Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          itadWCnwPtn5vvMcTKxFJfP6xtPXC3DXgrqVvbR+oJ8=
Subject key identifier:   6A:01:65:9A:55:B4:93:B1:96:B4:89:07:52:4E:E7:B2:5B:89:66:2D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7DFABE7660ED01804676E4FCA5423FB5C81C6A6E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
Signing time:             Sat 06 Apr 2024 11:09:30 +0000
ROA not before:           Sat 06 Apr 2024 11:04:30 +0000
ROA not after:            Sat 05 Apr 2025 11:09:30 +0000
asID:                     40676
IP address blocks:        146.103.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:fa:be:76:60:ed:01:80:46:76:e4:fc:a5:42:3f:b5:c8:1c:6a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:30 2024 GMT
            Not After : Apr  5 11:09:30 2025 GMT
        Subject: CN=6A01659A55B493B196B48907524EE7B25B89662D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:46:7f:50:90:73:bc:ab:9d:1a:b5:d4:b3:20:
                    4b:8c:3b:3b:a7:2d:5d:f2:e9:14:c5:5e:fa:72:10:
                    e8:d7:e1:02:79:a2:44:22:e6:a1:16:6d:36:86:cf:
                    7a:71:50:a4:2c:12:ae:36:34:9d:a6:bf:fc:24:e7:
                    c8:01:b4:61:00:8d:79:66:45:55:8b:cf:89:6b:d7:
                    a5:84:ab:e8:78:d5:94:f7:c1:3e:45:be:c8:86:3d:
                    06:0f:e8:b4:6c:26:b1:b4:e4:4d:eb:e0:a1:61:e0:
                    ad:69:78:2c:0c:d1:51:76:62:4f:7d:f5:06:4d:6c:
                    44:36:6f:21:77:4c:dd:f9:86:d0:bb:96:1c:dc:5f:
                    0e:06:30:df:05:00:1a:fd:0f:f8:f2:b6:04:43:95:
                    1b:aa:48:97:99:ca:ee:e6:2d:63:dc:a7:19:c1:35:
                    cc:4e:86:d5:6f:28:ce:43:81:01:93:72:01:a2:93:
                    b8:f2:0b:bd:76:05:5f:e4:c9:fd:e3:cc:a1:7b:7e:
                    82:be:b2:b0:cc:cc:1f:dd:e9:21:e6:04:0f:7d:85:
                    36:5b:08:df:e1:0b:b5:75:b6:7b:20:13:ac:85:41:
                    f4:4c:13:bf:7a:d4:49:07:00:b3:de:6e:02:87:0f:
                    3b:72:6c:96:3f:57:f0:2b:53:72:d4:9b:80:f6:82:
                    42:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:01:65:9A:55:B4:93:B1:96:B4:89:07:52:4E:E7:B2:5B:89:66:2D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:96:fe:65:40:3b:c6:43:07:0f:f0:49:b7:13:7c:a1:7a:b3:
         31:12:ef:75:fa:19:62:01:de:a8:59:b2:fc:7c:f8:0d:9d:0b:
         f5:da:de:71:d4:fd:5d:20:93:30:19:13:a3:fc:b8:fe:7b:32:
         94:d9:d3:56:76:07:dd:73:f5:93:ca:d9:15:a2:5b:d3:36:83:
         8d:b1:4e:08:5c:01:ba:e6:ba:48:5e:24:19:af:4a:0f:2c:e0:
         ea:69:03:24:67:6a:fe:a1:c1:c8:d8:7b:1a:c0:08:54:15:d3:
         d3:9d:d8:43:a9:20:3c:9b:23:78:3c:cd:ee:1f:72:f6:b8:6f:
         6a:eb:df:07:69:d7:62:75:23:89:f0:fb:47:35:c9:84:65:86:
         ee:0c:55:3c:fb:8c:a1:cd:b5:ba:bc:28:06:af:ee:b5:14:bb:
         86:57:82:92:b0:93:12:a9:5b:0e:83:39:6b:27:8a:e5:29:58:
         61:cf:2e:5e:9d:16:07:03:fb:f8:1f:2c:9b:ac:89:dd:49:60:
         35:75:23:01:f5:4e:7f:d1:4a:b4:69:47:d0:98:75:8c:c9:a3:
         67:00:09:9f:6d:29:8a:36:3b:62:52:48:ef:94:77:f7:c9:88:
         cd:92:fa:9a:8f:bb:ba:ec:cc:84:09:82:8a:9f:c4:ba:7a:5c:
         8a:a2:83:6e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUffq+dmDtAYBGduT8pUI/tcgcam4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzBaFw0yNTA0MDUxMTA5MzBaMDMxMTAvBgNV
BAMTKDZBMDE2NTlBNTVCNDkzQjE5NkI0ODkwNzUyNEVFN0IyNUI4OTY2MkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtRn9QkHO8q50atdSzIEuMOzun
LV3y6RTFXvpyEOjX4QJ5okQi5qEWbTaGz3pxUKQsEq42NJ2mv/wk58gBtGEAjXlm
RVWLz4lr16WEq+h41ZT3wT5FvsiGPQYP6LRsJrG05E3r4KFh4K1peCwM0VF2Yk99
9QZNbEQ2byF3TN35htC7lhzcXw4GMN8FABr9D/jytgRDlRuqSJeZyu7mLWPcpxnB
NcxOhtVvKM5DgQGTcgGik7jyC712BV/kyf3jzKF7foK+srDMzB/d6SHmBA99hTZb
CN/hC7V1tnsgE6yFQfRME7961EkHALPebgKHDztybJY/V/ArU3LUm4D2gkJ9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUagFlmlW0k7GWtIkHUk7nsluJZi0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZzsw
DQYJKoZIhvcNAQELBQADggEBAIGW/mVAO8ZDBw/wSbcTfKF6szES73X6GWIB3qhZ
svx8+A2dC/Xa3nHU/V0gkzAZE6P8uP57MpTZ01Z2B91z9ZPK2RWiW9M2g42xTghc
AbrmukheJBmvSg8s4OppAyRnav6hwcjYexrACFQV09Od2EOpIDybI3g8ze4fcva4
b2rr3wdp12J1I4nw+0c1yYRlhu4MVTz7jKHNtbq8KAav7rUUu4ZXgpKwkxKpWw6D
OWsniuUpWGHPLl6dFgcD+/gfLJusid1JYDV1IwH1Tn/RSrRpR9CYdYzJo2cACZ9t
KYo2O2JSSO+Ud/fJiM2S+pqPu7rszIQJgoqfxLp6XIqig24=
-----END CERTIFICATE-----