Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
File:                     AS15440.roa (raw, json)
Hash identifier:          Z0EwinDPC9pbKd9+qgBTeivSaTI3PlLabJz7L9gmPFE=
Subject key identifier:   62:3D:1C:25:6D:D3:E6:7E:83:8E:21:70:A8:20:53:3F:2D:D6:74:21
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       454BA1F2374E54AA6BC937A6E5670C35D6D0ACC2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
Signing time:             Sat 06 Apr 2024 11:09:31 +0000
ROA not before:           Sat 06 Apr 2024 11:04:31 +0000
ROA not after:            Sat 05 Apr 2025 11:09:31 +0000
asID:                     15440
IP address blocks:        146.103.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:4b:a1:f2:37:4e:54:aa:6b:c9:37:a6:e5:67:0c:35:d6:d0:ac:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:31 2024 GMT
            Not After : Apr  5 11:09:31 2025 GMT
        Subject: CN=623D1C256DD3E67E838E2170A820533F2DD67421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:09:07:c3:78:ee:f3:fb:ad:b1:cb:28:8a:66:
                    fe:5b:ca:90:7e:2e:3d:9f:6b:ea:1f:3e:ca:bd:e1:
                    e3:d9:46:d9:dd:77:03:63:4e:e7:f8:ca:24:e1:a0:
                    50:7e:40:37:a2:c3:c4:02:fc:13:25:e4:3e:4e:97:
                    29:97:ec:b5:6a:74:d8:5b:3f:aa:11:85:15:11:eb:
                    1c:8f:0f:67:93:2d:71:ed:da:09:07:93:a4:be:48:
                    cd:7f:18:d2:14:66:02:f3:76:b2:f7:5c:8d:f7:cf:
                    26:5b:09:ab:11:04:8c:94:3e:31:01:03:50:83:a2:
                    b4:89:0a:24:28:4f:65:b2:b2:89:c2:25:7e:f7:3b:
                    a9:ae:56:f2:bb:5f:0e:31:63:b6:28:9f:eb:78:2a:
                    5e:b3:57:c7:70:ee:fc:5d:64:3b:ea:c6:a9:74:95:
                    52:80:3b:75:ca:1b:84:3a:de:9b:49:ec:53:5e:c6:
                    38:dd:1f:82:2b:6c:af:c2:90:f2:2d:50:57:29:6b:
                    06:f7:25:68:90:98:fb:bf:12:27:32:ef:3e:e2:93:
                    14:22:e4:fd:5b:dd:60:1f:a6:1a:a9:90:30:b1:c4:
                    25:24:a2:94:e7:0e:60:d5:bc:b7:c2:bb:40:76:50:
                    b6:43:5b:a9:63:98:cf:b4:f0:1f:93:16:57:1e:4e:
                    a5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3D:1C:25:6D:D3:E6:7E:83:8E:21:70:A8:20:53:3F:2D:D6:74:21
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:e5:be:38:32:b8:d1:06:8b:1e:56:32:45:26:31:21:a5:c5:
         b5:4b:ea:24:11:bf:82:20:aa:6e:cd:9c:8a:90:12:df:05:c9:
         32:3b:f7:98:14:b0:33:16:51:d4:66:f8:ee:d4:c9:9b:53:50:
         3d:e4:53:be:41:c6:f1:47:2c:c9:97:e2:bc:19:48:da:c8:7f:
         3f:c8:9d:80:e6:a6:64:d1:e3:45:7d:a2:e3:52:5a:1b:c2:02:
         ae:44:38:25:47:f7:27:59:b8:4e:a8:c5:41:d8:42:c6:8d:04:
         b9:2b:fd:af:40:68:7a:a6:e4:10:d5:3c:25:dd:21:de:0f:0c:
         26:0d:c7:ca:9b:43:b2:76:4f:7d:45:78:4b:8d:ba:88:81:cd:
         26:d6:fe:4c:be:dd:0d:b9:9e:98:b2:a9:8c:78:f3:69:cd:e3:
         6c:f1:8d:22:72:5e:a4:4f:9c:b4:de:27:08:db:47:52:c0:0d:
         9d:aa:c4:62:54:37:45:c6:36:27:9f:d4:e5:2b:ec:29:c9:7d:
         da:dc:9f:99:83:2d:a7:cd:be:87:ab:1e:6a:c6:5f:d7:53:90:
         53:cc:0f:f5:a4:2d:57:d8:ec:d5:44:4d:94:23:9f:3b:86:7b:
         cf:96:a5:de:19:c8:d1:c6:bd:6b:95:12:16:63:eb:df:36:55:
         24:b7:83:c4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURUuh8jdOVKpryTem5WcMNdbQrMIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKDYyM0QxQzI1NkREM0U2N0U4MzhFMjE3MEE4MjA1MzNGMkRENjc0MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVCQfDeO7z+62xyyiKZv5bypB+
Lj2fa+ofPsq94ePZRtnddwNjTuf4yiThoFB+QDeiw8QC/BMl5D5OlymX7LVqdNhb
P6oRhRUR6xyPD2eTLXHt2gkHk6S+SM1/GNIUZgLzdrL3XI33zyZbCasRBIyUPjEB
A1CDorSJCiQoT2WysonCJX73O6muVvK7Xw4xY7Yon+t4Kl6zV8dw7vxdZDvqxql0
lVKAO3XKG4Q63ptJ7FNexjjdH4IrbK/CkPItUFcpawb3JWiQmPu/Eicy7z7ikxQi
5P1b3WAfphqpkDCxxCUkopTnDmDVvLfCu0B2ULZDW6ljmM+08B+TFlceTqUJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUYj0cJW3T5n6DjiFwqCBTPy3WdCEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTU0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZyYw
DQYJKoZIhvcNAQELBQADggEBALjlvjgyuNEGix5WMkUmMSGlxbVL6iQRv4Igqm7N
nIqQEt8FyTI795gUsDMWUdRm+O7UyZtTUD3kU75BxvFHLMmX4rwZSNrIfz/InYDm
pmTR40V9ouNSWhvCAq5EOCVH9ydZuE6oxUHYQsaNBLkr/a9AaHqm5BDVPCXdId4P
DCYNx8qbQ7J2T31FeEuNuoiBzSbW/ky+3Q25npiyqYx482nN42zxjSJyXqRPnLTe
JwjbR1LADZ2qxGJUN0XGNief1OUr7CnJfdrcn5mDLafNvoerHmrGX9dTkFPMD/Wk
LVfY7NVETZQjnzuGe8+Wpd4ZyNHGvWuVEhZj6982VSS3g8Q=
-----END CERTIFICATE-----