Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          CB7W5+VWtstpjbRpfwR6gCJrdZc2aTSpfXwRuOoAsHs=
Subject key identifier:   BC:2D:A0:D4:83:79:78:04:1B:32:27:61:D8:67:C4:8A:D0:2F:2C:46
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7002069A7E2B2EB7545D0073EA266CD4A56CCD08
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40676.roa
Signing time:             Sun 04 May 2025 00:00:05 +0000
ROA not before:           Sat 03 May 2025 23:55:05 +0000
ROA not after:            Sun 03 May 2026 00:00:05 +0000
asID:                     40676
IP address blocks:        141.11.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:02:06:9a:7e:2b:2e:b7:54:5d:00:73:ea:26:6c:d4:a5:6c:cd:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  3 23:55:05 2025 GMT
            Not After : May  3 00:00:05 2026 GMT
        Subject: CN=BC2DA0D4837978041B322761D867C48AD02F2C46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:76:55:4f:8a:a0:ad:1c:f5:c2:b5:0b:cf:56:
                    96:d4:d3:15:bb:86:e4:26:f6:98:e4:a0:a0:cd:cd:
                    59:01:b2:91:20:86:de:7e:f2:69:04:02:ad:77:55:
                    db:ee:a1:cf:53:e4:f1:15:66:ef:9e:ba:d9:e0:1d:
                    0c:15:a4:3f:60:fa:73:7d:a4:32:ac:91:dc:31:88:
                    7c:2e:da:25:8a:75:fa:a0:cd:e3:e6:47:ca:80:b8:
                    d5:6f:73:f7:84:81:72:93:4e:72:29:66:7e:61:1f:
                    cb:ec:c3:8f:63:12:c2:fb:6f:3e:c4:ea:e1:37:03:
                    3b:7b:1e:7c:03:4a:44:03:6f:e2:07:86:64:3c:b9:
                    1e:4e:2a:1d:d7:29:87:a4:af:c6:3b:f0:31:c0:26:
                    e2:3a:4f:0b:18:1b:7f:13:02:e2:ad:9c:55:4c:bf:
                    5e:8a:03:9b:1d:87:35:3a:41:72:db:47:25:e9:69:
                    bf:11:2f:b8:75:be:7d:21:5a:0f:75:3e:d8:71:80:
                    f3:29:70:83:fd:54:a6:1d:e4:08:4d:89:b2:f1:5b:
                    79:4e:1a:9f:d1:de:49:a2:1d:56:bc:43:f5:26:d3:
                    35:18:7a:bc:4a:40:26:4b:81:b4:78:e5:05:33:d8:
                    f1:32:8a:1e:9c:29:24:f9:d6:49:9d:07:48:2f:a4:
                    ae:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:2D:A0:D4:83:79:78:04:1B:32:27:61:D8:67:C4:8A:D0:2F:2C:46
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:71:5e:d0:f6:4b:6f:01:53:f5:66:29:ec:60:43:e2:a5:84:
         5a:b7:0b:75:25:5e:33:d2:e9:15:cd:fd:a1:1a:ff:33:48:6d:
         6b:e3:10:81:64:8a:a3:05:be:07:e6:17:80:b2:76:fd:a2:89:
         b4:0e:d6:5c:b4:62:5c:3b:13:03:a7:de:5a:49:ac:2d:9d:c2:
         8c:a3:e5:c9:8b:e8:a2:58:13:29:c9:e9:c9:12:fd:38:b2:d9:
         76:29:a3:a0:c5:70:b8:f7:10:b0:19:7e:36:fd:20:bc:e9:e3:
         2f:a3:07:f8:33:5f:9a:d3:22:6f:c8:b5:48:e6:e2:f0:f0:78:
         31:48:86:c1:13:df:71:44:05:7c:be:e7:19:8a:78:56:7d:f1:
         2c:c6:ff:69:78:dc:54:44:9a:c6:fb:00:cf:54:4c:84:be:30:
         b4:0b:b4:96:f8:69:81:12:2e:f0:09:f7:65:7e:ee:3e:09:19:
         60:4b:77:84:0c:56:25:42:b4:3c:32:85:2b:59:2e:bc:e4:18:
         50:cd:99:59:e8:24:b9:14:30:90:40:f3:60:14:89:75:c3:f3:
         fc:94:0b:c6:e8:f1:b0:98:5b:19:31:55:08:52:46:63:23:0c:
         56:16:79:f5:54:31:a9:2a:6b:9c:5e:1d:c7:38:64:ba:c6:6f:
         7b:22:fc:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUcAIGmn4rLrdUXQBz6iZs1KVszQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA1MDMyMzU1MDVaFw0yNjA1MDMwMDAwMDVaMDMxMTAvBgNV
BAMTKEJDMkRBMEQ0ODM3OTc4MDQxQjMyMjc2MUQ4NjdDNDhBRDAyRjJDNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCddlVPiqCtHPXCtQvPVpbU0xW7
huQm9pjkoKDNzVkBspEght5+8mkEAq13Vdvuoc9T5PEVZu+eutngHQwVpD9g+nN9
pDKskdwxiHwu2iWKdfqgzePmR8qAuNVvc/eEgXKTTnIpZn5hH8vsw49jEsL7bz7E
6uE3Azt7HnwDSkQDb+IHhmQ8uR5OKh3XKYekr8Y78DHAJuI6TwsYG38TAuKtnFVM
v16KA5sdhzU6QXLbRyXpab8RL7h1vn0hWg91PthxgPMpcIP9VKYd5AhNibLxW3lO
Gp/R3kmiHVa8Q/Um0zUYerxKQCZLgbR45QUz2PEyih6cKST51kmdB0gvpK55AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvC2g1IN5eAQbMidh2GfEitAvLEYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/sw
DQYJKoZIhvcNAQELBQADggEBAElxXtD2S28BU/VmKexgQ+KlhFq3C3UlXjPS6RXN
/aEa/zNIbWvjEIFkiqMFvgfmF4Cydv2iibQO1ly0Ylw7EwOn3lpJrC2dwoyj5cmL
6KJYEynJ6ckS/Tiy2XYpo6DFcLj3ELAZfjb9ILzp4y+jB/gzX5rTIm/ItUjm4vDw
eDFIhsET33FEBXy+5xmKeFZ98SzG/2l43FREmsb7AM9UTIS+MLQLtJb4aYESLvAJ
92V+7j4JGWBLd4QMViVCtDwyhStZLrzkGFDNmVnoJLkUMJBA82AUiXXD8/yUC8bo
8bCYWxkxVQhSRmMjDFYWefVUMakqa5xeHcc4ZLrGb3si/OA=
-----END CERTIFICATE-----