Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          hYwwgk432ZYxjFUESroAeosWWzUze6d5b0+TWFLfdVE=
Subject key identifier:   E5:35:4B:AA:29:D1:77:13:2D:AD:25:45:FF:02:DD:49:F0:61:84:D3
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       31496DAD0412623F1102B83201E9F7BB6BEB1B96
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa
Signing time:             Thu 27 Mar 2025 02:21:48 +0000
ROA not before:           Thu 27 Mar 2025 02:16:48 +0000
ROA not after:            Thu 26 Mar 2026 02:21:48 +0000
asID:                     62240
IP address blocks:        45.158.10.0/24 maxlen: 24
                          194.147.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:49:6d:ad:04:12:62:3f:11:02:b8:32:01:e9:f7:bb:6b:eb:1b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 27 02:16:48 2025 GMT
            Not After : Mar 26 02:21:48 2026 GMT
        Subject: CN=E5354BAA29D177132DAD2545FF02DD49F06184D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4e:c3:8f:7f:9a:4a:1e:fb:c0:d6:16:c7:5a:
                    a4:d5:a1:09:06:3d:0d:1f:73:85:f5:72:f7:b4:ca:
                    7f:0c:7e:57:47:19:36:d4:f9:6d:d5:e0:35:e3:e7:
                    0b:74:e4:86:a5:c7:b7:95:c2:96:31:01:ad:7c:02:
                    2a:95:85:ba:9b:3b:7d:6e:8d:15:a0:c2:52:5a:10:
                    11:3b:80:b7:02:30:17:45:ae:e8:0e:e9:bb:4a:14:
                    79:a7:81:db:c5:f7:38:78:88:1a:58:36:20:45:3b:
                    19:7f:fe:b1:0a:b2:5e:cd:6d:27:b1:54:a2:68:d5:
                    c5:8e:39:5c:cc:8e:5d:d1:9f:3c:03:f7:8d:03:80:
                    b0:4f:dc:03:ba:15:82:ed:80:1f:e5:aa:23:6f:a0:
                    32:61:bb:2b:9c:d4:01:bb:44:d1:7c:b5:ec:8c:fb:
                    76:ec:a4:70:39:da:31:02:66:ba:16:30:7a:27:f0:
                    e0:4b:91:6f:75:c6:92:d5:2c:74:54:ec:22:3c:3a:
                    f1:86:1f:dd:fa:d2:74:85:ae:03:55:73:80:78:ed:
                    41:21:92:e5:72:39:16:50:b7:0e:94:a1:c2:ac:20:
                    30:5f:8b:0d:0a:6f:04:fe:ef:c2:0e:05:74:3e:4f:
                    31:81:d2:f2:51:23:a8:fd:8a:92:f6:f5:67:ba:4a:
                    64:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:35:4B:AA:29:D1:77:13:2D:AD:25:45:FF:02:DD:49:F0:61:84:D3
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.10.0/24
                  194.147.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:ed:5b:f7:7e:06:e6:19:3b:f8:95:fa:ce:96:e3:62:24:26:
         5e:62:d8:cf:80:8f:ca:7d:07:6d:b2:f8:42:a4:7c:84:db:13:
         a1:6c:5a:c0:3f:f5:8c:47:1a:20:c6:66:22:9b:10:ef:da:ef:
         7e:11:b1:fa:46:6c:ce:6d:e8:d9:bc:02:19:71:de:29:81:19:
         34:fa:fb:71:5a:6b:3b:fb:4e:ef:5a:64:c1:0a:b5:8e:52:76:
         bc:d1:ec:87:43:7d:b5:9b:82:bd:6f:04:b2:13:5b:d9:5e:1b:
         e6:6e:08:2b:43:41:18:1d:74:65:0c:52:de:2a:e8:bd:63:09:
         54:1f:87:21:36:e0:d5:c9:91:fd:8b:80:e2:cd:45:65:61:ba:
         62:8c:4a:9a:4c:fe:db:7c:72:db:4f:b8:ab:ae:b3:bc:b6:44:
         ec:ad:a8:c6:ae:60:f6:fd:4a:2d:92:69:12:7e:7c:c1:96:d4:
         47:99:00:1b:cb:d2:64:76:50:35:2e:b3:5e:b3:3d:d4:08:91:
         8a:a3:2e:69:aa:99:47:8a:1f:ee:ec:39:ed:fd:50:28:27:74:
         b9:70:5d:2d:c8:76:17:43:5c:6a:e3:79:d5:d6:2b:45:5c:bb:
         d3:ff:a4:9b:a4:9f:20:1b:a2:87:a8:a1:07:7c:03:d2:62:fa:
         e5:1b:be:22
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUMUltrQQSYj8RArgyAen3u2vrG5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMjcwMjE2NDhaFw0yNjAzMjYwMjIxNDhaMDMxMTAvBgNV
BAMTKEU1MzU0QkFBMjlEMTc3MTMyREFEMjU0NUZGMDJERDQ5RjA2MTg0RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1TsOPf5pKHvvA1hbHWqTVoQkG
PQ0fc4X1cve0yn8MfldHGTbU+W3V4DXj5wt05Ialx7eVwpYxAa18AiqVhbqbO31u
jRWgwlJaEBE7gLcCMBdFrugO6btKFHmngdvF9zh4iBpYNiBFOxl//rEKsl7NbSex
VKJo1cWOOVzMjl3RnzwD940DgLBP3AO6FYLtgB/lqiNvoDJhuyuc1AG7RNF8teyM
+3bspHA52jECZroWMHon8OBLkW91xpLVLHRU7CI8OvGGH9360nSFrgNVc4B47UEh
kuVyORZQtw6UocKsIDBfiw0KbwT+78IOBXQ+TzGB0vJRI6j9ipL29We6SmTfAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU5TVLqinRdxMtrSVF/wLdSfBhhNMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtngoD
BADCkwQwDQYJKoZIhvcNAQELBQADggEBAIftW/d+BuYZO/iV+s6W42IkJl5i2M+A
j8p9B22y+EKkfITbE6FsWsA/9YxHGiDGZiKbEO/a734RsfpGbM5t6Nm8Ahlx3imB
GTT6+3Faazv7Tu9aZMEKtY5SdrzR7IdDfbWbgr1vBLITW9leG+ZuCCtDQRgddGUM
Ut4q6L1jCVQfhyE24NXJkf2LgOLNRWVhumKMSppM/tt8cttPuKuus7y2ROytqMau
YPb9Si2SaRJ+fMGW1EeZABvL0mR2UDUus16zPdQIkYqjLmmqmUeKH+7sOe39UCgn
dLlwXS3IdhdDXGrjedXWK0Vcu9P/pJuknyAbooeooQd8A9Ji+uUbviI=
-----END CERTIFICATE-----