Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          jrWnqXuNRtjAT2kecXFR+FsBobfUJcqYeb5IZIdgVK8=
Subject key identifier:   BF:9F:6F:67:BF:B1:BB:13:00:00:6E:A3:E9:B2:B6:F1:01:F1:FC:21
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6D2C658601B804854E2F7EF67820133252006CEA
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
Signing time:             Sun 14 Sep 2025 00:05:08 +0000
ROA not before:           Sun 14 Sep 2025 00:00:08 +0000
ROA not after:            Sun 13 Sep 2026 00:05:08 +0000
asID:                     40676
IP address blocks:        46.202.224.0/24 maxlen: 24
                          91.124.135.0/24 maxlen: 24
                          91.124.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:2c:65:86:01:b8:04:85:4e:2f:7e:f6:78:20:13:32:52:00:6c:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 14 00:00:08 2025 GMT
            Not After : Sep 13 00:05:08 2026 GMT
        Subject: CN=BF9F6F67BFB1BB1300006EA3E9B2B6F101F1FC21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:04:37:0e:64:3c:c1:a8:79:69:d1:0e:32:e1:
                    14:5f:1e:07:96:e4:ab:83:0e:5b:f1:e8:f2:98:da:
                    aa:d3:cf:2c:0d:ee:0e:5c:24:48:64:ea:88:9c:60:
                    0b:69:53:d7:fd:4b:15:61:b6:f5:3e:1d:cb:02:e0:
                    dd:3d:4c:fa:32:9b:d7:2a:81:f6:d6:c0:13:d1:36:
                    b3:77:03:bd:e3:fe:a1:a6:d9:bf:70:78:0e:b7:96:
                    96:ea:5b:ab:95:f8:37:34:02:ec:81:55:92:ca:02:
                    a4:bc:07:8b:bb:a1:1f:ed:4e:75:29:2a:82:1b:3e:
                    19:26:ce:23:2e:6c:40:ef:34:e3:87:97:bf:51:27:
                    d6:71:db:d2:dd:52:83:98:27:c5:63:7f:e8:15:01:
                    ea:3a:18:fc:ac:5a:d8:53:4e:17:7a:01:4d:c7:b9:
                    5a:7d:9f:60:bc:20:a6:d8:a1:1c:e0:e1:04:46:29:
                    da:8c:82:0c:7e:c5:3a:c4:27:72:0f:ca:62:59:9a:
                    52:6d:d3:50:30:55:b4:8d:c9:e3:c4:35:7e:a7:d0:
                    5f:e0:ce:00:24:5d:0f:2e:36:c3:71:bc:2e:70:ad:
                    d0:ec:2b:32:ee:f7:9b:0c:61:51:f4:64:b4:75:f5:
                    c5:19:40:4b:e5:7c:63:bf:72:74:df:58:e4:57:e6:
                    5a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:9F:6F:67:BF:B1:BB:13:00:00:6E:A3:E9:B2:B6:F1:01:F1:FC:21
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.224.0/24
                  91.124.135.0/24
                  91.124.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:b8:ea:86:5b:48:aa:ef:f3:e7:c5:89:39:4c:7b:60:83:e0:
         13:cc:df:97:56:ab:cc:57:c4:45:f3:ca:ee:db:f4:08:78:68:
         87:8f:3b:7a:6f:9a:a1:f5:b3:e1:f4:d6:95:d8:25:14:bc:41:
         78:3a:79:2e:38:85:f1:27:b3:9c:3e:07:bc:68:b0:28:96:27:
         ad:dd:1d:05:25:9c:66:c8:2f:f1:f4:29:8f:d7:09:e6:08:9d:
         75:5b:9f:ae:84:70:b4:03:46:7a:4a:f6:63:ed:7a:a2:18:0c:
         dc:68:89:ec:57:f2:a1:73:1a:b4:bb:f6:09:fe:26:e4:dc:8d:
         14:46:71:76:71:0a:51:4b:dd:c5:3d:cd:b1:f4:fb:7b:97:53:
         5c:61:8f:05:b3:9a:67:00:e4:98:c9:47:d6:91:f3:3d:c3:f3:
         c3:72:d4:e8:ac:cf:6c:a4:e7:be:bc:78:7b:42:27:bf:29:b7:
         cf:9b:7b:84:33:ab:3d:1c:05:77:5f:c2:ae:bd:cd:46:21:68:
         70:d2:90:44:de:03:32:0c:9b:3a:7a:49:df:5c:fb:2a:5c:3c:
         b1:b0:1a:80:e7:71:46:ee:87:72:f1:72:77:53:84:a1:9a:58:
         0d:9e:e7:c6:ae:b7:62:98:31:13:a9:e7:70:7b:e9:49:19:33:
         ce:7e:51:4d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUbSxlhgG4BIVOL372eCATMlIAbOowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MTQwMDAwMDhaFw0yNjA5MTMwMDA1MDhaMDMxMTAvBgNV
BAMTKEJGOUY2RjY3QkZCMUJCMTMwMDAwNkVBM0U5QjJCNkYxMDFGMUZDMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDABDcOZDzBqHlp0Q4y4RRfHgeW
5KuDDlvx6PKY2qrTzywN7g5cJEhk6oicYAtpU9f9SxVhtvU+HcsC4N09TPoym9cq
gfbWwBPRNrN3A73j/qGm2b9weA63lpbqW6uV+Dc0AuyBVZLKAqS8B4u7oR/tTnUp
KoIbPhkmziMubEDvNOOHl79RJ9Zx29LdUoOYJ8Vjf+gVAeo6GPysWthTThd6AU3H
uVp9n2C8IKbYoRzg4QRGKdqMggx+xTrEJ3IPymJZmlJt01AwVbSNyePENX6n0F/g
zgAkXQ8uNsNxvC5wrdDsKzLu95sMYVH0ZLR19cUZQEvlfGO/cnTfWORX5lpLAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUv59vZ7+xuxMAAG6j6bK28QHx/CEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAuyuAD
BABbfIcDBABbfLIwDQYJKoZIhvcNAQELBQADggEBAKq46oZbSKrv8+fFiTlMe2CD
4BPM35dWq8xXxEXzyu7b9Ah4aIePO3pvmqH1s+H01pXYJRS8QXg6eS44hfEns5w+
B7xosCiWJ63dHQUlnGbIL/H0KY/XCeYInXVbn66EcLQDRnpK9mPteqIYDNxoiexX
8qFzGrS79gn+JuTcjRRGcXZxClFL3cU9zbH0+3uXU1xhjwWzmmcA5JjJR9aR8z3D
88Ny1Oisz2yk5768eHtCJ78pt8+be4Qzqz0cBXdfwq69zUYhaHDSkETeAzIMmzp6
Sd9c+ypcPLGwGoDncUbuh3LxcndThKGaWA2e58aut2KYMROp53B76UkZM85+UU0=
-----END CERTIFICATE-----