Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          mpKTd3dwjQLFgYoaK9/mfGowg38C2Fu1+2f2pC9JpZU=
Subject key identifier:   F1:33:57:FD:77:27:B3:DE:E3:96:77:03:AF:6F:2A:C4:51:10:18:4E
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1037E61E47BC0669381329C5F5835A7F8CD326CE
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
Signing time:             Sun 26 Apr 2026 02:02:05 +0000
ROA not before:           Sun 26 Apr 2026 01:57:05 +0000
ROA not after:            Sun 25 Apr 2027 02:02:05 +0000
asID:                     40676
IP address blocks:        46.202.224.0/24 maxlen: 24
                          91.124.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 17:16:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:37:e6:1e:47:bc:06:69:38:13:29:c5:f5:83:5a:7f:8c:d3:26:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 26 01:57:05 2026 GMT
            Not After : Apr 25 02:02:05 2027 GMT
        Subject: CN=F13357FD7727B3DEE3967703AF6F2AC45110184E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c5:33:9b:23:ef:0d:77:48:eb:65:2c:14:f3:
                    20:80:6d:ba:51:5b:89:51:10:4d:3c:3f:e5:55:51:
                    9c:d9:e5:0a:de:fc:5c:a2:dd:52:6d:f2:67:9c:d2:
                    73:b3:f5:e1:76:f5:0a:76:12:16:ab:27:c9:89:12:
                    cf:7d:c6:73:3f:2c:57:b5:7f:32:36:d3:02:b6:0b:
                    b7:4f:d5:ca:ba:21:e6:29:77:55:1c:f3:fb:15:d8:
                    fc:e8:8a:6b:91:d0:44:09:1c:a3:95:74:d7:37:f6:
                    3c:38:48:47:f6:22:86:15:a4:19:90:ac:af:77:08:
                    eb:6e:e4:87:a2:dd:36:a9:b0:5b:84:cc:67:44:d8:
                    f2:50:81:fb:30:c4:b3:7b:bb:b5:7a:5d:7d:bc:46:
                    cd:a7:bb:fc:2d:23:36:b6:99:71:e2:50:18:bd:d1:
                    73:cc:d0:a3:45:10:f8:8f:dd:4d:5a:da:39:f9:5a:
                    24:cb:b8:f2:04:fb:50:75:46:d1:ec:30:fd:13:21:
                    ce:3a:0c:6c:52:59:64:5e:f3:e6:54:6d:3e:2a:74:
                    dc:57:98:d3:74:ce:ed:91:86:a7:a1:ae:01:60:0e:
                    96:7e:f2:60:e8:4d:ac:a9:50:5e:d1:7a:26:31:b6:
                    58:a6:58:4a:ab:78:01:5d:e7:76:ca:93:7d:b1:18:
                    de:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:33:57:FD:77:27:B3:DE:E3:96:77:03:AF:6F:2A:C4:51:10:18:4E
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.224.0/24
                  91.124.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:20:b6:13:8b:93:cc:74:ab:63:97:2c:06:92:03:81:b9:35:
         d2:26:9b:b0:4e:2b:c9:e7:72:66:9b:7f:f0:e0:5a:67:56:b9:
         4a:bb:f7:5c:a1:f8:f5:18:89:85:a3:78:84:28:2c:78:25:5e:
         7a:3d:bb:38:ea:5b:32:d0:b0:fc:b6:ec:17:a2:ed:d7:ea:f7:
         cb:d8:94:6a:73:27:72:ea:6b:fe:a7:aa:2d:b2:10:52:27:16:
         8b:be:2c:11:ab:aa:b1:c2:2d:d7:73:18:46:c1:97:08:fc:bf:
         97:70:23:71:f1:fe:2f:5b:ae:ea:e1:8d:5c:4a:cc:95:23:e2:
         71:2b:aa:91:9f:49:9a:a6:1f:25:88:94:6a:6d:39:db:83:ee:
         65:63:b3:bf:86:0e:e2:2a:c3:8e:68:d8:06:17:1d:59:d5:ec:
         7f:f5:1b:41:95:6f:6b:61:c2:05:86:26:e7:6b:c5:89:fc:45:
         c5:8a:99:4b:4d:15:a1:7c:fe:b3:3d:9d:15:8c:3f:09:74:57:
         4c:01:3f:52:7f:3c:5b:41:aa:19:08:a4:bd:00:b6:a9:02:3f:
         9d:6f:cb:5e:0c:ff:24:8f:14:6d:8c:ec:6e:d0:dc:53:df:61:
         8c:09:ca:e9:ec:6c:74:f6:b1:46:93:57:f9:4d:4b:15:25:af:
         8b:f8:34:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUEDfmHke8Bmk4EynF9YNaf4zTJs4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjYwMTU3MDVaFw0yNzA0MjUwMjAyMDVaMDMxMTAvBgNV
BAMTKEYxMzM1N0ZENzcyN0IzREVFMzk2NzcwM0FGNkYyQUM0NTExMDE4NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWxTObI+8Nd0jrZSwU8yCAbbpR
W4lREE08P+VVUZzZ5Qre/Fyi3VJt8mec0nOz9eF29Qp2EharJ8mJEs99xnM/LFe1
fzI20wK2C7dP1cq6IeYpd1Uc8/sV2PzoimuR0EQJHKOVdNc39jw4SEf2IoYVpBmQ
rK93COtu5Iei3TapsFuEzGdE2PJQgfswxLN7u7V6XX28Rs2nu/wtIza2mXHiUBi9
0XPM0KNFEPiP3U1a2jn5WiTLuPIE+1B1RtHsMP0TIc46DGxSWWRe8+ZUbT4qdNxX
mNN0zu2RhqehrgFgDpZ+8mDoTaypUF7ReiYxtlimWEqreAFd53bKk32xGN47AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU8TNX/Xcns97jlncDr28qxFEQGE4wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAuyuAD
BABbfIcwDQYJKoZIhvcNAQELBQADggEBAC4gthOLk8x0q2OXLAaSA4G5NdImm7BO
K8nncmabf/DgWmdWuUq791yh+PUYiYWjeIQoLHglXno9uzjqWzLQsPy27Bei7dfq
98vYlGpzJ3Lqa/6nqi2yEFInFou+LBGrqrHCLddzGEbBlwj8v5dwI3Hx/i9brurh
jVxKzJUj4nErqpGfSZqmHyWIlGptOduD7mVjs7+GDuIqw45o2AYXHVnV7H/1G0GV
b2thwgWGJudrxYn8RcWKmUtNFaF8/rM9nRWMPwl0V0wBP1J/PFtBqhkIpL0AtqkC
P51vy14M/ySPFG2M7G7Q3FPfYYwJyunsbHT2sUaTV/lNSxUlr4v4NJg=
-----END CERTIFICATE-----