Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS40662.roa
File:                     AS40662.roa (raw, json)
Hash identifier:          /aOEC6i06q4Tr+J1Zye1jV1sXzwWATcxnjdb8MFpVEY=
Subject key identifier:   3F:06:9A:F8:CE:57:CE:83:74:31:F5:13:69:DC:2A:84:6B:9F:C1:F9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       47DA22B88CDAB1A52337D68AF5C0BCC79998A04F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS40662.roa
Signing time:             Fri 29 Aug 2025 02:03:03 +0000
ROA not before:           Fri 29 Aug 2025 01:58:03 +0000
ROA not after:            Fri 28 Aug 2026 02:03:03 +0000
asID:                     40662
IP address blocks:        2a0f:85c1:89d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:da:22:b8:8c:da:b1:a5:23:37:d6:8a:f5:c0:bc:c7:99:98:a0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 29 01:58:03 2025 GMT
            Not After : Aug 28 02:03:03 2026 GMT
        Subject: CN=3F069AF8CE57CE837431F51369DC2A846B9FC1F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:13:6c:66:35:5b:6f:71:aa:5a:83:43:fc:4c:
                    77:81:ec:7e:2d:2f:d0:71:47:8e:24:1c:80:c2:5c:
                    05:88:67:a9:35:1d:f0:ad:54:3e:f4:0a:03:a0:d4:
                    87:ea:29:5c:df:47:f0:06:03:bf:fb:af:12:8c:7d:
                    34:42:e3:69:99:70:65:79:97:a1:83:89:d2:33:d4:
                    15:0c:2c:5b:ed:df:d8:06:0e:76:dd:56:50:c9:aa:
                    08:68:86:97:3a:1a:c8:71:97:d0:df:48:0b:e9:37:
                    7f:97:1b:70:4d:49:5d:03:a4:4b:3d:c0:08:7b:f8:
                    1e:3f:07:52:1d:82:56:b9:79:0e:59:35:f6:af:84:
                    1d:82:8b:85:2c:a1:32:7b:dc:17:af:09:2a:84:de:
                    e4:5c:11:df:e6:b0:74:08:10:71:87:c1:17:41:89:
                    dc:ce:8a:2d:83:ea:9d:08:4b:8d:f9:81:88:be:5e:
                    77:f2:00:e9:0d:ec:3a:f3:fd:13:54:91:8f:ed:37:
                    d4:87:fa:8c:bb:b3:18:09:c8:03:8c:db:c1:84:49:
                    03:94:e3:06:91:80:89:43:52:63:2d:27:0e:91:60:
                    c6:12:c5:d1:09:b9:f7:cd:85:69:21:2d:aa:da:6e:
                    36:33:0b:61:03:e0:7d:7e:24:60:64:92:9f:85:0b:
                    93:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:06:9A:F8:CE:57:CE:83:74:31:F5:13:69:DC:2A:84:6B:9F:C1:F9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS40662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:89d::/48

    Signature Algorithm: sha256WithRSAEncryption
         ea:59:58:61:8e:62:bd:4c:0b:f7:9d:aa:04:d3:d7:e1:db:3d:
         ae:2f:bd:f9:c5:50:59:59:9c:64:5a:1e:9c:88:93:eb:cc:69:
         69:80:a0:9a:a3:e2:46:d5:43:0b:48:7b:7e:6c:26:dd:f2:28:
         36:75:bb:64:bb:b6:45:55:1b:aa:07:e9:8f:fa:0c:4c:40:a9:
         31:6d:49:66:01:27:5c:c7:ad:cb:b5:85:08:89:2e:82:56:30:
         fa:3b:1d:ac:7b:5b:93:c3:a5:14:c7:4e:2d:0d:eb:83:84:85:
         bb:1b:0a:34:7a:bc:11:7c:31:df:b9:00:17:84:44:eb:35:2f:
         c9:28:1d:10:7b:81:b3:be:9b:7c:66:4b:b2:f7:04:f7:a4:e4:
         1e:9f:da:1b:de:15:3a:b6:b8:17:40:18:6b:76:5b:ca:59:52:
         2c:f1:1d:c7:d5:c4:86:46:3b:71:6a:86:f3:d2:90:2c:b5:f7:
         aa:79:06:6f:10:54:cc:b8:dc:a6:da:5d:12:d2:36:60:60:87:
         c4:e6:40:18:b8:de:fe:68:01:21:91:1a:9f:3b:2a:b0:c5:b2:
         7f:4a:49:ba:c5:b1:c2:c0:bf:01:11:4f:0e:5e:61:0e:f5:9e:
         b0:61:f4:8b:65:99:a6:89:75:50:f9:6c:cc:5b:d1:71:97:07:
         52:1b:9e:43
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUR9oiuIzasaUjN9aK9cC8x5mYoE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MjkwMTU4MDNaFw0yNjA4MjgwMjAzMDNaMDMxMTAvBgNV
BAMTKDNGMDY5QUY4Q0U1N0NFODM3NDMxRjUxMzY5REMyQTg0NkI5RkMxRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGE2xmNVtvcapag0P8THeB7H4t
L9BxR44kHIDCXAWIZ6k1HfCtVD70CgOg1IfqKVzfR/AGA7/7rxKMfTRC42mZcGV5
l6GDidIz1BUMLFvt39gGDnbdVlDJqghohpc6Gshxl9DfSAvpN3+XG3BNSV0DpEs9
wAh7+B4/B1Idgla5eQ5ZNfavhB2Ci4UsoTJ73BevCSqE3uRcEd/msHQIEHGHwRdB
idzOii2D6p0IS435gYi+XnfyAOkN7Drz/RNUkY/tN9SH+oy7sxgJyAOM28GESQOU
4waRgIlDUmMtJw6RYMYSxdEJuffNhWkhLarabjYzC2ED4H1+JGBkkp+FC5NzAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUPwaa+M5XzoN0MfUTadwqhGufwfkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNDA2NjIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
CJ0wDQYJKoZIhvcNAQELBQADggEBAOpZWGGOYr1MC/edqgTT1+HbPa4vvfnFUFlZ
nGRaHpyIk+vMaWmAoJqj4kbVQwtIe35sJt3yKDZ1u2S7tkVVG6oH6Y/6DExAqTFt
SWYBJ1zHrcu1hQiJLoJWMPo7Hax7W5PDpRTHTi0N64OEhbsbCjR6vBF8Md+5ABeE
ROs1L8koHRB7gbO+m3xmS7L3BPek5B6f2hveFTq2uBdAGGt2W8pZUizxHcfVxIZG
O3FqhvPSkCy196p5Bm8QVMy43KbaXRLSNmBgh8TmQBi43v5oASGRGp87KrDFsn9K
SbrFscLAvwERTw5eYQ71nrBh9ItlmaaJdVD5bMxb0XGXB1IbnkM=
-----END CERTIFICATE-----