Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa
File:                     AS20860.roa (raw, json)
Hash identifier:          GJS0BajnhsNs2c7MruszV4S+jXDfcUYLcR2tDRCdhMM=
Subject key identifier:   17:18:7C:59:32:FE:62:F4:86:AB:95:22:16:DD:41:94:EE:3D:5C:8E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1E9083A78145091F78D014B1D8FEB92A3912F306
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa
Signing time:             Thu 31 Oct 2024 13:43:26 +0000
ROA not before:           Thu 31 Oct 2024 13:38:26 +0000
ROA not after:            Thu 30 Oct 2025 13:43:26 +0000
asID:                     20860
IP address blocks:        141.98.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:90:83:a7:81:45:09:1f:78:d0:14:b1:d8:fe:b9:2a:39:12:f3:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 31 13:38:26 2024 GMT
            Not After : Oct 30 13:43:26 2025 GMT
        Subject: CN=17187C5932FE62F486AB952216DD4194EE3D5C8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8c:51:c2:2e:96:3b:d3:40:7b:33:d7:9f:6c:
                    91:e1:94:c7:73:1d:97:1b:83:d0:f4:d9:26:44:7d:
                    cb:8b:63:71:82:69:e3:6b:27:a5:26:96:71:d5:4d:
                    5e:19:49:0d:fc:6b:0c:38:6f:e3:84:49:ac:46:fb:
                    72:92:30:c3:5f:46:c4:45:22:b1:65:69:d4:9b:31:
                    d2:2b:65:44:19:b0:ec:6f:62:3d:7d:eb:ed:4e:f1:
                    8b:1a:d3:30:ac:0f:2b:04:26:37:80:1e:21:8e:42:
                    a7:67:5c:7c:e4:c9:7c:93:32:99:74:e8:f7:e0:73:
                    37:ba:03:81:64:f7:18:c7:4d:2d:dd:00:46:ba:fe:
                    e5:f2:4c:6f:bc:40:c5:ce:a5:ee:19:88:14:73:b4:
                    8d:07:ce:4d:82:78:fd:0c:67:b3:8a:76:f6:8c:66:
                    c2:be:f4:5b:ab:58:1b:37:a7:9d:4f:1a:4a:e6:0e:
                    fd:24:69:8d:c2:b7:8a:f6:64:57:f2:cc:71:1f:20:
                    c3:d0:0c:3f:2f:17:c6:08:25:47:d9:60:86:b6:39:
                    d5:23:cb:8f:92:c8:6e:d2:e7:57:61:87:81:97:1f:
                    b0:00:5d:d9:d2:44:85:26:7f:21:22:51:bd:64:67:
                    5e:ec:3c:3c:89:2b:d2:cb:44:ae:5e:32:f8:4c:e3:
                    1c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:18:7C:59:32:FE:62:F4:86:AB:95:22:16:DD:41:94:EE:3D:5C:8E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:10:ef:b9:25:15:d1:ab:80:b1:79:11:58:fe:b1:1d:f1:38:
         3c:55:e7:f8:ab:6d:c2:c9:74:d0:76:8a:53:b1:e7:54:c0:fb:
         c3:36:a2:61:b9:91:40:a2:ce:b3:f4:5e:b6:8c:e0:7f:da:ce:
         8d:72:d8:3b:f4:07:61:4f:c0:62:83:81:81:fa:83:a7:d1:54:
         e7:f9:cf:40:d6:69:12:ea:8d:8f:db:6f:5c:99:05:0d:92:d0:
         b9:1b:de:10:e2:17:ea:4d:74:25:21:6e:32:54:aa:63:8d:cb:
         ca:47:77:0f:7e:d5:b1:5f:4e:53:e5:b4:46:dc:06:63:07:0e:
         e0:cd:d0:b4:23:65:fb:27:b0:d7:63:76:32:90:61:99:57:bc:
         7c:36:a8:e0:03:f7:3e:0d:19:c1:bf:b2:6e:53:96:54:a4:a3:
         d3:d2:47:4c:24:72:97:13:5a:11:5f:4a:9f:b4:fa:96:ef:10:
         6f:92:70:b2:6c:3a:e4:02:09:a1:2c:8b:7b:76:59:a9:6e:4c:
         2b:a4:57:d8:91:34:2e:db:24:9e:e9:81:54:ea:1c:7f:d4:42:
         28:db:24:e0:30:98:b1:e9:ef:d8:55:d7:c6:cc:b4:cd:5f:68:
         2a:60:f0:ed:d2:37:04:bd:ac:48:2c:d4:88:b2:a7:81:ee:91:
         8e:77:0e:31
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHpCDp4FFCR940BSx2P65KjkS8wYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMzExMzM4MjZaFw0yNTEwMzAxMzQzMjZaMDMxMTAvBgNV
BAMTKDE3MTg3QzU5MzJGRTYyRjQ4NkFCOTUyMjE2REQ0MTk0RUUzRDVDOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxjFHCLpY700B7M9efbJHhlMdz
HZcbg9D02SZEfcuLY3GCaeNrJ6UmlnHVTV4ZSQ38aww4b+OESaxG+3KSMMNfRsRF
IrFladSbMdIrZUQZsOxvYj196+1O8Ysa0zCsDysEJjeAHiGOQqdnXHzkyXyTMpl0
6Pfgcze6A4Fk9xjHTS3dAEa6/uXyTG+8QMXOpe4ZiBRztI0Hzk2CeP0MZ7OKdvaM
ZsK+9FurWBs3p51PGkrmDv0kaY3Ct4r2ZFfyzHEfIMPQDD8vF8YIJUfZYIa2OdUj
y4+SyG7S51dhh4GXH7AAXdnSRIUmfyEiUb1kZ17sPDyJK9LLRK5eMvhM4xwZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUFxh8WTL+YvSGq5UiFt1BlO49XI4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNYp4w
DQYJKoZIhvcNAQELBQADggEBAKMQ77klFdGrgLF5EVj+sR3xODxV5/irbcLJdNB2
ilOx51TA+8M2omG5kUCizrP0XraM4H/azo1y2Dv0B2FPwGKDgYH6g6fRVOf5z0DW
aRLqjY/bb1yZBQ2S0Lkb3hDiF+pNdCUhbjJUqmONy8pHdw9+1bFfTlPltEbcBmMH
DuDN0LQjZfsnsNdjdjKQYZlXvHw2qOAD9z4NGcG/sm5TllSko9PSR0wkcpcTWhFf
Sp+0+pbvEG+ScLJsOuQCCaEsi3t2WaluTCukV9iRNC7bJJ7pgVTqHH/UQijbJOAw
mLHp79hV18bMtM1faCpg8O3SNwS9rEgs1Iiyp4HukY53DjE=
-----END CERTIFICATE-----