Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          O8U1MA1e8SF6OYhVFYEmEMfi3tDh5+sXl+wFh6Xv6xI=
Subject key identifier:   5C:D0:1B:5B:38:2A:7F:B5:2D:56:49:A0:0A:7E:5B:04:02:66:FF:6D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       156234A3508F0E76CE6E0F633D7B5DC0E56A3383
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
Signing time:             Tue 19 Nov 2024 13:01:13 +0000
ROA not before:           Tue 19 Nov 2024 12:56:13 +0000
ROA not after:            Tue 18 Nov 2025 13:01:13 +0000
asID:                     40676
IP address blocks:        46.202.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:62:34:a3:50:8f:0e:76:ce:6e:0f:63:3d:7b:5d:c0:e5:6a:33:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 19 12:56:13 2024 GMT
            Not After : Nov 18 13:01:13 2025 GMT
        Subject: CN=5CD01B5B382A7FB52D5649A00A7E5B040266FF6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:16:d1:75:07:d7:c4:51:f0:61:42:b8:73:74:
                    2c:44:08:7a:e3:98:02:32:9f:b6:12:91:ef:3e:4f:
                    c4:78:7b:fe:77:74:3e:14:b3:f3:c6:4a:2b:db:19:
                    75:26:9a:f9:16:f6:09:41:eb:9f:1e:78:f5:f1:cd:
                    10:09:b3:5a:1e:de:3d:76:29:01:20:0c:1a:28:d9:
                    53:93:eb:78:fa:4f:2e:11:d6:a1:cd:54:37:1d:b5:
                    b7:9f:bd:61:de:8e:e9:25:53:9e:21:a4:f4:28:42:
                    5b:f1:54:25:53:68:75:71:4f:5e:1c:2c:ed:b3:1e:
                    bc:e4:ab:9f:e9:4f:eb:91:e9:d1:73:0a:d1:af:00:
                    89:42:1a:76:7e:66:70:ec:a0:e0:c6:1f:78:47:cf:
                    75:77:ee:9b:d5:71:26:ac:86:7c:ff:6c:06:d9:af:
                    9f:6a:f7:ff:ca:6b:02:18:1c:01:d8:c8:b4:3f:d4:
                    e3:07:35:b5:fc:47:30:62:14:fa:8e:14:1e:08:91:
                    02:ae:c3:c1:15:78:63:c0:df:d0:5f:d0:52:7b:00:
                    8c:ad:9b:49:85:b7:d2:87:fa:5b:3d:f5:1f:41:79:
                    f8:68:26:36:6f:46:61:dc:6e:0f:30:2a:7c:38:5c:
                    a5:14:1c:4a:ad:bc:10:66:d1:f4:3f:9d:99:45:11:
                    4a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D0:1B:5B:38:2A:7F:B5:2D:56:49:A0:0A:7E:5B:04:02:66:FF:6D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:67:0f:94:53:d5:23:aa:20:c8:8f:cc:95:76:b9:08:58:1e:
         17:9c:54:3f:f4:67:e8:65:a0:b6:45:70:df:78:5c:ae:91:63:
         25:43:1d:78:d6:2c:d6:c7:ad:38:e4:b3:af:60:7b:9f:5e:47:
         6a:3f:b9:5a:70:06:21:9b:f7:33:10:19:71:d0:34:2a:9d:73:
         77:32:b1:c9:e5:8d:55:99:69:2b:af:2c:68:ad:c0:26:a3:96:
         c2:92:c2:2d:3c:9c:98:36:e1:eb:9e:57:9a:fd:08:ae:78:0d:
         0a:d1:67:4d:15:70:fa:e0:42:d9:3d:ec:1d:6d:1a:e3:2b:25:
         0d:42:ff:15:31:57:55:6a:0b:b8:52:5b:2f:39:5f:f1:1c:c8:
         10:75:34:e7:f9:8f:4e:75:51:fb:6d:1b:d7:b7:77:44:f4:d0:
         4f:09:f2:bf:9f:87:bb:f3:ac:f2:45:99:f6:c8:a6:35:76:3c:
         96:2a:e7:6e:34:f2:f0:2c:5b:37:86:64:63:ba:86:2e:35:83:
         c8:a6:56:84:4e:4f:ef:12:37:23:8f:e7:df:95:35:ca:5a:ca:
         09:ed:81:b3:63:51:47:20:e5:2a:12:77:16:5b:4b:9a:97:45:
         17:8f:fd:1d:99:0a:bc:a6:40:76:c4:a9:f3:b1:4e:ef:61:29:
         79:1e:64:ab
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFWI0o1CPDnbObg9jPXtdwOVqM4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMTkxMjU2MTNaFw0yNTExMTgxMzAxMTNaMDMxMTAvBgNV
BAMTKDVDRDAxQjVCMzgyQTdGQjUyRDU2NDlBMDBBN0U1QjA0MDI2NkZGNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZFtF1B9fEUfBhQrhzdCxECHrj
mAIyn7YSke8+T8R4e/53dD4Us/PGSivbGXUmmvkW9glB658eePXxzRAJs1oe3j12
KQEgDBoo2VOT63j6Ty4R1qHNVDcdtbefvWHejuklU54hpPQoQlvxVCVTaHVxT14c
LO2zHrzkq5/pT+uR6dFzCtGvAIlCGnZ+ZnDsoODGH3hHz3V37pvVcSashnz/bAbZ
r59q9//KawIYHAHYyLQ/1OMHNbX8RzBiFPqOFB4IkQKuw8EVeGPA39Bf0FJ7AIyt
m0mFt9KH+ls99R9BefhoJjZvRmHcbg8wKnw4XKUUHEqtvBBm0fQ/nZlFEUoZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUXNAbWzgqf7UtVkmgCn5bBAJm/20wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAuyuAw
DQYJKoZIhvcNAQELBQADggEBAEJnD5RT1SOqIMiPzJV2uQhYHhecVD/0Z+hloLZF
cN94XK6RYyVDHXjWLNbHrTjks69ge59eR2o/uVpwBiGb9zMQGXHQNCqdc3cyscnl
jVWZaSuvLGitwCajlsKSwi08nJg24eueV5r9CK54DQrRZ00VcPrgQtk97B1tGuMr
JQ1C/xUxV1VqC7hSWy85X/EcyBB1NOf5j051UfttG9e3d0T00E8J8r+fh7vzrPJF
mfbIpjV2PJYq52408vAsWzeGZGO6hi41g8imVoROT+8SNyOP59+VNcpaygntgbNj
UUcg5SoSdxZbS5qXRReP/R2ZCrymQHbEqfOxTu9hKXkeZKs=
-----END CERTIFICATE-----