Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          my0hyfOqMWDT+XSpCSkORhES/sTyA7udK4cN6rABjkU=
Subject key identifier:   6D:F8:63:0C:81:A5:F6:9D:0F:8B:C8:1E:F6:30:76:42:53:4C:7C:8D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       44EE69612A584C543166E74F62DADAA99A59374D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
Signing time:             Thu 13 Jun 2024 13:48:06 +0000
ROA not before:           Thu 13 Jun 2024 13:43:06 +0000
ROA not after:            Thu 12 Jun 2025 13:48:06 +0000
asID:                     62240
IP address blocks:        140.150.236.0/22 maxlen: 22
                          146.103.28.0/22 maxlen: 22
                          147.79.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 12:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:ee:69:61:2a:58:4c:54:31:66:e7:4f:62:da:da:a9:9a:59:37:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 13 13:43:06 2024 GMT
            Not After : Jun 12 13:48:06 2025 GMT
        Subject: CN=6DF8630C81A5F69D0F8BC81EF6307642534C7C8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ce:41:a5:78:89:c8:06:79:e8:c2:e0:b7:bd:
                    b8:77:4f:d3:71:1b:d2:37:09:af:57:c8:fa:b1:cf:
                    32:45:40:f6:02:06:57:cf:72:2d:0e:51:b1:c6:38:
                    06:60:88:b6:13:3c:af:cb:d5:b5:b5:4f:00:5a:94:
                    a7:b5:ca:2f:dc:11:69:6e:0f:1d:de:ec:ee:f8:62:
                    4f:e7:4b:9c:8b:49:23:9a:69:75:97:6a:01:00:19:
                    a0:d4:bb:48:16:eb:5d:fa:b3:42:61:c7:18:09:01:
                    6a:80:cb:22:c1:03:64:e0:ae:87:dd:62:d7:a2:29:
                    22:6e:d0:76:12:36:80:cd:37:cf:81:03:cd:ee:2c:
                    0c:3d:6f:d9:96:35:88:46:7e:8c:28:4d:4d:14:06:
                    8b:c7:71:9a:a0:21:30:b3:4f:1a:87:3e:92:19:57:
                    6b:f1:f8:8a:61:8a:b2:ff:68:4d:99:9f:1d:81:8e:
                    ab:5d:61:45:22:09:b6:30:11:ea:4b:ac:6e:dd:db:
                    e6:a8:85:52:9f:04:7f:96:ff:3c:59:40:3c:5a:9e:
                    53:3b:05:49:61:f5:a4:89:9c:39:ac:4f:be:3e:f8:
                    9b:00:49:01:78:db:f2:3c:04:4a:df:74:aa:3d:ea:
                    b0:a6:7c:bc:99:bb:35:d6:b3:e6:52:cc:84:63:df:
                    a0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F8:63:0C:81:A5:F6:9D:0F:8B:C8:1E:F6:30:76:42:53:4C:7C:8D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.236.0/22
                  146.103.28.0/22
                  147.79.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:ca:de:49:56:ca:93:61:a7:56:7c:2c:ed:98:a8:7c:de:e7:
         42:c7:13:94:b1:3c:63:4d:e3:1f:13:23:e6:1f:c7:6f:9e:ce:
         26:27:06:f3:b9:d7:23:78:fc:dc:bf:21:d7:83:b5:5f:ef:51:
         ce:03:a1:73:53:7b:4e:d9:d0:22:7a:23:7e:cd:da:48:ab:3a:
         82:14:04:a9:3a:4d:4d:91:76:70:0f:b7:a0:4f:96:2c:51:08:
         7f:ab:f8:6e:26:9a:6c:28:54:1d:4f:be:16:94:53:ff:90:7a:
         9a:b4:a4:60:a8:b9:67:ae:53:95:46:c3:4a:1c:1f:b2:1b:f8:
         f1:e4:27:85:a7:e4:27:e9:7b:58:ef:9c:a1:82:a7:37:53:4f:
         c9:8a:6e:cb:4f:6e:38:df:16:0d:fc:f2:50:88:52:37:3f:74:
         0a:4d:b0:9a:df:82:12:14:a9:23:69:33:b3:95:f2:8c:9f:7b:
         83:63:d4:4b:dc:c6:8b:40:95:65:eb:d9:53:25:e8:e3:c1:96:
         03:bc:62:3b:11:df:a5:df:f0:ca:0a:3c:33:c4:5e:2a:a7:d9:
         d7:7e:5a:9d:3f:70:97:64:2d:f0:69:08:b4:eb:22:fb:55:04:
         f6:a3:45:02:47:46:2c:c1:65:8c:74:7a:e7:30:68:e7:a9:38:
         10:38:32:9b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIURO5pYSpYTFQxZudPYtraqZpZN00wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA2MTMxMzQzMDZaFw0yNTA2MTIxMzQ4MDZaMDMxMTAvBgNV
BAMTKDZERjg2MzBDODFBNUY2OUQwRjhCQzgxRUY2MzA3NjQyNTM0QzdDOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCizkGleInIBnnowuC3vbh3T9Nx
G9I3Ca9XyPqxzzJFQPYCBlfPci0OUbHGOAZgiLYTPK/L1bW1TwBalKe1yi/cEWlu
Dx3e7O74Yk/nS5yLSSOaaXWXagEAGaDUu0gW6136s0JhxxgJAWqAyyLBA2Tgrofd
YteiKSJu0HYSNoDNN8+BA83uLAw9b9mWNYhGfowoTU0UBovHcZqgITCzTxqHPpIZ
V2vx+IphirL/aE2Znx2BjqtdYUUiCbYwEepLrG7d2+aohVKfBH+W/zxZQDxanlM7
BUlh9aSJnDmsT74++JsASQF42/I8BErfdKo96rCmfLyZuzXWs+ZSzIRj36C5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUbfhjDIGl9p0Pi8ge9jB2QlNMfI0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAKMluwD
BAKSZxwDBAGTTwIwDQYJKoZIhvcNAQELBQADggEBAB3K3klWypNhp1Z8LO2YqHze
50LHE5SxPGNN4x8TI+Yfx2+eziYnBvO51yN4/Ny/IdeDtV/vUc4DoXNTe07Z0CJ6
I37N2kirOoIUBKk6TU2RdnAPt6BPlixRCH+r+G4mmmwoVB1PvhaUU/+Qepq0pGCo
uWeuU5VGw0ocH7Ib+PHkJ4Wn5Cfpe1jvnKGCpzdTT8mKbstPbjjfFg388lCIUjc/
dApNsJrfghIUqSNpM7OV8oyfe4Nj1EvcxotAlWXr2VMl6OPBlgO8YjsR36Xf8MoK
PDPEXiqn2dd+Wp0/cJdkLfBpCLTrIvtVBPajRQJHRizBZYx0eucwaOepOBA4Mps=
-----END CERTIFICATE-----