Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
File:                     AS400040.roa (raw, json)
Hash identifier:          7A6RFzBFRznmtkpFndFjUKV+jJGwHufroI01vF/Hzuw=
Subject key identifier:   B3:07:C8:F7:76:4B:D3:EC:A8:4E:F6:79:26:8C:01:64:23:1A:96:A5
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3F4F5ADE470AE96FCB3F4B9A03414EBC03EA3964
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
Signing time:             Tue 29 Oct 2024 15:43:26 +0000
ROA not before:           Tue 29 Oct 2024 15:38:26 +0000
ROA not after:            Tue 28 Oct 2025 15:43:26 +0000
asID:                     400040
IP address blocks:        141.11.6.0/24 maxlen: 24
                          141.11.44.0/24 maxlen: 24
                          141.11.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:4f:5a:de:47:0a:e9:6f:cb:3f:4b:9a:03:41:4e:bc:03:ea:39:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:26 2024 GMT
            Not After : Oct 28 15:43:26 2025 GMT
        Subject: CN=B307C8F7764BD3ECA84EF679268C0164231A96A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:db:22:27:70:32:84:61:76:98:44:af:20:25:
                    32:f2:d6:64:7c:b8:da:ae:17:4d:4d:96:66:56:de:
                    39:19:d7:40:b8:0a:93:79:45:ef:30:06:e3:a2:53:
                    cf:7f:43:44:b6:02:dc:59:d5:67:36:80:2c:3e:a0:
                    e1:d5:96:a7:a4:ee:b1:5c:24:c7:ff:dd:cb:06:75:
                    33:3f:f2:d1:46:8c:87:39:65:3d:ed:eb:7b:c9:de:
                    9d:ea:84:19:22:8b:79:86:26:fa:5d:e4:1a:c2:ba:
                    6c:c8:f3:78:d8:06:19:9e:53:09:89:d6:da:ab:9d:
                    cd:9f:bf:f1:18:88:fc:04:6b:82:ae:d8:5b:bf:55:
                    d9:70:36:1c:a2:e3:2e:47:e1:d9:7d:7e:cc:77:1f:
                    8b:c5:85:7c:1f:72:2f:2a:22:a8:4e:9c:c6:3b:c5:
                    4e:8c:1a:28:06:ed:cb:fd:e6:48:a0:71:0e:b7:4d:
                    af:24:f2:e3:35:9c:21:9a:dc:36:09:b6:11:0f:ea:
                    0b:3a:1d:3d:55:3f:cf:ef:48:c9:d1:80:27:66:db:
                    ce:9e:66:4e:bc:38:8b:47:30:f2:ac:34:3c:0e:7f:
                    2b:bb:dd:2c:51:59:98:14:4a:dd:51:50:04:23:6f:
                    51:6b:af:47:d0:8c:77:32:ab:0b:2b:15:a5:3f:3f:
                    22:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:07:C8:F7:76:4B:D3:EC:A8:4E:F6:79:26:8C:01:64:23:1A:96:A5
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.6.0/24
                  141.11.44.0/24
                  141.11.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:09:b2:bc:77:84:10:ab:af:04:7b:d1:fc:19:58:4d:ce:bc:
         8e:fb:5b:a8:0e:9f:d9:49:8f:19:fc:ae:35:3e:f1:7e:94:14:
         14:b9:8b:b1:20:f6:80:c7:5b:c7:74:d9:40:17:65:5d:33:c1:
         3e:89:41:a5:72:f9:29:fd:4d:dc:db:41:8e:0b:c8:83:ad:9e:
         57:75:50:32:70:c5:9b:a6:f0:8a:3d:8f:df:19:9f:fa:81:6a:
         f3:fe:aa:32:45:9e:c0:8d:1e:e7:a3:03:24:be:bc:61:e2:d7:
         69:c5:83:8e:ba:4e:ce:a8:e2:dc:d4:35:33:40:c7:c5:75:f5:
         79:b3:2a:6b:3e:e3:5d:fb:d0:05:89:f4:dc:b1:43:5a:2d:a3:
         86:e9:e6:6b:74:fa:4f:17:5b:ef:ce:24:e5:35:25:64:f4:85:
         1e:2e:fc:3c:df:8c:fd:73:f3:9f:88:7c:7f:5d:8e:c3:95:3c:
         5b:19:54:36:4f:81:7d:11:c2:c9:ab:72:2c:56:a4:46:b6:f9:
         f1:c5:99:a4:c8:2c:e6:22:49:ad:51:bb:17:39:d6:b6:17:86:
         db:e3:18:73:cd:2b:c5:91:f9:29:0f:13:80:5d:1b:70:c3:cc:
         b1:05:80:25:eb:49:b7:d8:e8:c7:38:ee:f7:e0:74:59:7c:50:
         7c:ad:4b:13
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUP09a3kcK6W/LP0uaA0FOvAPqOWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjZaFw0yNTEwMjgxNTQzMjZaMDMxMTAvBgNV
BAMTKEIzMDdDOEY3NzY0QkQzRUNBODRFRjY3OTI2OEMwMTY0MjMxQTk2QTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP2yIncDKEYXaYRK8gJTLy1mR8
uNquF01NlmZW3jkZ10C4CpN5Re8wBuOiU89/Q0S2AtxZ1Wc2gCw+oOHVlqek7rFc
JMf/3csGdTM/8tFGjIc5ZT3t63vJ3p3qhBkii3mGJvpd5BrCumzI83jYBhmeUwmJ
1tqrnc2fv/EYiPwEa4Ku2Fu/VdlwNhyi4y5H4dl9fsx3H4vFhXwfci8qIqhOnMY7
xU6MGigG7cv95kigcQ63Ta8k8uM1nCGa3DYJthEP6gs6HT1VP8/vSMnRgCdm286e
Zk68OItHMPKsNDwOfyu73SxRWZgUSt1RUAQjb1Frr0fQjHcyqwsrFaU/PyJpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUswfI93ZL0+yoTvZ5JowBZCMalqUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwMDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQsG
AwQAjQssAwQAjQu/MA0GCSqGSIb3DQEBCwUAA4IBAQC+CbK8d4QQq68Ee9H8GVhN
zryO+1uoDp/ZSY8Z/K41PvF+lBQUuYuxIPaAx1vHdNlAF2VdM8E+iUGlcvkp/U3c
20GOC8iDrZ5XdVAycMWbpvCKPY/fGZ/6gWrz/qoyRZ7AjR7nowMkvrxh4tdpxYOO
uk7OqOLc1DUzQMfFdfV5syprPuNd+9AFifTcsUNaLaOG6eZrdPpPF1vvziTlNSVk
9IUeLvw834z9c/OfiHx/XY7DlTxbGVQ2T4F9EcLJq3IsVqRGtvnxxZmkyCzmIkmt
UbsXOda2F4bb4xhzzSvFkfkpDxOAXRtww8yxBYAl60m32OjHOO734HRZfFB8rUsT
-----END CERTIFICATE-----