Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          vM01NcKdvitRzgXr5LEbzDT2SpXR/t2mVwaAYgojTkA=
Subject key identifier:   D7:AD:35:0C:05:2D:1F:8E:C9:90:92:AC:BB:A9:B8:A6:74:9A:66:B1
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       575F527EB7899A9788197255680A68D20D277D50
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS62240.roa
Signing time:             Mon 14 Jul 2025 10:11:15 +0000
ROA not before:           Mon 14 Jul 2025 10:06:15 +0000
ROA not after:            Mon 13 Jul 2026 10:11:15 +0000
asID:                     62240
IP address blocks:        143.20.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:5f:52:7e:b7:89:9a:97:88:19:72:55:68:0a:68:d2:0d:27:7d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 14 10:06:15 2025 GMT
            Not After : Jul 13 10:11:15 2026 GMT
        Subject: CN=D7AD350C052D1F8EC99092ACBBA9B8A6749A66B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ef:73:17:cd:19:a2:82:65:03:cd:f3:c1:3c:
                    b1:4f:bd:60:c4:f0:6b:79:77:bb:b3:e0:4b:53:d4:
                    c1:91:f0:bb:af:4d:b9:9c:93:86:b7:30:a3:dc:50:
                    d8:0c:2f:83:47:4e:c9:0f:93:b2:11:cc:20:85:69:
                    d5:48:90:70:86:ac:84:24:f2:d4:d3:a3:cc:8c:c6:
                    e3:b1:7a:bd:45:bf:a4:7c:ef:9d:db:07:fa:0e:ae:
                    43:fa:48:51:b5:91:40:2a:11:01:a7:28:d4:a7:da:
                    4b:af:31:5a:04:25:48:49:55:a7:38:83:2e:ae:ee:
                    09:f9:a5:51:09:09:a1:e9:96:8b:b6:01:c5:43:6a:
                    ef:61:c3:d7:22:f8:97:90:22:63:c1:47:94:c5:40:
                    c8:4e:58:f5:3c:21:ff:f5:93:f5:91:35:0c:7b:79:
                    f1:ee:c5:ed:d3:f0:7d:00:85:87:ca:1f:a8:03:23:
                    35:2c:70:48:dc:eb:ec:7a:95:49:ce:07:a2:ae:2d:
                    3d:8d:24:28:f1:04:5b:31:87:b7:ce:7f:b0:b8:db:
                    91:ab:74:6a:d7:22:a3:96:92:a2:08:92:42:4c:30:
                    ee:18:75:69:97:66:63:dd:d2:1b:3a:32:65:21:7b:
                    86:e4:df:d7:06:bf:01:9c:03:05:16:3d:1b:46:7f:
                    87:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:AD:35:0C:05:2D:1F:8E:C9:90:92:AC:BB:A9:B8:A6:74:9A:66:B1
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:eb:cb:fa:73:4b:e9:05:bf:88:ab:50:b1:33:53:c7:e2:be:
         1a:8f:83:d0:08:d9:4b:51:c4:77:1b:63:d1:14:da:e2:d4:2e:
         a0:31:71:d8:18:c1:d0:ba:ba:70:f6:67:06:b0:e3:c8:d0:4a:
         52:88:c6:9c:e1:2f:fc:31:f4:d6:21:39:bd:cd:10:a2:c5:c2:
         80:dc:90:24:ce:a3:a0:b1:a5:35:e7:ca:e9:69:d2:b7:39:07:
         31:00:07:c0:48:6b:9a:2e:1b:7f:27:ec:7d:48:39:9f:3b:3c:
         16:9d:fc:66:c9:6c:96:da:b9:68:35:11:69:bd:4e:8c:f1:51:
         93:50:c9:c4:d2:da:24:6f:6e:ef:f2:2a:af:01:74:c5:88:42:
         c4:a1:15:16:dc:4a:e1:df:0e:2a:e5:75:3b:79:a6:76:bd:f1:
         cb:bb:29:7e:fa:c3:40:02:af:a6:0b:05:d1:d9:8a:f4:7c:b8:
         c2:fd:db:2a:40:20:a1:8b:6d:ab:fb:d7:30:72:b6:40:19:5d:
         3b:fb:a1:29:e6:93:63:50:75:24:e8:f4:6b:a2:91:4b:5a:4a:
         cf:86:41:ef:52:23:5d:72:3f:2e:93:a5:77:41:7e:5a:37:47:
         30:98:60:7a:f3:2f:0e:9a:87:9a:01:af:f7:b4:bc:c8:16:71:
         6c:17:9c:7a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUV19SfreJmpeIGXJVaApo0g0nfVAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTQxMDA2MTVaFw0yNjA3MTMxMDExMTVaMDMxMTAvBgNV
BAMTKEQ3QUQzNTBDMDUyRDFGOEVDOTkwOTJBQ0JCQTlCOEE2NzQ5QTY2QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt73MXzRmigmUDzfPBPLFPvWDE
8Gt5d7uz4EtT1MGR8LuvTbmck4a3MKPcUNgML4NHTskPk7IRzCCFadVIkHCGrIQk
8tTTo8yMxuOxer1Fv6R8753bB/oOrkP6SFG1kUAqEQGnKNSn2kuvMVoEJUhJVac4
gy6u7gn5pVEJCaHplou2AcVDau9hw9ci+JeQImPBR5TFQMhOWPU8If/1k/WRNQx7
efHuxe3T8H0AhYfKH6gDIzUscEjc6+x6lUnOB6KuLT2NJCjxBFsxh7fOf7C425Gr
dGrXIqOWkqIIkkJMMO4YdWmXZmPd0hs6MmUhe4bk39cGvwGcAwUWPRtGf4c/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU1601DAUtH47JkJKsu6m4pnSaZrEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFOww
DQYJKoZIhvcNAQELBQADggEBAEDry/pzS+kFv4irULEzU8fivhqPg9AI2UtRxHcb
Y9EU2uLULqAxcdgYwdC6unD2Zwaw48jQSlKIxpzhL/wx9NYhOb3NEKLFwoDckCTO
o6CxpTXnyulp0rc5BzEAB8BIa5ouG38n7H1IOZ87PBad/GbJbJbauWg1EWm9Tozx
UZNQycTS2iRvbu/yKq8BdMWIQsShFRbcSuHfDirldTt5pna98cu7KX76w0ACr6YL
BdHZivR8uML92ypAIKGLbav71zBytkAZXTv7oSnmk2NQdSTo9GuikUtaSs+GQe9S
I11yPy6TpXdBflo3RzCYYHrzLw6ah5oBr/e0vMgWcWwXnHo=
-----END CERTIFICATE-----