Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS140224.roa
File:                     AS140224.roa (raw, json)
Hash identifier:          hVwhChrtP+Vs5rYvDrqKu9O1ZXaL7wjlNg2MM3jmatk=
Subject key identifier:   5D:58:B0:8C:7F:04:22:D2:DD:76:E6:E7:70:0D:75:5D:FD:C8:15:69
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2C02DE8F42FA99B2A82FC9493595015050981C10
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS140224.roa
Signing time:             Tue 27 May 2025 12:03:43 +0000
ROA not before:           Tue 27 May 2025 11:58:43 +0000
ROA not after:            Tue 26 May 2026 12:03:43 +0000
asID:                     140224
IP address blocks:        96.62.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:02:de:8f:42:fa:99:b2:a8:2f:c9:49:35:95:01:50:50:98:1c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 27 11:58:43 2025 GMT
            Not After : May 26 12:03:43 2026 GMT
        Subject: CN=5D58B08C7F0422D2DD76E6E7700D755DFDC81569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:42:7e:bf:ee:0d:03:16:35:46:8f:55:96:c1:
                    c4:4a:ee:f4:2b:c3:0e:dd:65:18:94:ee:04:23:6b:
                    1f:23:7f:59:d0:5f:7d:7b:8a:e2:6d:72:d5:0c:d5:
                    b7:e7:23:51:00:14:e5:c7:2e:b8:4c:53:77:84:a4:
                    0f:90:ab:ee:81:d3:54:a6:fb:b2:b3:c0:fc:86:fb:
                    0f:75:88:34:e2:27:11:f4:ef:8c:af:04:4e:06:9b:
                    ed:da:46:4e:c4:58:a9:04:63:fe:a7:9e:d2:6f:34:
                    27:52:ee:a1:0f:cf:4d:c8:6f:ec:39:b5:9c:07:b5:
                    9c:80:9e:ab:a7:c4:f7:95:3b:b3:0f:df:9c:c6:11:
                    f4:27:cf:cf:76:2f:99:66:e3:58:01:71:6f:f6:ed:
                    9a:0e:25:20:4a:90:4b:e7:6d:03:9b:36:65:b2:0c:
                    10:5c:f3:74:64:44:f6:24:88:4e:41:56:9a:12:8d:
                    28:ad:4b:0e:14:1b:8d:1e:2c:79:60:e0:f6:25:82:
                    b9:fc:ef:2c:3f:08:6f:12:ca:0b:07:73:1a:3f:3d:
                    7b:53:70:ba:be:a1:ba:68:59:52:7b:12:af:e5:58:
                    da:13:7b:bf:e9:6e:17:d8:8a:e3:17:71:c3:b1:15:
                    05:69:f7:b2:d3:0d:79:22:e1:1b:e0:85:a4:cd:1c:
                    31:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:58:B0:8C:7F:04:22:D2:DD:76:E6:E7:70:0D:75:5D:FD:C8:15:69
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS140224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f1:54:00:39:17:e0:ea:75:82:e9:3f:53:f1:e9:97:d6:9e:
         6a:0c:de:03:8a:7e:ee:87:07:1e:08:8a:d6:4a:99:ed:8f:32:
         98:d3:cf:3e:31:7a:6b:25:87:27:52:a4:d4:c6:71:03:c2:bd:
         22:4b:e7:9f:41:7c:53:bd:7b:20:e1:a5:0c:a5:7d:3c:e1:85:
         6d:f7:4d:81:cb:6f:36:77:a7:42:d8:e6:e0:35:90:29:74:06:
         58:20:b1:66:b1:02:d3:ac:37:29:9a:17:52:9b:c3:f9:76:f5:
         c8:78:1e:28:3e:17:0a:ce:1c:78:76:e6:85:fa:a9:5c:02:74:
         ae:4f:26:c6:26:95:51:71:52:9b:a2:07:b5:3c:d5:13:1f:0a:
         43:19:5f:d1:c4:57:03:44:77:96:5d:c1:6e:47:84:9c:60:32:
         15:9b:20:3c:5c:8d:54:98:95:97:f4:0b:f4:46:48:95:7e:9f:
         56:8f:11:66:d7:e4:8f:6b:ac:25:a7:0f:e3:b0:07:39:f3:98:
         11:2a:68:50:01:60:44:d1:76:8e:3f:0e:c7:e1:ba:1e:5f:f9:
         97:ee:59:31:ec:46:7f:e0:5e:13:bb:79:7f:9b:a5:ef:9c:98:
         1c:2a:b5:e7:75:0e:ea:bc:c9:f4:3f:2e:bf:ae:b4:48:ef:ff:
         b0:35:23:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULALej0L6mbKoL8lJNZUBUFCYHBAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjcxMTU4NDNaFw0yNjA1MjYxMjAzNDNaMDMxMTAvBgNV
BAMTKDVENThCMDhDN0YwNDIyRDJERDc2RTZFNzcwMEQ3NTVERkRDODE1NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbQn6/7g0DFjVGj1WWwcRK7vQr
ww7dZRiU7gQjax8jf1nQX317iuJtctUM1bfnI1EAFOXHLrhMU3eEpA+Qq+6B01Sm
+7KzwPyG+w91iDTiJxH074yvBE4Gm+3aRk7EWKkEY/6nntJvNCdS7qEPz03Ib+w5
tZwHtZyAnqunxPeVO7MP35zGEfQnz892L5lm41gBcW/27ZoOJSBKkEvnbQObNmWy
DBBc83RkRPYkiE5BVpoSjSitSw4UG40eLHlg4PYlgrn87yw/CG8SygsHcxo/PXtT
cLq+obpoWVJ7Eq/lWNoTe7/pbhfYiuMXccOxFQVp97LTDXki4RvghaTNHDENAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXViwjH8EItLddubncA11Xf3IFWkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTQwMjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYD7e
MA0GCSqGSIb3DQEBCwUAA4IBAQAz8VQAORfg6nWC6T9T8emX1p5qDN4Din7uhwce
CIrWSpntjzKY088+MXprJYcnUqTUxnEDwr0iS+efQXxTvXsg4aUMpX084YVt902B
y282d6dC2ObgNZApdAZYILFmsQLTrDcpmhdSm8P5dvXIeB4oPhcKzhx4duaF+qlc
AnSuTybGJpVRcVKboge1PNUTHwpDGV/RxFcDRHeWXcFuR4ScYDIVmyA8XI1UmJWX
9Av0RkiVfp9WjxFm1+SPa6wlpw/jsAc585gRKmhQAWBE0XaOPw7H4boeX/mX7lkx
7EZ/4F4Tu3l/m6XvnJgcKrXndQ7qvMn0Py6/rrRI7/+wNSPi
-----END CERTIFICATE-----