Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
File:                     AS400040.roa (raw, json)
Hash identifier:          zMsWKNNGZMcj1WvyVnouKz+IRUcoeD8rQdDWu5YBMqY=
Subject key identifier:   B3:0A:EA:F1:0C:0F:2F:0A:CE:E5:72:4A:B0:F6:E7:67:51:EF:41:E7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       06101CE260FF1EA0038641AF3CE78E81423B282A
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
Signing time:             Tue 27 Dec 2022 14:44:42 +0000
ROA not before:           Tue 27 Dec 2022 14:39:42 +0000
ROA not after:            Tue 26 Dec 2023 14:44:42 +0000
asID:                     400040
IP address blocks:        141.11.6.0/24 maxlen: 24
                          141.11.44.0/24 maxlen: 24
                          141.11.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 03:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:10:1c:e2:60:ff:1e:a0:03:86:41:af:3c:e7:8e:81:42:3b:28:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec 27 14:39:42 2022 GMT
            Not After : Dec 26 14:44:42 2023 GMT
        Subject: CN=B30AEAF10C0F2F0ACEE5724AB0F6E76751EF41E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fe:56:21:83:8c:e4:30:e1:9a:29:5d:3b:01:
                    d4:bb:16:37:4d:5e:0e:6c:da:0a:26:13:49:58:de:
                    01:31:9b:60:ae:8e:ac:ef:03:1d:91:7d:fd:0a:ab:
                    93:56:d9:20:d0:43:3d:c0:41:4a:02:cd:fb:b3:49:
                    2a:c2:c6:96:69:a7:df:0f:de:41:df:8c:73:2a:31:
                    4a:34:45:5d:99:e0:bd:07:8a:59:95:0d:02:0c:67:
                    25:e9:64:d7:bf:b0:d2:c3:56:1a:bf:4b:56:33:eb:
                    30:3e:6b:97:ab:38:07:f5:85:9f:3d:8d:47:1b:c6:
                    cc:ba:6d:cb:fa:d0:32:f8:e4:1c:30:38:cc:c2:d6:
                    f8:39:5a:a4:b1:cf:46:31:64:26:9b:83:36:17:95:
                    69:dc:43:5f:d9:64:0c:8d:49:c0:d6:25:04:33:f3:
                    07:df:aa:74:20:f3:b0:2d:47:6d:ef:34:48:f3:49:
                    e2:ce:75:ad:39:53:f9:85:f8:9f:3b:81:ef:83:1c:
                    f4:b6:56:54:29:6a:4c:c3:d4:d4:b7:c2:3b:83:4a:
                    1d:35:b7:c4:25:92:0b:2c:e1:af:a7:5d:03:92:c0:
                    d0:c0:7f:52:f0:e8:2d:c0:bb:0c:18:ea:ae:1e:16:
                    87:e5:ee:98:30:35:d7:17:1e:6e:bb:71:2c:db:32:
                    ce:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                B3:0A:EA:F1:0C:0F:2F:0A:CE:E5:72:4A:B0:F6:E7:67:51:EF:41:E7
            X509v3 Authority Key Identifier: 
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.6.0/24
                  141.11.44.0/24
                  141.11.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:f8:d1:4c:13:08:5c:be:81:d2:6d:b2:82:ba:34:ac:ac:e8:
         d2:a4:be:66:ee:0d:41:32:e1:95:ea:23:df:28:07:ca:22:80:
         c4:fc:8b:44:a1:bb:67:04:fe:2c:e0:f9:b0:ca:35:fe:b7:3c:
         93:26:db:55:d1:7b:87:51:f2:3b:e5:4a:f1:d7:97:fb:8d:55:
         3f:cb:dd:ea:ac:63:62:7a:06:0d:85:eb:dc:b4:83:a0:ad:a9:
         73:fa:25:46:45:70:f0:c5:e9:a1:a5:3f:f6:25:ed:7a:fc:77:
         7f:d0:a8:29:b6:3f:d1:51:0a:da:fb:7e:af:de:05:cc:9d:0f:
         72:67:e3:05:f0:bd:c4:8f:b7:65:06:e0:03:b1:6f:72:46:86:
         14:3b:e2:43:62:be:93:80:56:a5:77:90:9b:a9:53:25:77:45:
         c1:f1:7d:50:28:e4:a4:3a:8a:16:58:0b:ab:fb:70:d6:bd:dd:
         5a:11:8c:ad:eb:a0:d8:5e:f0:2c:14:9d:07:fe:56:96:ea:39:
         64:58:ac:a8:1b:5a:cf:76:85:36:24:9a:90:0d:e5:9f:1e:ef:
         89:c7:46:54:82:f5:8c:21:63:ba:64:ce:75:73:68:8b:61:99:
         8d:95:a6:09:7b:5b:c3:4e:6e:18:34:85:50:4e:f6:1b:9e:86:
         c2:6f:9b:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUBhAc4mD/HqADhkGvPOeOgUI7KCowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMjEyMjcxNDM5NDJaFw0yMzEyMjYxNDQ0NDJaMDMxMTAvBgNV
BAMTKEIzMEFFQUYxMEMwRjJGMEFDRUU1NzI0QUIwRjZFNzY3NTFFRjQxRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm/lYhg4zkMOGaKV07AdS7FjdN
Xg5s2gomE0lY3gExm2CujqzvAx2Rff0Kq5NW2SDQQz3AQUoCzfuzSSrCxpZpp98P
3kHfjHMqMUo0RV2Z4L0HilmVDQIMZyXpZNe/sNLDVhq/S1Yz6zA+a5erOAf1hZ89
jUcbxsy6bcv60DL45BwwOMzC1vg5WqSxz0YxZCabgzYXlWncQ1/ZZAyNScDWJQQz
8wffqnQg87AtR23vNEjzSeLOda05U/mF+J87ge+DHPS2VlQpakzD1NS3wjuDSh01
t8Qlkgss4a+nXQOSwNDAf1Lw6C3AuwwY6q4eFofl7pgwNdcXHm67cSzbMs4tAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUswrq8QwPLwrO5XJKsPbnZ1HvQecwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwMDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQsG
AwQAjQssAwQAjQu/MA0GCSqGSIb3DQEBCwUAA4IBAQAU+NFMEwhcvoHSbbKCujSs
rOjSpL5m7g1BMuGV6iPfKAfKIoDE/ItEobtnBP4s4PmwyjX+tzyTJttV0XuHUfI7
5Urx15f7jVU/y93qrGNiegYNhevctIOgralz+iVGRXDwxemhpT/2Je16/Hd/0Kgp
tj/RUQra+36v3gXMnQ9yZ+MF8L3Ej7dlBuADsW9yRoYUO+JDYr6TgFald5CbqVMl
d0XB8X1QKOSkOooWWAur+3DWvd1aEYyt66DYXvAsFJ0H/laW6jlkWKyoG1rPdoU2
JJqQDeWfHu+Jx0ZUgvWMIWO6ZM51c2iLYZmNlaYJe1vDTm4YNIVQTvYbnobCb5vL
-----END CERTIFICATE-----