06:46:
         a6:1a:1b:42:c7:cd:46:54:65:05:fe:02:95:60:e4:36:bc:e1:
         0d:42:14:16:4f:79:67:8b:8d:76:4e:90:00:92:bd:a5:e7:28:
         98:a7:99:a4:51:9c:8a:8c:a4:36:f8:c0:c6:f6:96:b6:c9:1f:
         78:bb:d0:b2:42:66:84:88:e1:c8:ee:be:81:cb:87:d7:ed:ff:
         a7:43:c6:a9:3c:09:c3:b8:37:85:79:8a:f6:0e:fc:01:56:3b:
         e6:76:f1:79:12:7f:d0:62:e5:f1:18:7e:f0:58:e4:22:5b:22:
         48:34:61:ce:14:3e:fe:e7:92:1d:e8:42:f1:51:7c:60:fa:10:
         3a:66:34:c7:cc:f9:55:1e:6a:a2:72:9f:a7:ae:93:c5:da:ff:
         22:09:81:39:80:80:63:57:34:93:e0:16:f6:e4:ac:f2:6e:d4:
         c2:51:aa:fe:c1:59:46:a1:cc:de:4f:52:2f:84:4d:d4:92:77:
         19:12:74:80:56:81:13:0b:d1:ec:45:6d:d5:2e:18:c4:ff:91:
         f2:57:ee:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUe6QJnUYfRM8a0D0n77Vvq/AsytYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA2MTMxNjUzNTZaFw0yNDA2MTExNjU4NTZaMDMxMTAvBgNV
BAMTKDIyQzBGOTcxMDY2NTAxNDhDOEUxMzgzQ0MwRjRFNzNGN0JERDJGQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKiADisICb9Jd9VTz5QKMBoEnO
+cn1NdrKjVI3gsU2PfFP/UmJmjd2WrBCLpcr3Kkgg2aPa1W+sCzpJrsD2whN3ik2
7l+zMAIWv7CGZnoK3hFHTtQwR4JM6Mk79tYVw632pSxzhTfBW5JhNN0MRoYN10pO
VOPVJ0O5Um/1eHmOAAPY56Q+ZeUmjvZaexAt5nkT6H4oGtWoBYqP4ZLAxczBzL4o
pWUAenJjQ4hga+pQWILEvRBxyDYYvO5A/cLpimGk230wonBxrTBOJXEpKOIYNZrF
0v0sZO5nT/iM7KAOWsUWbWZbe+Wd2ki5Fpxka66BC1DFvPk7l0Uy3sB9WS2DAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUIsD5cQZlAUjI4Tg8wPTnP3vdL64wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAxNDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlWcw
DQYJKoZIhvcNAQELBQADggEBABJdn3qV8Pz0dm3lMEQonhBU0sMw+76ZfFfpZ777
+pMfaPHCP8gDp/QI0Ws5YXf5X04CydUGRqYaG0LHzUZUZQX+ApVg5Da84Q1CFBZP
eWeLjXZOkACSvaXnKJinmaRRnIqMpDb4wMb2lrbJH3i70LJCZoSI4cjuvoHLh9ft
/6dDxqk8CcO4N4V5ivYO/AFWO+Z28XkSf9Bi5fEYfvBY5CJbIkg0Yc4UPv7nkh3o
QvFRfGD6EDpmNMfM+VUeaqJyn6euk8Xa/yIJgTmAgGNXNJPgFvbkrPJu1MJRqv7B
WUahzN5PUi+ETdSSdxkSdIBWgRML0exFbdUuGMT/kfJX7rE=
-----END CERTIFICATE-----