Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa
File:                     AS140543.roa (raw, json)
Hash identifier:          6mq+2t/r10W/+voVj+H+F4GO3IYBUetIJTvHmYZz1kE=
Subject key identifier:   D5:71:E6:02:82:0F:26:F2:D1:B9:39:E0:7A:25:CC:4D:89:FB:DC:05
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7C81D2C8F9290A1831B3FC61B7336B35F96ADD85
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa
Signing time:             Fri 03 Oct 2025 16:55:08 +0000
ROA not before:           Fri 03 Oct 2025 16:50:08 +0000
ROA not after:            Fri 02 Oct 2026 16:55:08 +0000
asID:                     140543
IP address blocks:        45.142.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:14:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:81:d2:c8:f9:29:0a:18:31:b3:fc:61:b7:33:6b:35:f9:6a:dd:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct  3 16:50:08 2025 GMT
            Not After : Oct  2 16:55:08 2026 GMT
        Subject: CN=D571E602820F26F2D1B939E07A25CC4D89FBDC05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1f:93:3b:cc:94:35:42:d3:36:d6:59:91:0d:
                    78:f7:42:d0:ec:50:0b:99:25:7b:e1:bb:95:39:e1:
                    78:3c:77:f0:10:27:47:60:4c:d7:8a:71:cd:64:a0:
                    76:76:13:da:b8:28:4f:f2:b6:0e:13:11:b1:47:13:
                    19:6e:24:04:cb:ca:f8:9b:fe:e6:b5:9f:aa:9e:55:
                    89:c6:64:b8:af:13:aa:7f:ae:a6:9c:3a:d3:ca:fd:
                    1c:87:ba:10:20:37:da:d7:82:c3:8b:34:d2:67:01:
                    4d:6a:93:29:a2:46:28:59:b7:f8:21:6d:f7:ee:19:
                    0d:fc:df:d2:74:32:91:d5:ed:1b:92:41:45:35:25:
                    2a:04:4e:ab:ea:68:25:f7:26:15:b6:db:cd:77:c3:
                    62:1f:83:0f:2c:e2:40:07:7a:10:09:24:80:d7:79:
                    a9:75:74:02:f4:82:a9:79:d3:4a:52:df:cc:8c:fc:
                    ea:1f:ea:4b:d3:86:19:ce:68:7b:0a:f7:5f:ef:48:
                    76:eb:d1:79:e5:7d:42:44:c8:f6:c7:4a:19:b4:be:
                    63:3b:69:fa:85:1d:07:98:e0:01:94:10:cf:b1:77:
                    60:f7:c6:f3:e6:bc:2d:17:fa:1e:0f:b6:78:48:19:
                    10:8a:04:7d:f6:0c:17:ed:f4:17:f3:bc:f4:a9:6c:
                    24:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:71:E6:02:82:0F:26:F2:D1:B9:39:E0:7A:25:CC:4D:89:FB:DC:05
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS140543.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:83:6c:e6:3f:ca:eb:aa:e7:51:43:9d:35:cd:61:e2:f1:0e:
         ee:b3:c2:2f:51:bc:14:c6:e3:aa:fd:d9:e9:39:e8:e5:75:5d:
         bc:a4:14:de:49:64:c7:d7:70:02:7b:72:39:a4:1e:13:eb:83:
         e8:0d:6b:ee:a8:75:cc:05:57:56:e0:5d:62:7b:e4:11:1c:37:
         7b:d9:fd:32:55:db:4d:f3:ec:55:81:f1:7c:0d:30:56:10:e4:
         78:f7:ad:1d:37:20:14:4a:a5:17:10:e3:28:7d:e8:b8:4c:a3:
         d2:d3:5d:01:65:00:85:14:99:8a:fb:3d:d0:87:fa:f3:77:fe:
         41:6d:26:63:8e:8d:a7:bc:1e:4a:e7:bb:11:8f:96:97:f5:34:
         da:79:63:43:42:ca:88:6f:d1:da:39:ae:e2:b7:e7:5c:91:07:
         5d:37:10:de:8d:90:8b:f1:a6:51:4d:e8:00:e8:ba:00:56:10:
         bc:eb:cd:9b:0d:39:67:59:b4:08:ca:21:73:61:4c:9c:22:c2:
         e1:96:b7:11:e6:ea:ba:24:69:f3:39:56:30:64:ec:bf:57:d3:
         97:4a:c4:f0:8c:dc:5a:e1:57:41:d9:dd:3d:44:6f:39:25:a8:
         3a:e6:dc:d5:44:44:85:16:d6:30:8b:39:55:41:ab:20:18:fc:
         ad:35:b5:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfIHSyPkpChgxs/xhtzNrNflq3YUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMDMxNjUwMDhaFw0yNjEwMDIxNjU1MDhaMDMxMTAvBgNV
BAMTKEQ1NzFFNjAyODIwRjI2RjJEMUI5MzlFMDdBMjVDQzREODlGQkRDMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKH5M7zJQ1QtM21lmRDXj3QtDs
UAuZJXvhu5U54Xg8d/AQJ0dgTNeKcc1koHZ2E9q4KE/ytg4TEbFHExluJATLyvib
/ua1n6qeVYnGZLivE6p/rqacOtPK/RyHuhAgN9rXgsOLNNJnAU1qkymiRihZt/gh
bffuGQ3839J0MpHV7RuSQUU1JSoETqvqaCX3JhW22813w2Ifgw8s4kAHehAJJIDX
eal1dAL0gql500pS38yM/Oof6kvThhnOaHsK91/vSHbr0XnlfUJEyPbHShm0vmM7
afqFHQeY4AGUEM+xd2D3xvPmvC0X+h4PtnhIGRCKBH32DBft9BfzvPSpbCQDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1XHmAoIPJvLRuTngeiXMTYn73AUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQwNTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY7t
MA0GCSqGSIb3DQEBCwUAA4IBAQDDg2zmP8rrqudRQ501zWHi8Q7us8IvUbwUxuOq
/dnpOejldV28pBTeSWTH13ACe3I5pB4T64PoDWvuqHXMBVdW4F1ie+QRHDd72f0y
VdtN8+xVgfF8DTBWEOR4960dNyAUSqUXEOMofei4TKPS010BZQCFFJmK+z3Qh/rz
d/5BbSZjjo2nvB5K57sRj5aX9TTaeWNDQsqIb9HaOa7it+dckQddNxDejZCL8aZR
TegA6LoAVhC8682bDTlnWbQIyiFzYUycIsLhlrcR5uq6JGnzOVYwZOy/V9OXSsTw
jNxa4VdB2d09RG85Jag65tzVRESFFtYwizlVQasgGPytNbU1
-----END CERTIFICATE-----