Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS24940.roa
File:                     AS24940.roa (raw, json)
Hash identifier:          7ndOfm4mllNOzsJ7zyFyorvw4wKXu3yOQsEyvruD26U=
Subject key identifier:   6B:D0:28:AC:14:51:3C:D7:D8:BF:6A:15:52:D7:EF:3C:FB:50:31:B8
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       68644D7FEECD04EE38A3B535986A534254CC5C07
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS24940.roa
Signing time:             Thu 30 Jan 2025 12:34:20 +0000
ROA not before:           Thu 30 Jan 2025 12:29:20 +0000
ROA not after:            Thu 29 Jan 2026 12:34:20 +0000
asID:                     24940
IP address blocks:        139.28.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:64:4d:7f:ee:cd:04:ee:38:a3:b5:35:98:6a:53:42:54:cc:5c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 30 12:29:20 2025 GMT
            Not After : Jan 29 12:34:20 2026 GMT
        Subject: CN=6BD028AC14513CD7D8BF6A1552D7EF3CFB5031B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:47:4a:fa:66:58:2c:b3:d9:03:ef:16:77:70:
                    bc:13:03:bf:24:8c:f5:59:c9:ff:82:47:b1:67:95:
                    06:0a:70:91:8c:4d:f9:f1:5b:a3:d9:1a:8e:da:f1:
                    a3:00:22:b4:1a:da:7f:73:f7:56:69:1c:fa:cf:f6:
                    66:92:2a:12:98:27:62:51:f2:d8:fa:66:7a:25:88:
                    62:9f:a6:dc:bb:05:5c:f4:d1:95:31:62:13:66:6f:
                    a9:8d:0a:79:b1:6a:b0:fd:af:ca:3e:21:18:46:6d:
                    db:32:69:d8:0f:ee:1b:6e:da:26:8a:01:20:e3:0e:
                    49:32:4e:40:34:97:b2:d6:03:e5:4f:78:5b:0f:14:
                    14:cc:a3:48:19:6e:f9:68:d0:52:1b:65:ce:bd:c8:
                    9e:f2:2e:92:19:f6:4c:95:4e:09:3a:7b:08:dc:49:
                    84:ef:5f:46:57:c8:08:ad:d0:8a:09:e5:13:b0:71:
                    e4:3b:84:65:96:88:40:74:f2:66:7f:96:5d:93:71:
                    02:00:9b:e9:4a:73:7d:c7:76:11:f8:cc:e1:a8:08:
                    4e:17:aa:79:3c:94:47:59:3a:8f:a2:62:4c:e0:40:
                    50:2f:7c:c8:bb:77:21:7a:5f:ee:f3:d0:cf:ae:bc:
                    ba:31:4d:09:0a:ca:bf:22:db:6f:c0:60:95:9a:61:
                    fb:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D0:28:AC:14:51:3C:D7:D8:BF:6A:15:52:D7:EF:3C:FB:50:31:B8
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS24940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:74:96:64:c6:0f:e4:51:fc:04:75:a0:6f:76:46:25:20:74:
         b7:1e:a2:0f:ee:ee:34:3c:1d:25:b3:5e:e1:a6:16:c6:a1:58:
         e9:1d:5f:cc:5f:47:f1:0b:d1:24:89:7f:63:ec:f0:2c:be:08:
         bf:80:91:cf:0a:a8:ca:d1:0f:58:f9:bb:4d:1b:8b:58:c7:cb:
         40:19:a5:cb:4f:a1:06:e3:d3:05:4f:cd:ea:4a:4a:13:6c:fe:
         55:e1:0d:e1:a9:06:f1:69:1f:da:21:3b:5d:b5:a2:28:e5:63:
         ad:71:64:d1:74:24:2d:de:1a:9e:4d:b6:cf:1f:0e:ab:f3:16:
         83:98:11:0a:86:64:99:9f:cf:4b:14:14:ed:6b:21:ca:19:df:
         a3:f0:d8:4c:02:ba:4e:c2:6d:2e:6b:18:1a:e6:bf:6f:92:ed:
         96:e0:02:60:ef:8b:6f:50:b6:63:1f:80:6a:21:b7:2f:53:ab:
         49:8a:7a:7c:48:f3:2e:18:90:06:75:86:d6:e6:9c:58:d3:f3:
         88:40:2a:5e:19:ed:8d:44:f9:5a:f6:c4:8f:21:6e:ad:48:a5:
         d4:c5:1e:ad:e9:bc:5e:b6:ba:5e:18:f8:87:24:58:34:39:a0:
         11:1b:56:fb:53:39:16:d1:50:e1:d1:be:45:47:df:0f:7e:18:
         3e:ff:27:ac
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaGRNf+7NBO44o7U1mGpTQlTMXAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMzAxMjI5MjBaFw0yNjAxMjkxMjM0MjBaMDMxMTAvBgNV
BAMTKDZCRDAyOEFDMTQ1MTNDRDdEOEJGNkExNTUyRDdFRjNDRkI1MDMxQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaR0r6Zlgss9kD7xZ3cLwTA78k
jPVZyf+CR7FnlQYKcJGMTfnxW6PZGo7a8aMAIrQa2n9z91ZpHPrP9maSKhKYJ2JR
8tj6ZnoliGKfpty7BVz00ZUxYhNmb6mNCnmxarD9r8o+IRhGbdsyadgP7htu2iaK
ASDjDkkyTkA0l7LWA+VPeFsPFBTMo0gZbvlo0FIbZc69yJ7yLpIZ9kyVTgk6ewjc
SYTvX0ZXyAit0IoJ5ROwceQ7hGWWiEB08mZ/ll2TcQIAm+lKc33HdhH4zOGoCE4X
qnk8lEdZOo+iYkzgQFAvfMi7dyF6X+7z0M+uvLoxTQkKyr8i22/AYJWaYfs7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUa9AorBRRPNfYv2oVUtfvPPtQMbgwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjQ5NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGLHPIw
DQYJKoZIhvcNAQELBQADggEBAEJ0lmTGD+RR/AR1oG92RiUgdLceog/u7jQ8HSWz
XuGmFsahWOkdX8xfR/EL0SSJf2Ps8Cy+CL+Akc8KqMrRD1j5u00bi1jHy0AZpctP
oQbj0wVPzepKShNs/lXhDeGpBvFpH9ohO121oijlY61xZNF0JC3eGp5Nts8fDqvz
FoOYEQqGZJmfz0sUFO1rIcoZ36Pw2EwCuk7CbS5rGBrmv2+S7ZbgAmDvi29QtmMf
gGohty9Tq0mKenxI8y4YkAZ1htbmnFjT84hAKl4Z7Y1E+Vr2xI8hbq1IpdTFHq3p
vF62ul4Y+IckWDQ5oBEbVvtTORbRUOHRvkVH3w9+GD7/J6w=
-----END CERTIFICATE-----