Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
File:                     AS15440.roa (raw, json)
Hash identifier:          tZ6YI5KZh+IcjFOX4v6WRWkooTscTtkYaeDl3vujwQQ=
Subject key identifier:   63:FF:B4:98:59:E0:C2:9C:72:EC:65:31:35:6A:09:92:B5:B4:69:F7
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       04602E2752CB6ACDFE5B1BE9FE7BDB6529918B85
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
Signing time:             Tue 04 Jun 2024 23:21:16 +0000
ROA not before:           Tue 04 Jun 2024 23:16:16 +0000
ROA not after:            Tue 03 Jun 2025 23:21:16 +0000
asID:                     15440
IP address blocks:        146.103.25.0/24 maxlen: 24
                          146.103.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:60:2e:27:52:cb:6a:cd:fe:5b:1b:e9:fe:7b:db:65:29:91:8b:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  4 23:16:16 2024 GMT
            Not After : Jun  3 23:21:16 2025 GMT
        Subject: CN=63FFB49859E0C29C72EC6531356A0992B5B469F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:27:ba:f2:8e:a5:fe:98:70:46:5e:78:b6:4e:
                    b7:7b:85:27:fd:65:77:a6:07:3f:55:4d:f0:36:ce:
                    d9:06:c6:36:b9:80:c2:24:14:40:4b:f8:0e:29:28:
                    43:49:10:46:73:9a:39:23:02:93:b6:7c:66:c1:97:
                    b1:dd:7c:50:87:30:56:5b:8a:bf:0a:83:14:e1:96:
                    67:fa:4f:b0:b7:32:06:a4:7d:f7:9d:c3:24:cf:4b:
                    bb:af:8d:8f:85:79:0b:59:8b:93:dc:6c:cd:09:a1:
                    d4:3a:c3:ff:1b:69:d1:a1:33:5b:62:81:99:67:33:
                    59:3e:76:98:3a:9d:de:39:e7:7e:e4:f7:aa:df:3a:
                    ad:e0:55:3f:26:2c:ba:dd:78:73:a1:b2:b8:60:fd:
                    b7:55:0a:88:ea:a6:54:ca:83:bf:ab:57:ac:25:9e:
                    6c:55:a4:72:98:ca:c7:e6:fa:2b:ce:fc:c2:bd:49:
                    64:c5:73:ef:17:a5:4c:8e:ad:64:a4:10:9c:98:f7:
                    39:45:22:13:4a:7c:6c:b1:f8:90:16:ec:ba:5d:7c:
                    e6:7c:fb:3d:49:7b:fd:21:e6:b2:9c:55:df:e5:7a:
                    3e:c0:2b:a5:8e:cb:1f:8a:8a:aa:d4:dc:ad:b2:0a:
                    ea:50:0f:22:92:19:9f:b6:29:34:e3:2d:4b:26:de:
                    86:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FF:B4:98:59:E0:C2:9C:72:EC:65:31:35:6A:09:92:B5:B4:69:F7
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.25.0/24
                  146.103.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:dd:cd:37:2d:ed:f1:42:dd:ae:43:ab:1a:ab:dc:8c:e2:41:
         ea:4f:1b:84:3a:64:94:e7:2b:d1:da:91:6b:fa:f8:d9:a8:9f:
         05:f3:ae:eb:ab:aa:e7:7c:9a:9f:58:d7:08:e7:ea:1b:a0:55:
         65:5a:c8:25:20:ea:d1:32:b2:55:74:f9:1f:e3:ae:ac:2e:9d:
         5d:2b:7c:cd:78:86:d7:47:f1:7b:ae:1d:1e:3b:34:7b:2c:ad:
         1c:6b:30:8d:ad:f7:36:87:66:b3:bd:35:24:f3:54:c4:56:cf:
         1b:18:a5:64:0b:2d:68:d2:94:b2:1e:89:9c:54:d3:05:9e:58:
         4a:4b:56:cd:0d:8e:8c:34:93:e9:2b:ee:83:f2:e8:b4:3f:55:
         c0:43:10:a0:ac:42:a5:71:d8:d5:40:02:05:a2:71:95:2c:35:
         6d:c2:db:c9:86:5c:e3:ee:f8:07:e8:09:7c:b2:5b:aa:ea:65:
         12:42:00:f7:62:0f:28:48:fe:b7:13:59:f7:6e:a8:19:97:38:
         aa:0e:cc:55:ad:a5:9c:93:b3:0e:44:07:99:00:71:73:4c:79:
         61:2b:47:9e:0b:87:e9:d4:59:8f:9b:4d:2e:4d:5a:45:2e:f2:
         69:34:04:fc:1c:6e:75:63:a2:e8:a7:40:be:74:e5:1d:6e:82:
         2a:4e:ae:f5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUBGAuJ1LLas3+Wxvp/nvbZSmRi4UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA2MDQyMzE2MTZaFw0yNTA2MDMyMzIxMTZaMDMxMTAvBgNV
BAMTKDYzRkZCNDk4NTlFMEMyOUM3MkVDNjUzMTM1NkEwOTkyQjVCNDY5RjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqJ7ryjqX+mHBGXni2Trd7hSf9
ZXemBz9VTfA2ztkGxja5gMIkFEBL+A4pKENJEEZzmjkjApO2fGbBl7HdfFCHMFZb
ir8KgxThlmf6T7C3MgakffedwyTPS7uvjY+FeQtZi5PcbM0JodQ6w/8badGhM1ti
gZlnM1k+dpg6nd45537k96rfOq3gVT8mLLrdeHOhsrhg/bdVCojqplTKg7+rV6wl
nmxVpHKYysfm+ivO/MK9SWTFc+8XpUyOrWSkEJyY9zlFIhNKfGyx+JAW7LpdfOZ8
+z1Je/0h5rKcVd/lej7AK6WOyx+KiqrU3K2yCupQDyKSGZ+2KTTjLUsm3oY3AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUY/+0mFngwpxy7GUxNWoJkrW0afcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTU0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACSZxkD
BACSZyYwDQYJKoZIhvcNAQELBQADggEBAI/dzTct7fFC3a5Dqxqr3IziQepPG4Q6
ZJTnK9HakWv6+NmonwXzruurqud8mp9Y1wjn6hugVWVayCUg6tEyslV0+R/jrqwu
nV0rfM14htdH8XuuHR47NHssrRxrMI2t9zaHZrO9NSTzVMRWzxsYpWQLLWjSlLIe
iZxU0wWeWEpLVs0Njow0k+kr7oPy6LQ/VcBDEKCsQqVx2NVAAgWicZUsNW3C28mG
XOPu+AfoCXyyW6rqZRJCAPdiDyhI/rcTWfduqBmXOKoOzFWtpZyTsw5EB5kAcXNM
eWErR54Lh+nUWY+bTS5NWkUu8mk0BPwcbnVjouinQL505R1ugipOrvU=
-----END CERTIFICATE-----