Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS140641.roa
File:                     AS140641.roa (raw, json)
Hash identifier:          d0zonSXNmGgqTa93N0hEiLSOrSihazVCnVRFC5U+Ck8=
Subject key identifier:   D4:3D:23:79:39:F1:12:0F:6F:DA:1A:AA:9A:E4:C4:44:AB:2F:16:5B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2BBDA43DFF101AA25A3A01340B5E6AEA768A6B8C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS140641.roa
Signing time:             Wed 22 Jan 2025 14:42:13 +0000
ROA not before:           Wed 22 Jan 2025 14:37:13 +0000
ROA not after:            Wed 21 Jan 2026 14:42:13 +0000
asID:                     140641
IP address blocks:        82.27.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:bd:a4:3d:ff:10:1a:a2:5a:3a:01:34:0b:5e:6a:ea:76:8a:6b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 22 14:37:13 2025 GMT
            Not After : Jan 21 14:42:13 2026 GMT
        Subject: CN=D43D237939F1120F6FDA1AAA9AE4C444AB2F165B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:42:9a:05:fb:2c:b6:58:c0:0f:04:19:7b:3f:
                    55:01:52:38:c7:03:ec:ba:28:17:77:e8:9d:7b:ea:
                    65:c5:83:63:96:76:fe:ee:b4:ca:58:91:29:3e:0f:
                    74:c5:77:8a:7a:99:43:20:12:44:81:f0:c6:a6:8c:
                    2d:93:32:f4:23:7d:67:ec:fb:08:f5:84:4a:c9:bd:
                    f7:98:d6:a8:5a:24:85:09:87:aa:45:ce:fc:ac:8f:
                    7b:2e:78:f0:b6:24:8e:55:23:30:ea:7f:0f:5d:b8:
                    3c:5e:63:e5:6e:94:04:1a:4f:9b:eb:61:9b:a7:1f:
                    b5:50:fb:b7:62:30:d7:97:21:8e:1e:8a:c4:9d:53:
                    5f:84:82:86:70:d5:12:f3:96:7f:15:cc:20:b1:32:
                    44:1d:2f:a9:1d:8d:22:4f:6a:bf:32:00:d7:37:d8:
                    f2:7a:c0:7c:36:f7:59:7b:14:54:19:df:f3:56:9a:
                    94:ca:07:3c:00:ab:48:75:e3:ad:a6:ee:76:31:99:
                    0c:c1:e3:89:b7:55:a6:fd:cf:d8:25:e3:1e:d1:ea:
                    cf:26:0c:0f:0e:18:17:08:56:8a:55:c3:a6:50:ef:
                    09:ed:bc:3f:33:60:d1:4c:29:c0:87:b3:cf:58:f8:
                    0b:fd:a3:bd:0a:52:14:08:d9:a8:6b:90:a3:2a:cd:
                    29:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:3D:23:79:39:F1:12:0F:6F:DA:1A:AA:9A:E4:C4:44:AB:2F:16:5B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS140641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:a9:8c:bf:b8:07:fa:dc:b7:1d:29:67:e6:71:96:27:e6:44:
         eb:2d:81:7f:22:79:11:5b:f6:74:7e:4c:ff:aa:ee:3c:98:a7:
         39:3a:db:ac:fe:00:8c:5e:2a:dc:d4:bb:9e:df:19:54:56:d8:
         98:c4:6b:de:7d:ec:06:35:cb:11:73:ad:27:19:47:aa:d9:35:
         91:99:66:bc:04:21:57:f5:2b:6b:36:71:38:bd:43:97:cd:85:
         19:08:88:f2:59:3c:1d:59:58:41:29:36:66:38:9c:9e:ec:1c:
         a2:bc:50:62:00:7c:f2:00:37:ec:22:f4:5e:81:2b:7a:1c:ea:
         80:79:9c:af:11:11:e6:9e:b5:c2:49:e9:f9:36:b4:d3:f5:e5:
         a5:2d:8a:14:5b:43:c6:d6:4d:3d:14:fd:79:eb:09:b1:a4:2d:
         52:6d:a4:eb:25:6c:f9:d2:27:0e:6d:13:91:b3:d3:fd:a0:ae:
         fd:bc:09:97:c9:6f:00:97:91:5c:d5:01:44:a3:de:90:90:4e:
         c4:c4:f1:7c:2d:46:b8:9c:c7:36:00:4f:2b:63:88:da:68:03:
         82:d0:2c:d3:d5:93:59:37:05:35:5a:d3:7b:59:72:2f:c5:33:
         21:bc:53:57:f6:61:40:af:6a:ff:fc:ac:2d:23:7a:ca:0b:b9:
         02:74:e9:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUK72kPf8QGqJaOgE0C15q6naKa4wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjIxNDM3MTNaFw0yNjAxMjExNDQyMTNaMDMxMTAvBgNV
BAMTKEQ0M0QyMzc5MzlGMTEyMEY2RkRBMUFBQTlBRTRDNDQ0QUIyRjE2NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0QpoF+yy2WMAPBBl7P1UBUjjH
A+y6KBd36J176mXFg2OWdv7utMpYkSk+D3TFd4p6mUMgEkSB8MamjC2TMvQjfWfs
+wj1hErJvfeY1qhaJIUJh6pFzvysj3suePC2JI5VIzDqfw9duDxeY+VulAQaT5vr
YZunH7VQ+7diMNeXIY4eisSdU1+EgoZw1RLzln8VzCCxMkQdL6kdjSJPar8yANc3
2PJ6wHw291l7FFQZ3/NWmpTKBzwAq0h1462m7nYxmQzB44m3Vab9z9gl4x7R6s8m
DA8OGBcIVopVw6ZQ7wntvD8zYNFMKcCHs89Y+Av9o70KUhQI2ahrkKMqzSmJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1D0jeTnxEg9v2hqqmuTERKsvFlswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQwNjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhsB
MA0GCSqGSIb3DQEBCwUAA4IBAQBgqYy/uAf63LcdKWfmcZYn5kTrLYF/InkRW/Z0
fkz/qu48mKc5Otus/gCMXirc1Lue3xlUVtiYxGvefewGNcsRc60nGUeq2TWRmWa8
BCFX9StrNnE4vUOXzYUZCIjyWTwdWVhBKTZmOJye7ByivFBiAHzyADfsIvRegSt6
HOqAeZyvERHmnrXCSen5NrTT9eWlLYoUW0PG1k09FP156wmxpC1SbaTrJWz50icO
bRORs9P9oK79vAmXyW8Al5Fc1QFEo96QkE7ExPF8LUa4nMc2AE8rY4jaaAOC0CzT
1ZNZNwU1WtN7WXIvxTMhvFNX9mFAr2r//KwtI3rKC7kCdOn+
-----END CERTIFICATE-----