Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa
File:                     AS20141.roa (raw, json)
Hash identifier:          BNufLrb8yteFD9hvWeXVWGQJNlN9rFNJdEKE9ydAte0=
Subject key identifier:   39:38:55:A6:9A:F5:35:40:E0:45:B7:8D:E7:F9:1D:EB:B4:B5:07:C3
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1C534CBD9B1BA6648B43614A4F77CEB6D57297EE
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa
Signing time:             Tue 14 May 2024 17:05:16 +0000
ROA not before:           Tue 14 May 2024 17:00:16 +0000
ROA not after:            Tue 13 May 2025 17:05:16 +0000
asID:                     20141
IP address blocks:        45.149.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:53:4c:bd:9b:1b:a6:64:8b:43:61:4a:4f:77:ce:b6:d5:72:97:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 14 17:00:16 2024 GMT
            Not After : May 13 17:05:16 2025 GMT
        Subject: CN=393855A69AF53540E045B78DE7F91DEBB4B507C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5f:43:3d:d2:a7:2d:f1:af:ac:7d:46:47:c1:
                    61:72:41:05:97:bf:f2:6b:32:8d:cf:24:e1:fc:cd:
                    69:50:ce:3c:22:be:bb:cd:fa:8f:39:42:24:5c:32:
                    79:a8:29:0d:72:c2:12:02:c5:04:e8:ed:14:ba:07:
                    e9:1f:0e:9f:5b:51:42:09:40:d5:0b:f4:9d:66:72:
                    7f:ea:70:38:19:42:16:0f:fe:f1:41:72:50:e4:5e:
                    56:15:e8:ed:30:e4:af:25:52:fc:21:f1:33:5e:14:
                    6f:65:1f:ad:84:62:55:e3:08:1a:b0:6e:df:88:33:
                    8c:dd:38:7e:3c:b9:c9:fc:10:ca:9b:85:da:74:33:
                    3c:b6:28:b4:72:3a:59:93:2b:b3:ab:b2:f9:57:61:
                    55:65:74:90:99:e2:73:4b:0d:0c:9c:89:28:9b:65:
                    ef:7f:f0:1a:d1:8d:c1:2f:ec:a2:99:34:4e:74:7c:
                    d8:ff:53:29:16:bb:53:af:b4:f5:9d:6c:5f:a6:50:
                    9c:65:68:e4:ed:16:60:77:cb:e5:a7:51:c7:f1:8a:
                    d3:b1:96:ca:33:59:40:ca:b8:34:14:e8:ea:52:5a:
                    47:fa:a4:e2:25:f3:a1:6e:65:5c:3f:27:cf:b3:87:
                    29:f6:79:17:4e:52:30:fe:d7:40:ef:e4:48:f0:74:
                    55:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:38:55:A6:9A:F5:35:40:E0:45:B7:8D:E7:F9:1D:EB:B4:B5:07:C3
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:61:f3:b4:d2:64:52:74:40:a6:10:eb:cc:a4:44:02:d0:d8:
         34:a1:51:66:99:47:7f:7f:76:31:d7:72:15:79:ed:55:e0:95:
         d6:0d:78:fc:c8:c6:a3:c7:92:71:4f:40:93:4d:d8:f0:68:03:
         61:5b:0b:14:1b:4b:0b:c0:86:12:a1:ca:46:46:51:02:bf:6a:
         a1:0e:03:31:a0:ab:40:05:75:42:a8:00:7d:6a:51:b9:2f:84:
         08:14:5b:b2:80:23:0d:df:ef:3b:51:4b:d7:af:26:fa:46:aa:
         b7:5d:4d:d1:0a:14:3a:5f:8b:a0:f2:a2:6c:f8:ad:9a:68:19:
         58:b6:65:7b:97:0e:ae:61:68:2e:f1:a7:65:04:a0:57:03:17:
         53:d6:9f:23:5e:62:9d:da:ff:5e:f0:b8:2d:b2:e9:1c:78:a7:
         e1:0e:71:59:57:bf:93:c2:93:be:f0:19:5d:dd:b7:bb:a6:ed:
         2b:65:a0:3f:be:4d:1a:57:07:3e:ef:5e:35:b8:91:26:d3:7b:
         25:7d:1e:60:56:ed:d8:6d:07:8d:6c:c9:22:20:ce:75:94:1f:
         ea:fb:55:cb:70:01:6b:72:d4:b1:37:2a:99:1f:bd:61:98:c5:
         c6:81:f6:f4:ac:17:bc:87:10:12:0a:07:e0:ed:1f:61:fa:8b:
         00:a8:8c:1f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHFNMvZsbpmSLQ2FKT3fOttVyl+4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA1MTQxNzAwMTZaFw0yNTA1MTMxNzA1MTZaMDMxMTAvBgNV
BAMTKDM5Mzg1NUE2OUFGNTM1NDBFMDQ1Qjc4REU3RjkxREVCQjRCNTA3QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5X0M90qct8a+sfUZHwWFyQQWX
v/JrMo3PJOH8zWlQzjwivrvN+o85QiRcMnmoKQ1ywhICxQTo7RS6B+kfDp9bUUIJ
QNUL9J1mcn/qcDgZQhYP/vFBclDkXlYV6O0w5K8lUvwh8TNeFG9lH62EYlXjCBqw
bt+IM4zdOH48ucn8EMqbhdp0Mzy2KLRyOlmTK7OrsvlXYVVldJCZ4nNLDQyciSib
Ze9/8BrRjcEv7KKZNE50fNj/UykWu1OvtPWdbF+mUJxlaOTtFmB3y+WnUcfxitOx
lsozWUDKuDQU6OpSWkf6pOIl86FuZVw/J8+zhyn2eRdOUjD+10Dv5EjwdFX3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUOThVppr1NUDgRbeN5/kd67S1B8MwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAxNDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlWcw
DQYJKoZIhvcNAQELBQADggEBANVh87TSZFJ0QKYQ68ykRALQ2DShUWaZR39/djHX
chV57VXgldYNePzIxqPHknFPQJNN2PBoA2FbCxQbSwvAhhKhykZGUQK/aqEOAzGg
q0AFdUKoAH1qUbkvhAgUW7KAIw3f7ztRS9evJvpGqrddTdEKFDpfi6Dyomz4rZpo
GVi2ZXuXDq5haC7xp2UEoFcDF1PWnyNeYp3a/17wuC2y6Rx4p+EOcVlXv5PCk77w
GV3dt7um7StloD++TRpXBz7vXjW4kSbTeyV9HmBW7dhtB41sySIgznWUH+r7Vctw
AWty1LE3KpkfvWGYxcaB9vSsF7yHEBIKB+DtH2H6iwCojB8=
-----END CERTIFICATE-----