Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
File:                     AS400040.roa (raw, json)
Hash identifier:          xeueasil5wkghM4nAQdHO9JI/VXKPob8usstsEH1VFU=
Subject key identifier:   B2:68:86:BF:28:4F:DF:5B:18:AF:3D:D2:3B:D4:41:A6:5D:D0:AE:CC
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2CFDFE57817D559B3497A4948308521F09818494
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
Signing time:             Tue 28 Nov 2023 15:05:06 +0000
ROA not before:           Tue 28 Nov 2023 15:00:06 +0000
ROA not after:            Tue 26 Nov 2024 15:05:06 +0000
asID:                     400040
IP address blocks:        141.11.6.0/24 maxlen: 24
                          141.11.44.0/24 maxlen: 24
                          141.11.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 21:23:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:fd:fe:57:81:7d:55:9b:34:97:a4:94:83:08:52:1f:09:81:84:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:06 2023 GMT
            Not After : Nov 26 15:05:06 2024 GMT
        Subject: CN=B26886BF284FDF5B18AF3DD23BD441A65DD0AECC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:57:27:74:20:99:3e:70:8a:62:72:36:0d:db:
                    da:c2:d1:4e:0b:66:4e:ea:0e:aa:73:3e:90:1a:26:
                    ef:6d:a2:02:3b:1c:7c:90:8b:ae:5d:d9:c6:56:cf:
                    1c:6a:d1:c8:ee:48:bd:33:c7:a3:f3:f5:e6:c7:6f:
                    93:91:51:96:40:d1:a1:0f:6c:73:59:7f:33:a5:a6:
                    bf:df:21:7d:eb:17:79:7e:5e:db:9d:c0:04:f7:44:
                    84:1d:20:cb:79:0e:13:9d:f3:aa:eb:2a:c6:11:66:
                    c7:f2:84:06:81:77:71:5f:62:4c:0d:6f:44:89:dc:
                    09:74:9a:25:d5:b4:54:cc:bc:3a:8f:50:53:63:08:
                    7a:b7:fd:9f:a4:d0:d0:75:d8:19:61:b6:bc:fb:fa:
                    bd:24:8a:29:63:e4:fa:ef:b8:41:ab:4c:b3:e5:68:
                    e8:c1:a0:88:04:c6:04:4c:4f:0e:d0:a0:cb:d8:da:
                    a0:13:da:f0:54:14:c0:bc:f9:3e:60:89:c3:92:66:
                    f0:2b:4c:1a:c2:44:7b:17:09:f7:c5:07:f8:8e:e6:
                    1a:a9:81:c7:a1:6e:81:1d:1b:98:48:77:21:bf:46:
                    30:0f:48:c0:fa:d7:7f:cf:fe:55:7d:82:01:24:25:
                    d8:d7:1c:ac:c7:20:b7:6e:c1:c7:ba:18:43:64:53:
                    63:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:68:86:BF:28:4F:DF:5B:18:AF:3D:D2:3B:D4:41:A6:5D:D0:AE:CC
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.6.0/24
                  141.11.44.0/24
                  141.11.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:92:57:2c:6d:c8:a5:a3:b9:6c:97:99:2b:10:89:34:68:f0:
         69:b8:6e:4b:4d:8d:ce:7b:43:54:bf:02:ad:f2:21:bb:78:ef:
         1f:52:96:90:45:43:0a:4f:2a:48:ba:6a:34:4c:43:f0:8c:6a:
         94:ef:54:d7:ef:39:c7:13:b7:3b:e1:b7:87:b2:08:a2:7e:6c:
         f3:7d:a1:58:75:35:50:85:9b:d2:d3:79:20:8c:b9:44:08:15:
         a6:7e:87:f5:0e:cb:8d:0e:0c:e8:af:6e:97:9a:44:bf:d6:81:
         fb:5e:6f:18:08:f1:d7:f7:47:92:e6:51:85:fc:ed:86:9f:3a:
         69:69:a3:f9:25:86:0d:b2:8b:a3:73:4e:56:6a:fa:78:f8:b1:
         d3:ea:cc:c5:7c:f5:34:8a:6e:52:61:1a:6c:3f:f5:d8:8c:d6:
         40:2c:29:fe:64:65:de:a2:03:f6:44:c8:9f:a0:48:ea:07:75:
         31:fd:0a:07:92:fe:7f:de:7b:0b:00:c0:6f:38:99:a7:34:f8:
         db:23:17:66:80:59:63:4e:a7:6c:82:f8:a9:50:1e:92:86:a9:
         be:3b:61:7f:90:41:82:29:d0:06:0f:f0:70:1d:03:68:b7:a0:
         16:2f:9b:28:6c:37:19:e7:d7:ac:41:77:de:28:a8:1f:7c:c7:
         5a:99:4e:63
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIULP3+V4F9VZs0l6SUgwhSHwmBhJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDZaFw0yNDExMjYxNTA1MDZaMDMxMTAvBgNV
BAMTKEIyNjg4NkJGMjg0RkRGNUIxOEFGM0REMjNCRDQ0MUE2NUREMEFFQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClVyd0IJk+cIpicjYN29rC0U4L
Zk7qDqpzPpAaJu9togI7HHyQi65d2cZWzxxq0cjuSL0zx6Pz9ebHb5ORUZZA0aEP
bHNZfzOlpr/fIX3rF3l+XtudwAT3RIQdIMt5DhOd86rrKsYRZsfyhAaBd3FfYkwN
b0SJ3Al0miXVtFTMvDqPUFNjCHq3/Z+k0NB12Blhtrz7+r0kiilj5PrvuEGrTLPl
aOjBoIgExgRMTw7QoMvY2qAT2vBUFMC8+T5gicOSZvArTBrCRHsXCffFB/iO5hqp
gcehboEdG5hIdyG/RjAPSMD613/P/lV9ggEkJdjXHKzHILduwce6GENkU2PhAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUsmiGvyhP31sYrz3SO9RBpl3QrswwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwMDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQsG
AwQAjQssAwQAjQu/MA0GCSqGSIb3DQEBCwUAA4IBAQA8klcsbcilo7lsl5krEIk0
aPBpuG5LTY3Oe0NUvwKt8iG7eO8fUpaQRUMKTypIumo0TEPwjGqU71TX7znHE7c7
4beHsgiifmzzfaFYdTVQhZvS03kgjLlECBWmfof1DsuNDgzor26XmkS/1oH7Xm8Y
CPHX90eS5lGF/O2GnzppaaP5JYYNsoujc05Wavp4+LHT6szFfPU0im5SYRpsP/XY
jNZALCn+ZGXeogP2RMifoEjqB3Ux/QoHkv5/3nsLAMBvOJmnNPjbIxdmgFljTqds
gvipUB6Shqm+O2F/kEGCKdAGD/BwHQNot6AWL5sobDcZ59esQXfeKKgffMdamU5j
-----END CERTIFICATE-----