Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          hxueLUOTfNMc3eGcRjDgSNY43uIqbT72+qmZ+KxZmdc=
Subject key identifier:   B5:BF:0B:7D:75:7A:06:95:75:4E:58:1B:05:A6:10:56:19:CB:C5:C2
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1B7B9002597BDDBF22C906700A3B604CDE3A2C1A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa
Signing time:             Tue 27 May 2025 00:00:17 +0000
ROA not before:           Mon 26 May 2025 23:55:17 +0000
ROA not after:            Tue 26 May 2026 00:00:17 +0000
asID:                     62240
IP address blocks:        45.158.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 02:13:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:7b:90:02:59:7b:dd:bf:22:c9:06:70:0a:3b:60:4c:de:3a:2c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 26 23:55:17 2025 GMT
            Not After : May 26 00:00:17 2026 GMT
        Subject: CN=B5BF0B7D757A0695754E581B05A6105619CBC5C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:48:7e:5f:38:45:a2:db:14:23:3b:89:2d:75:
                    b2:07:40:d3:5c:ba:12:1d:64:00:fe:b3:c9:e1:ca:
                    ce:09:3a:e0:ae:26:2a:6c:db:14:7d:a6:b5:a4:6d:
                    6c:a9:97:7c:dc:67:1f:e8:1c:58:4c:15:cc:7e:b2:
                    20:c2:76:5f:10:7b:6d:16:71:02:23:b5:46:34:07:
                    c6:d3:58:44:96:0f:15:57:15:5b:f8:26:67:3d:0e:
                    8c:e6:0e:46:68:a8:be:cc:af:27:73:fb:30:c0:ab:
                    23:c9:fa:fe:99:87:78:d1:4c:e3:20:d6:cb:80:b1:
                    1e:1f:db:76:93:87:7c:85:a2:61:dd:63:d8:88:ac:
                    7b:56:54:46:10:a2:06:45:3c:62:49:f5:d8:d8:c1:
                    d8:87:3e:b2:09:c0:01:b6:05:56:7f:36:b8:5c:cc:
                    fd:c8:04:3d:91:41:37:c5:a3:04:9e:2c:59:a5:c8:
                    e2:b2:16:96:78:58:40:55:79:96:fd:f1:40:e9:62:
                    af:f4:bc:c6:e4:c6:b3:e6:27:ed:63:c0:fe:27:76:
                    a9:5b:64:53:ab:9d:d8:65:08:78:32:08:d3:24:7e:
                    53:ec:29:7a:30:42:cf:e1:c5:10:13:70:f8:91:4a:
                    c6:da:4f:26:e7:bf:0e:48:a4:13:43:2c:18:4a:0a:
                    e8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BF:0B:7D:75:7A:06:95:75:4E:58:1B:05:A6:10:56:19:CB:C5:C2
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:6c:4a:83:90:67:32:58:73:cd:db:17:70:14:87:45:20:ac:
         ae:fb:7b:d4:85:4b:5d:e5:53:a5:05:df:6e:ac:48:68:68:b0:
         83:e7:75:90:cf:11:fe:21:ce:cf:d3:67:69:f9:7f:da:b5:82:
         79:49:99:1b:b2:99:d0:93:cd:56:ee:c2:84:f0:b0:d6:c2:58:
         a9:02:c3:13:84:32:7e:71:8a:93:f8:35:23:fd:95:f8:45:34:
         38:7b:5b:3c:b7:b0:b1:2d:90:65:91:90:ad:7c:8e:c0:09:85:
         17:82:d5:bb:04:bf:f6:d0:f4:b4:e2:4d:39:06:48:c0:7e:41:
         36:01:95:a9:11:59:a6:01:b8:06:b1:22:43:53:f1:9c:ca:72:
         3e:e3:35:12:69:6e:52:21:ff:f2:96:17:56:71:41:90:fe:2b:
         3e:bc:8c:4e:c1:6a:ff:b1:b5:a0:cf:eb:00:6d:95:c3:9b:8c:
         89:35:d3:c8:61:9a:da:2a:c4:7b:eb:2f:1a:60:45:99:99:33:
         c4:af:d2:cc:8f:f4:28:93:79:94:db:19:4d:61:f1:a9:db:49:
         99:09:58:84:eb:ee:fe:4b:8c:b9:f7:a7:9f:6f:33:95:f0:f3:
         61:e3:c9:33:f6:08:7d:69:34:b1:6c:2f:4a:a4:45:ac:78:9d:
         9c:77:04:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUG3uQAll73b8iyQZwCjtgTN46LBowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA1MjYyMzU1MTdaFw0yNjA1MjYwMDAwMTdaMDMxMTAvBgNV
BAMTKEI1QkYwQjdENzU3QTA2OTU3NTRFNTgxQjA1QTYxMDU2MTlDQkM1QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUSH5fOEWi2xQjO4ktdbIHQNNc
uhIdZAD+s8nhys4JOuCuJips2xR9prWkbWypl3zcZx/oHFhMFcx+siDCdl8Qe20W
cQIjtUY0B8bTWESWDxVXFVv4Jmc9DozmDkZoqL7Mrydz+zDAqyPJ+v6Zh3jRTOMg
1suAsR4f23aTh3yFomHdY9iIrHtWVEYQogZFPGJJ9djYwdiHPrIJwAG2BVZ/Nrhc
zP3IBD2RQTfFowSeLFmlyOKyFpZ4WEBVeZb98UDpYq/0vMbkxrPmJ+1jwP4ndqlb
ZFOrndhlCHgyCNMkflPsKXowQs/hxRATcPiRSsbaTybnvw5IpBNDLBhKCug3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUtb8LfXV6BpV1TlgbBaYQVhnLxcIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtngow
DQYJKoZIhvcNAQELBQADggEBAJpsSoOQZzJYc83bF3AUh0UgrK77e9SFS13lU6UF
326sSGhosIPndZDPEf4hzs/TZ2n5f9q1gnlJmRuymdCTzVbuwoTwsNbCWKkCwxOE
Mn5xipP4NSP9lfhFNDh7Wzy3sLEtkGWRkK18jsAJhReC1bsEv/bQ9LTiTTkGSMB+
QTYBlakRWaYBuAaxIkNT8ZzKcj7jNRJpblIh//KWF1ZxQZD+Kz68jE7Bav+xtaDP
6wBtlcObjIk108hhmtoqxHvrLxpgRZmZM8Sv0syP9CiTeZTbGU1h8anbSZkJWITr
7v5LjLn3p59vM5Xw82HjyTP2CH1pNLFsL0qkRax4nZx3BOk=
-----END CERTIFICATE-----