Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS140224.roa
File:                     AS140224.roa (raw, json)
Hash identifier:          0cBCGJo7GVYCa7hJXwL60wPabkPRa2G8Jzd9nnE2EMk=
Subject key identifier:   CB:A8:70:0F:EA:32:AF:7F:80:C0:05:89:6C:B1:85:75:02:B2:7B:EC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5EA6D46C30002428361CAD9C8A525B41665E6211
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS140224.roa
Signing time:             Tue 05 Aug 2025 07:50:22 +0000
ROA not before:           Tue 05 Aug 2025 07:45:22 +0000
ROA not after:            Tue 04 Aug 2026 07:50:22 +0000
asID:                     140224
IP address blocks:        96.62.222.0/24 maxlen: 24
                          140.233.171.0/24 maxlen: 24
                          143.14.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:a6:d4:6c:30:00:24:28:36:1c:ad:9c:8a:52:5b:41:66:5e:62:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  5 07:45:22 2025 GMT
            Not After : Aug  4 07:50:22 2026 GMT
        Subject: CN=CBA8700FEA32AF7F80C005896CB1857502B27BEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:63:8e:82:68:16:a1:c0:73:77:c8:6d:2a:d8:
                    9c:1b:a5:34:9b:54:3f:c5:f9:5b:15:4e:35:fb:1a:
                    db:db:1d:22:f9:e3:35:02:01:92:c3:2c:7c:e0:74:
                    86:3a:36:87:3c:55:d2:a7:ef:a2:81:e9:78:6b:bb:
                    14:b3:c9:1d:4a:dc:09:f6:b2:13:48:c7:78:7b:40:
                    28:a3:82:2d:2b:18:b3:23:a9:49:21:8b:f1:e8:dc:
                    08:13:d6:bc:6b:98:48:8f:13:01:49:73:2a:25:59:
                    86:60:a4:1a:ae:d6:d7:09:93:bc:7f:ca:23:ee:fb:
                    eb:c7:8b:55:c7:d1:f2:32:66:3f:e3:75:1d:e4:bb:
                    41:4e:da:8a:94:b2:34:9b:5f:1f:14:2a:6f:42:12:
                    de:a2:d4:05:bb:fc:da:9c:ef:e0:61:d6:a3:c4:70:
                    8b:20:e8:0d:06:c8:b1:01:34:6a:0e:62:69:17:b7:
                    81:41:4d:09:dd:8d:91:5e:8b:4f:59:cd:d2:9d:49:
                    a0:5a:85:24:25:6d:5f:d3:bb:d3:2a:f7:81:f2:bf:
                    5b:5d:be:a5:b9:d6:12:d2:93:82:5e:87:d7:3f:88:
                    9d:e1:8e:4e:e6:23:dc:31:b0:cc:2b:0f:1f:67:f1:
                    e1:07:35:24:2d:86:01:de:5d:ce:f1:4a:37:88:d7:
                    f3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A8:70:0F:EA:32:AF:7F:80:C0:05:89:6C:B1:85:75:02:B2:7B:EC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS140224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.222.0/24
                  140.233.171.0/24
                  143.14.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:dc:4b:53:f3:e6:1e:c2:98:46:cc:1c:55:93:c0:9f:de:f6:
         5d:9e:d7:41:a1:89:98:25:ec:12:1d:f1:5d:6e:63:0d:a8:65:
         a2:89:8c:23:8d:ef:c0:a2:47:b0:2d:f9:56:bb:8b:84:c3:28:
         fe:a3:1b:72:2f:54:4c:39:7b:23:00:8c:5f:73:f1:99:6b:25:
         c7:aa:3f:30:46:74:c8:a0:1f:1f:6b:45:54:e2:de:5d:3f:e2:
         c5:94:70:ef:2f:27:f7:d6:42:34:94:5a:60:51:70:e5:1b:6d:
         a6:56:25:98:c0:aa:02:56:48:67:78:df:e1:36:f8:f1:21:2f:
         a8:c9:2f:14:ff:d7:4a:5a:1b:f7:c3:b0:0f:50:f0:7c:d0:07:
         2e:9c:17:d6:f4:7b:42:af:91:ef:ca:a4:e4:05:9f:35:37:b1:
         5e:e4:3c:07:f9:e0:0a:24:68:ae:e4:63:f8:65:fe:6e:41:67:
         c4:5e:3c:f3:b8:f2:41:25:60:c6:d1:a0:a3:84:61:42:9b:7a:
         4e:f9:bf:63:5f:d2:39:e0:2d:40:df:bd:07:d3:68:99:a9:28:
         46:0f:a9:00:f8:64:4a:46:cb:3d:70:73:d6:5a:e9:35:34:93:
         b4:c4:4a:2d:6b:47:e6:f9:5d:15:fd:bc:01:ee:61:91:92:6c:
         0b:b7:65:97
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXqbUbDAAJCg2HK2cilJbQWZeYhEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDUwNzQ1MjJaFw0yNjA4MDQwNzUwMjJaMDMxMTAvBgNV
BAMTKENCQTg3MDBGRUEzMkFGN0Y4MEMwMDU4OTZDQjE4NTc1MDJCMjdCRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMY46CaBahwHN3yG0q2JwbpTSb
VD/F+VsVTjX7GtvbHSL54zUCAZLDLHzgdIY6Noc8VdKn76KB6XhruxSzyR1K3An2
shNIx3h7QCijgi0rGLMjqUkhi/Ho3AgT1rxrmEiPEwFJcyolWYZgpBqu1tcJk7x/
yiPu++vHi1XH0fIyZj/jdR3ku0FO2oqUsjSbXx8UKm9CEt6i1AW7/Nqc7+Bh1qPE
cIsg6A0GyLEBNGoOYmkXt4FBTQndjZFei09ZzdKdSaBahSQlbV/Tu9Mq94Hyv1td
vqW51hLSk4Jeh9c/iJ3hjk7mI9wxsMwrDx9n8eEHNSQthgHeXc7xSjeI1/PhAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUy6hwD+oyr3+AwAWJbLGFdQKye+wwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTQwMjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAYD7e
AwQAjOmrAwQAjw6RMA0GCSqGSIb3DQEBCwUAA4IBAQAW3EtT8+YewphGzBxVk8Cf
3vZdntdBoYmYJewSHfFdbmMNqGWiiYwjje/AokewLflWu4uEwyj+oxtyL1RMOXsj
AIxfc/GZayXHqj8wRnTIoB8fa0VU4t5dP+LFlHDvLyf31kI0lFpgUXDlG22mViWY
wKoCVkhneN/hNvjxIS+oyS8U/9dKWhv3w7APUPB80AcunBfW9HtCr5HvyqTkBZ81
N7Fe5DwH+eAKJGiu5GP4Zf5uQWfEXjzzuPJBJWDG0aCjhGFCm3pO+b9jX9I54C1A
370H02iZqShGD6kA+GRKRss9cHPWWuk1NJO0xEota0fm+V0V/bwB7mGRkmwLt2WX
-----END CERTIFICATE-----