Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40605.roa
File:                     AS40605.roa (raw, json)
Hash identifier:          2RVh0ymSQqGZLMuxINJkPzoQS0soHcPaFzzY7F7oeb4=
Subject key identifier:   CD:64:E2:98:F0:27:C7:6C:1A:FC:87:87:7B:0C:DA:5D:61:C9:5D:16
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0B137EEA5049C5943F188783512BFD97EBC882D2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40605.roa
Signing time:             Fri 04 Jul 2025 00:02:16 +0000
ROA not before:           Thu 03 Jul 2025 23:57:16 +0000
ROA not after:            Fri 03 Jul 2026 00:02:16 +0000
asID:                     40605
IP address blocks:        162.141.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:13:7e:ea:50:49:c5:94:3f:18:87:83:51:2b:fd:97:eb:c8:82:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  3 23:57:16 2025 GMT
            Not After : Jul  3 00:02:16 2026 GMT
        Subject: CN=CD64E298F027C76C1AFC87877B0CDA5D61C95D16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:32:e6:30:99:6e:15:c6:74:20:75:50:e7:a3:
                    25:a3:98:fa:b5:b6:8a:3d:06:bd:8c:15:e0:df:a3:
                    21:53:7c:13:9d:45:82:cb:06:ec:a6:f1:d1:2c:4c:
                    5a:dc:f8:9f:a4:a9:81:a7:47:fc:9e:ff:fd:85:34:
                    76:c6:5d:20:11:45:a4:8d:20:d5:04:0b:39:18:42:
                    7a:10:03:95:7c:ce:22:b4:c0:eb:c8:28:f0:52:00:
                    f3:58:95:a8:f9:d6:d7:1f:ec:d7:55:c0:4f:b9:48:
                    b6:44:9f:1e:a0:d1:f9:6a:a1:7f:c1:ae:ae:ba:94:
                    19:f0:67:1b:8b:f2:e7:8f:47:09:41:88:f4:93:13:
                    83:73:74:a1:23:96:66:02:bd:56:15:b4:a8:79:63:
                    0f:f0:4d:ff:94:f1:14:17:fc:c1:d3:30:7a:bf:5d:
                    37:26:f7:94:b5:ac:f9:b0:fd:b6:bd:52:ff:1c:f6:
                    ab:da:f2:79:2f:bd:26:d9:ae:49:b3:ce:07:49:9e:
                    0d:fe:ad:8a:47:d5:f0:38:c2:58:71:84:73:88:55:
                    34:bc:5a:fd:83:dc:be:6a:18:68:40:60:67:91:f2:
                    c1:25:e0:32:9f:b3:51:3c:c9:ad:3a:ae:16:4a:c7:
                    32:5e:28:89:ea:1f:5f:d0:d3:51:d1:4d:86:ac:a7:
                    30:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:64:E2:98:F0:27:C7:6C:1A:FC:87:87:7B:0C:DA:5D:61:C9:5D:16
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:b5:b7:d8:77:db:67:24:52:7a:eb:ee:60:d3:f6:d4:66:3b:
         b6:5d:c7:92:09:db:77:05:70:00:d2:90:e3:75:6e:69:85:33:
         e6:5f:6a:f3:73:ee:a5:5b:9c:78:fc:76:36:7f:a2:a8:71:07:
         1c:29:96:d2:d8:a6:a4:d8:f7:78:31:a2:3c:7b:11:33:ea:ae:
         88:c0:e1:41:a8:40:68:a0:4b:91:84:bd:bc:d0:6e:56:bf:88:
         c6:10:9e:d2:06:02:ee:36:b3:e1:be:36:ad:2f:81:9d:d4:d4:
         84:76:e1:ab:ae:4a:91:2e:20:f4:d6:bd:25:b0:a5:76:df:44:
         4d:df:07:14:96:e2:cd:67:b7:72:61:5a:2e:5e:ff:b0:70:54:
         82:67:0a:bc:a5:43:a5:fe:29:0a:3d:32:16:54:d4:5d:2e:72:
         cd:52:e9:4a:03:b4:05:3f:4c:cb:c3:e2:5d:9f:81:39:6a:9a:
         63:23:94:2e:3b:34:ba:91:c2:c8:e4:a5:24:e9:3e:45:ae:ea:
         c0:d1:75:98:d6:fb:96:52:bc:61:55:42:e4:6b:08:f3:c9:39:
         d6:2f:41:2f:7f:84:04:2d:88:e7:69:ad:10:e0:47:8e:34:69:
         a8:9d:88:d0:1d:b4:22:9a:4d:88:cf:8c:eb:b7:56:63:73:a0:
         1e:e8:56:52
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCxN+6lBJxZQ/GIeDUSv9l+vIgtIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MDMyMzU3MTZaFw0yNjA3MDMwMDAyMTZaMDMxMTAvBgNV
BAMTKENENjRFMjk4RjAyN0M3NkMxQUZDODc4NzdCMENEQTVENjFDOTVEMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MuYwmW4VxnQgdVDnoyWjmPq1
too9Br2MFeDfoyFTfBOdRYLLBuym8dEsTFrc+J+kqYGnR/ye//2FNHbGXSARRaSN
INUECzkYQnoQA5V8ziK0wOvIKPBSAPNYlaj51tcf7NdVwE+5SLZEnx6g0flqoX/B
rq66lBnwZxuL8uePRwlBiPSTE4NzdKEjlmYCvVYVtKh5Yw/wTf+U8RQX/MHTMHq/
XTcm95S1rPmw/ba9Uv8c9qva8nkvvSbZrkmzzgdJng3+rYpH1fA4wlhxhHOIVTS8
Wv2D3L5qGGhAYGeR8sEl4DKfs1E8ya06rhZKxzJeKInqH1/Q01HRTYaspzCFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzWTimPAnx2wa/IeHewzaXWHJXRYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDA2MDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACijQow
DQYJKoZIhvcNAQELBQADggEBAJ+1t9h322ckUnrr7mDT9tRmO7Zdx5IJ23cFcADS
kON1bmmFM+ZfavNz7qVbnHj8djZ/oqhxBxwpltLYpqTY93gxojx7ETPqrojA4UGo
QGigS5GEvbzQbla/iMYQntIGAu42s+G+Nq0vgZ3U1IR24auuSpEuIPTWvSWwpXbf
RE3fBxSW4s1nt3JhWi5e/7BwVIJnCrylQ6X+KQo9MhZU1F0ucs1S6UoDtAU/TMvD
4l2fgTlqmmMjlC47NLqRwsjkpSTpPkWu6sDRdZjW+5ZSvGFVQuRrCPPJOdYvQS9/
hAQtiOdprRDgR440aaidiNAdtCKaTYjPjOu3VmNzoB7oVlI=
-----END CERTIFICATE-----