Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40994.roa
File:                     AS40994.roa (raw, json)
Hash identifier:          gaSwy8WcNftCaEQWNepPPnMGYUQLVXc09JI2RwHg8OY=
Subject key identifier:   79:BC:D7:44:8B:11:CB:3A:62:FD:0F:74:47:6F:8A:3B:71:46:A5:BA
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3E0478F692156DACEEA17CD30D968EF86045E4F2
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40994.roa
Signing time:             Tue 29 Oct 2024 15:43:26 +0000
ROA not before:           Tue 29 Oct 2024 15:38:26 +0000
ROA not after:            Tue 28 Oct 2025 15:43:26 +0000
asID:                     40994
IP address blocks:        141.11.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:04:78:f6:92:15:6d:ac:ee:a1:7c:d3:0d:96:8e:f8:60:45:e4:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:26 2024 GMT
            Not After : Oct 28 15:43:26 2025 GMT
        Subject: CN=79BCD7448B11CB3A62FD0F74476F8A3B7146A5BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9e:a2:da:12:f6:8c:52:07:5f:cc:8f:fa:14:
                    ea:0d:01:87:2a:dc:f7:40:2e:88:9c:d1:ad:24:92:
                    54:94:65:e8:78:f2:71:d7:8d:b5:6f:f3:83:db:91:
                    a8:18:a5:3d:6d:e4:0e:7a:b7:0e:69:52:f4:1d:da:
                    46:88:54:ef:33:98:52:b6:ca:b4:77:5c:4b:b8:87:
                    e0:61:05:3d:a8:e1:64:33:f9:87:36:f1:9e:4a:09:
                    b8:3e:8a:64:1c:f7:93:82:f0:46:c6:65:65:95:be:
                    13:4c:90:1e:c6:65:a0:b6:1d:6d:6b:de:32:51:f4:
                    1f:98:41:cb:22:85:c7:87:13:08:2e:2c:74:47:f4:
                    e2:d6:9a:fc:69:4c:1a:19:ca:13:43:69:7f:55:36:
                    5c:56:e3:25:f6:dc:f7:07:e3:38:b2:f1:8f:10:3b:
                    12:a9:01:e3:72:81:fe:40:cb:79:82:67:5f:4a:99:
                    d5:5a:21:68:a5:da:25:95:17:3c:ac:6c:1f:44:26:
                    ee:47:b6:11:fa:2d:10:6b:b4:bd:90:d8:21:ea:17:
                    67:f0:73:f9:5c:0a:1c:ec:e9:ac:5f:15:69:a8:36:
                    c7:da:44:e2:5a:b6:a3:a2:50:17:2c:18:82:32:7d:
                    a7:cf:1d:12:8b:31:7c:fc:b0:f3:cb:eb:3f:1e:87:
                    87:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:BC:D7:44:8B:11:CB:3A:62:FD:0F:74:47:6F:8A:3B:71:46:A5:BA
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40994.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:46:ad:75:df:81:8c:31:58:2c:e3:a9:84:31:6a:52:d4:57:
         e6:82:39:5e:69:c0:bc:e6:61:78:86:65:60:1e:19:88:68:95:
         f7:a0:95:8f:c9:5e:64:7c:10:9c:d4:cf:41:3a:b7:a7:75:a3:
         72:3e:61:3f:4c:c4:e9:75:f9:8d:02:6f:20:bc:60:d3:cf:0b:
         00:a1:cf:12:99:40:a8:97:1b:ea:0f:80:b1:9c:a5:c6:e8:5a:
         bf:73:5c:5b:89:6f:2c:e5:7e:0b:59:d0:e7:ad:5a:ca:25:1d:
         cb:1a:a3:b3:14:30:74:08:dc:59:31:d8:b6:55:69:78:1c:37:
         65:fc:b7:55:6a:93:5b:42:e7:af:d9:2d:86:19:1d:12:3b:94:
         eb:76:11:63:f4:11:53:b1:f7:b9:5d:f6:04:eb:ac:d7:07:37:
         c4:22:eb:e3:6f:df:89:75:10:d7:88:0b:9d:fb:07:d9:9d:19:
         10:e9:a5:fd:0e:65:27:cc:10:fa:3e:20:80:27:f3:85:aa:db:
         d8:2a:f4:36:34:c4:2b:f2:45:6f:88:3d:9a:e9:61:24:c1:4e:
         e4:9a:3c:71:49:06:19:b3:05:ce:8e:08:3c:b0:28:72:82:5c:
         16:5d:5e:af:43:c5:05:3d:df:47:e9:18:2b:14:3d:06:5b:01:
         0e:a1:bd:fd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPgR49pIVbazuoXzTDZaO+GBF5PIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjZaFw0yNTEwMjgxNTQzMjZaMDMxMTAvBgNV
BAMTKDc5QkNENzQ0OEIxMUNCM0E2MkZEMEY3NDQ3NkY4QTNCNzE0NkE1QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSnqLaEvaMUgdfzI/6FOoNAYcq
3PdALoic0a0kklSUZeh48nHXjbVv84PbkagYpT1t5A56tw5pUvQd2kaIVO8zmFK2
yrR3XEu4h+BhBT2o4WQz+Yc28Z5KCbg+imQc95OC8EbGZWWVvhNMkB7GZaC2HW1r
3jJR9B+YQcsihceHEwguLHRH9OLWmvxpTBoZyhNDaX9VNlxW4yX23PcH4ziy8Y8Q
OxKpAeNygf5Ay3mCZ19KmdVaIWil2iWVFzysbB9EJu5HthH6LRBrtL2Q2CHqF2fw
c/lcChzs6axfFWmoNsfaROJatqOiUBcsGIIyfafPHRKLMXz8sPPL6z8eh4cHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUebzXRIsRyzpi/Q90R2+KO3FGpbowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDA5OTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCwcw
DQYJKoZIhvcNAQELBQADggEBAAtGrXXfgYwxWCzjqYQxalLUV+aCOV5pwLzmYXiG
ZWAeGYholfeglY/JXmR8EJzUz0E6t6d1o3I+YT9MxOl1+Y0CbyC8YNPPCwChzxKZ
QKiXG+oPgLGcpcboWr9zXFuJbyzlfgtZ0OetWsolHcsao7MUMHQI3Fkx2LZVaXgc
N2X8t1Vqk1tC56/ZLYYZHRI7lOt2EWP0EVOx97ld9gTrrNcHN8Qi6+Nv34l1ENeI
C537B9mdGRDppf0OZSfMEPo+IIAn84Wq29gq9DY0xCvyRW+IPZrpYSTBTuSaPHFJ
BhmzBc6OCDywKHKCXBZdXq9DxQU930fpGCsUPQZbAQ6hvf0=
-----END CERTIFICATE-----