Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa
File:                     AS20141.roa (raw, json)
Hash identifier:          kL8CJpz16BMu7m7vfE/FVH+V4gFDJRd9T+fOW0A2XA4=
Subject key identifier:   1A:7B:31:9B:30:B1:13:38:EA:DD:3A:DA:5B:AD:47:E4:D4:84:FB:CE
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0D33BC5B0C46995F225E9A80327D01ACC9B8E388
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa
Signing time:             Tue 15 Apr 2025 17:54:01 +0000
ROA not before:           Tue 15 Apr 2025 17:49:01 +0000
ROA not after:            Tue 14 Apr 2026 17:54:01 +0000
asID:                     20141
IP address blocks:        45.149.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:33:bc:5b:0c:46:99:5f:22:5e:9a:80:32:7d:01:ac:c9:b8:e3:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 15 17:49:01 2025 GMT
            Not After : Apr 14 17:54:01 2026 GMT
        Subject: CN=1A7B319B30B11338EADD3ADA5BAD47E4D484FBCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ff:fb:ad:7d:8c:98:61:77:47:f2:69:d1:d9:
                    86:35:10:9f:dd:ae:26:16:d2:c1:7d:f8:4b:0b:a5:
                    2b:11:e1:bc:22:d9:5f:b7:ae:09:88:50:0a:1a:aa:
                    33:3a:2b:8e:e1:55:f3:1f:52:15:e2:04:00:4c:90:
                    2c:8a:1d:40:89:4e:83:f8:cf:ca:1e:03:4a:54:5c:
                    1d:26:47:ea:26:1c:6c:42:62:44:22:68:a7:b0:63:
                    92:f9:cb:8d:81:9a:d1:38:3b:3a:3f:7d:39:0e:a8:
                    02:80:6d:2e:f0:e2:7d:86:dd:80:e1:22:d9:24:6b:
                    05:ad:e5:7c:db:80:c0:bd:55:b1:43:6a:6c:73:ad:
                    68:1a:15:d6:0a:96:f2:61:72:c7:5d:40:54:34:55:
                    4f:f1:a1:e1:c6:64:c9:8f:4a:d4:97:ba:81:83:b4:
                    23:9e:d7:0d:2e:fc:ec:dc:a0:33:fa:15:50:c5:8f:
                    19:a1:1d:71:da:d9:ad:52:75:04:9a:4e:bf:85:95:
                    d3:8e:61:db:54:35:fd:78:be:ca:ac:2b:37:f3:8a:
                    2d:01:c7:45:27:94:5e:92:1a:16:e1:a8:cc:43:c8:
                    bc:b6:c7:4d:f8:31:8e:f8:bb:9f:5e:73:48:dd:34:
                    29:3b:18:21:41:f3:24:da:05:69:84:52:3e:c1:20:
                    1e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7B:31:9B:30:B1:13:38:EA:DD:3A:DA:5B:AD:47:E4:D4:84:FB:CE
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:3d:4b:dc:1e:3a:3a:2e:ec:3d:6c:b9:84:09:89:19:02:33:
         fd:05:8a:c1:cc:2b:92:d8:c5:b2:2b:b5:3b:ae:a5:e0:97:fa:
         f4:63:e4:e8:23:dd:e0:4c:70:86:75:63:00:b4:2f:57:2a:d4:
         23:bd:26:46:c6:f8:83:e8:77:6e:cd:40:80:e5:06:62:8b:d3:
         4a:a2:1c:58:2c:9e:ce:a1:ac:f8:f8:ee:06:63:56:6b:bb:d4:
         25:15:30:0f:2d:d9:1b:05:a9:4b:2f:03:78:74:09:cc:38:71:
         6e:ae:d9:f7:43:8c:be:e3:f5:b0:dd:6e:80:cf:60:cd:19:90:
         65:c3:27:dc:c2:0f:0f:1c:82:61:40:cf:4b:41:01:92:4b:64:
         5c:c8:7d:10:e0:cf:6e:b1:0b:c5:a7:95:20:10:44:1f:8a:52:
         d9:38:4d:28:95:c7:22:80:34:5f:c5:4c:d5:6e:3e:a8:22:78:
         ef:f4:4c:9d:53:f6:11:f7:5d:13:9a:11:e3:ef:16:d3:5b:2e:
         ad:69:20:a3:be:9e:8d:48:1c:81:53:ce:08:e2:f0:54:1a:1c:
         f7:0b:35:bc:bc:29:c9:ac:f8:b5:94:69:81:bd:df:0b:f7:e3:
         49:45:1a:9e:35:cc:be:c4:af:59:17:89:f1:c2:79:0a:3f:67:
         ee:68:78:b3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDTO8WwxGmV8iXpqAMn0BrMm444gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MTUxNzQ5MDFaFw0yNjA0MTQxNzU0MDFaMDMxMTAvBgNV
BAMTKDFBN0IzMTlCMzBCMTEzMzhFQUREM0FEQTVCQUQ0N0U0RDQ4NEZCQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu//utfYyYYXdH8mnR2YY1EJ/d
riYW0sF9+EsLpSsR4bwi2V+3rgmIUAoaqjM6K47hVfMfUhXiBABMkCyKHUCJToP4
z8oeA0pUXB0mR+omHGxCYkQiaKewY5L5y42BmtE4Ozo/fTkOqAKAbS7w4n2G3YDh
ItkkawWt5XzbgMC9VbFDamxzrWgaFdYKlvJhcsddQFQ0VU/xoeHGZMmPStSXuoGD
tCOe1w0u/OzcoDP6FVDFjxmhHXHa2a1SdQSaTr+FldOOYdtUNf14vsqsKzfzii0B
x0UnlF6SGhbhqMxDyLy2x034MY74u59ec0jdNCk7GCFB8yTaBWmEUj7BIB6xAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUGnsxmzCxEzjq3TraW61H5NSE+84wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAxNDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlWcw
DQYJKoZIhvcNAQELBQADggEBALc9S9weOjou7D1suYQJiRkCM/0FisHMK5LYxbIr
tTuupeCX+vRj5Ogj3eBMcIZ1YwC0L1cq1CO9JkbG+IPod27NQIDlBmKL00qiHFgs
ns6hrPj47gZjVmu71CUVMA8t2RsFqUsvA3h0Ccw4cW6u2fdDjL7j9bDdboDPYM0Z
kGXDJ9zCDw8cgmFAz0tBAZJLZFzIfRDgz26xC8WnlSAQRB+KUtk4TSiVxyKANF/F
TNVuPqgieO/0TJ1T9hH3XROaEePvFtNbLq1pIKO+no1IHIFTzgji8FQaHPcLNby8
Kcms+LWUaYG93wv340lFGp41zL7Er1kXifHCeQo/Z+5oeLM=
-----END CERTIFICATE-----