Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          uloaEhLaYV4q7RvEYxA3HWAe6pbSezT6bVF+GEuj2Ug=
Subject key identifier:   4E:F3:EB:C8:87:4A:AA:10:72:F2:D2:A8:F4:3C:D2:16:51:A4:46:E1
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       36EB41CDF83A47EB5A3B2E9876B55791CB4DD442
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS62240.roa
Signing time:             Thu 04 Apr 2024 13:15:10 +0000
ROA not before:           Thu 04 Apr 2024 13:10:10 +0000
ROA not after:            Thu 03 Apr 2025 13:15:10 +0000
asID:                     62240
IP address blocks:        141.11.144.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:eb:41:cd:f8:3a:47:eb:5a:3b:2e:98:76:b5:57:91:cb:4d:d4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr  4 13:10:10 2024 GMT
            Not After : Apr  3 13:15:10 2025 GMT
        Subject: CN=4EF3EBC8874AAA1072F2D2A8F43CD21651A446E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b8:06:4a:c0:0a:c9:28:09:75:cd:36:08:f5:
                    58:bc:5b:fd:61:ca:c8:e2:66:b2:54:28:4d:26:33:
                    6d:53:4c:e2:61:0f:de:4a:52:b1:41:8c:4e:be:71:
                    47:dc:76:e5:ae:99:b5:eb:85:d2:9b:16:32:f6:4f:
                    b7:80:12:ec:99:58:f5:ca:52:cf:97:5c:3f:6b:ec:
                    8e:70:34:52:08:a8:5c:e1:93:09:79:3c:25:2a:38:
                    16:3e:e0:a7:03:7a:c4:2a:97:c0:ac:e3:d5:3a:f0:
                    ad:3b:17:d3:b9:5a:18:6d:b8:84:0c:e5:3b:ad:e6:
                    c2:42:47:a1:6d:5f:86:79:9c:e8:a1:c2:95:8f:e6:
                    bc:6d:bb:3c:1d:a8:18:2c:ac:fb:ce:d5:4e:2d:10:
                    ca:59:1e:55:64:0e:88:b5:a5:54:c2:d6:62:7d:5f:
                    ca:e4:3d:a0:a1:ca:cc:ad:b9:16:2f:38:3c:f6:5f:
                    04:5c:7d:89:4d:b4:f5:01:3c:dc:6c:1b:7a:e2:90:
                    16:c3:b7:80:f0:bd:ef:cd:0e:57:70:b2:71:68:af:
                    ef:72:af:ac:db:9f:ed:30:87:66:f4:c3:1c:ac:80:
                    8e:5c:b0:13:13:a3:6b:80:c6:ff:b6:04:4d:3a:87:
                    ee:fe:56:dc:83:d0:e1:b1:24:c9:71:0e:53:a1:17:
                    14:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F3:EB:C8:87:4A:AA:10:72:F2:D2:A8:F4:3C:D2:16:51:A4:46:E1
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:3e:5a:a9:72:77:05:a2:06:28:0f:7c:bf:09:e4:4b:09:3c:
         ee:72:52:ff:8f:b6:24:2e:5e:de:1d:fe:f1:d6:97:ce:eb:e3:
         20:71:a1:96:56:ef:67:76:57:d3:43:ad:6a:f8:8b:da:db:e5:
         94:9b:02:e7:9b:25:3d:88:9e:04:3d:4d:80:10:18:ba:fa:7d:
         1a:e9:72:b1:9c:f3:b7:75:9d:49:f3:65:7e:70:b4:b0:db:a7:
         48:89:5c:ae:a4:91:48:95:34:df:5c:49:a8:30:2d:74:09:b0:
         8b:c1:4d:f7:5c:57:20:82:b5:85:69:d5:d6:ee:90:0a:50:3a:
         61:58:05:2e:b6:89:66:2c:79:eb:77:85:a2:9c:1e:44:80:36:
         58:5f:7c:ed:54:28:4d:0a:ba:49:38:57:8e:70:2c:11:84:fe:
         ac:d0:bd:df:b0:d4:dc:5a:f5:bc:7e:ab:18:fb:9d:29:4e:0e:
         7e:7c:27:00:51:a3:57:62:0f:22:30:8b:80:22:87:5c:a8:09:
         b6:f5:1b:7f:34:49:56:8a:e0:e9:63:90:af:7b:25:5c:46:a4:
         b0:f3:78:d8:a6:e3:78:a4:21:78:51:8d:2f:cb:ee:96:30:ce:
         0e:99:9e:f3:10:ef:c6:1a:ca:a7:ed:5b:18:6e:8a:e5:eb:66:
         2b:31:74:b7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNutBzfg6R+taOy6YdrVXkctN1EIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA0MDQxMzEwMTBaFw0yNTA0MDMxMzE1MTBaMDMxMTAvBgNV
BAMTKDRFRjNFQkM4ODc0QUFBMTA3MkYyRDJBOEY0M0NEMjE2NTFBNDQ2RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5uAZKwArJKAl1zTYI9Vi8W/1h
ysjiZrJUKE0mM21TTOJhD95KUrFBjE6+cUfcduWumbXrhdKbFjL2T7eAEuyZWPXK
Us+XXD9r7I5wNFIIqFzhkwl5PCUqOBY+4KcDesQql8Cs49U68K07F9O5WhhtuIQM
5Tut5sJCR6FtX4Z5nOihwpWP5rxtuzwdqBgsrPvO1U4tEMpZHlVkDoi1pVTC1mJ9
X8rkPaChysytuRYvODz2XwRcfYlNtPUBPNxsG3rikBbDt4Dwve/NDldwsnFor+9y
r6zbn+0wh2b0wxysgI5csBMTo2uAxv+2BE06h+7+VtyD0OGxJMlxDlOhFxS7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUTvPryIdKqhBy8tKo9DzSFlGkRuEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNC5Aw
DQYJKoZIhvcNAQELBQADggEBADk+WqlydwWiBigPfL8J5EsJPO5yUv+PtiQuXt4d
/vHWl87r4yBxoZZW72d2V9NDrWr4i9rb5ZSbAuebJT2IngQ9TYAQGLr6fRrpcrGc
87d1nUnzZX5wtLDbp0iJXK6kkUiVNN9cSagwLXQJsIvBTfdcVyCCtYVp1dbukApQ
OmFYBS62iWYseet3haKcHkSANlhffO1UKE0Kukk4V45wLBGE/qzQvd+w1Nxa9bx+
qxj7nSlODn58JwBRo1diDyIwi4Aih1yoCbb1G380SVaK4OljkK97JVxGpLDzeNim
43ikIXhRjS/L7pYwzg6ZnvMQ78YayqftWxhuiuXrZisxdLc=
-----END CERTIFICATE-----