Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
File:                     AS15440.roa (raw, json)
Hash identifier:          80KO8Q+V5qc0ma3HcIkmBaddCJ9/DL+F736i9jERdl8=
Subject key identifier:   BD:90:BF:2E:37:12:09:87:C3:6F:6F:72:54:FC:14:55:E8:41:97:9A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3D29AD595352494FA288E11EC6763F4B76085E3F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
Signing time:             Tue 06 May 2025 23:54:07 +0000
ROA not before:           Tue 06 May 2025 23:49:07 +0000
ROA not after:            Tue 05 May 2026 23:54:07 +0000
asID:                     15440
IP address blocks:        146.103.25.0/24 maxlen: 24
                          146.103.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 13:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:29:ad:59:53:52:49:4f:a2:88:e1:1e:c6:76:3f:4b:76:08:5e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  6 23:49:07 2025 GMT
            Not After : May  5 23:54:07 2026 GMT
        Subject: CN=BD90BF2E37120987C36F6F7254FC1455E841979A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5a:2e:cc:7e:8a:94:65:6f:18:5c:e9:9d:d2:
                    c5:e4:90:1c:24:a2:74:2c:1a:5a:63:95:0a:95:37:
                    e5:98:8e:6c:ec:0f:8f:a1:39:30:4a:7f:30:12:f6:
                    18:55:97:84:fc:36:2a:fb:3e:89:7d:ad:8f:50:d1:
                    27:d2:6d:06:e7:df:12:47:1c:0e:8d:b4:f6:20:a6:
                    2f:33:86:35:29:4f:9b:b3:2e:d5:1b:4a:d5:6b:2e:
                    00:c6:36:6e:df:4a:2b:01:9d:f8:63:71:fa:69:91:
                    45:fe:93:2b:f5:a6:5f:ee:00:0b:ae:e3:57:7b:65:
                    ca:ef:cc:d5:e7:09:7d:d1:87:61:1c:b1:52:b3:43:
                    40:82:bb:74:a9:d6:3f:e5:30:18:1f:3c:b1:81:0a:
                    20:c7:e9:1f:26:2e:cb:fc:a2:2b:3d:13:35:3f:64:
                    63:02:f7:80:1b:62:3d:21:4b:67:1a:97:4b:76:b8:
                    61:97:da:3a:20:9f:3b:77:15:79:e1:38:e6:4c:a3:
                    eb:17:fc:f3:09:60:37:dd:8a:7f:2a:b5:38:5e:b2:
                    c9:40:cb:37:b7:66:a7:d2:c3:0d:9d:cb:e8:d5:91:
                    40:91:b4:ff:2b:6f:82:c1:74:ad:08:2c:e5:7a:a9:
                    17:76:dd:45:50:38:57:e1:70:f6:cc:34:22:7b:62:
                    2d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:90:BF:2E:37:12:09:87:C3:6F:6F:72:54:FC:14:55:E8:41:97:9A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.25.0/24
                  146.103.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d8:3c:fa:fe:c7:f4:cb:44:da:18:c9:c4:e2:e6:27:83:2b:
         3a:26:b3:65:7e:2d:58:6b:ea:fa:bd:53:ab:84:96:5a:50:bd:
         80:c2:07:ec:d4:cf:48:33:72:dd:08:00:a0:bc:0e:f5:0d:ed:
         ab:78:2c:38:58:3b:5d:74:27:a4:ae:2b:e3:32:82:d0:07:cd:
         6d:7f:d8:27:1b:22:96:0a:49:20:9a:e7:88:12:4e:68:1c:d9:
         95:1c:7f:9d:a6:a9:cc:be:b8:35:ba:2c:87:ba:92:64:cc:3f:
         e2:11:ff:b8:46:f7:fd:9f:bb:b6:53:3c:ed:c1:ec:1a:2f:2d:
         11:f7:33:c5:a5:d2:d6:10:d9:d6:8a:e7:7e:e3:c2:6f:e1:9c:
         54:37:c3:e3:4a:91:b7:36:f2:fd:00:ea:dc:95:fc:69:55:1a:
         04:cb:b4:c3:d1:52:bc:8f:be:20:b6:e4:ab:73:b0:39:c5:b7:
         32:90:2e:bb:b4:85:85:4e:b0:7e:23:2f:9d:7a:70:a0:89:f3:
         f9:f7:dd:e4:14:e6:fd:60:2e:e1:cb:be:11:44:9e:02:a3:97:
         eb:60:65:36:65:7c:01:87:e9:b1:45:02:b7:fd:19:9e:c8:f0:
         1f:02:df:ed:e0:3e:bf:23:ff:43:d4:d0:78:cc:d1:54:29:a5:
         03:a9:41:bb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUPSmtWVNSSU+iiOEexnY/S3YIXj8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MDYyMzQ5MDdaFw0yNjA1MDUyMzU0MDdaMDMxMTAvBgNV
BAMTKEJEOTBCRjJFMzcxMjA5ODdDMzZGNkY3MjU0RkMxNDU1RTg0MTk3OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfWi7MfoqUZW8YXOmd0sXkkBwk
onQsGlpjlQqVN+WYjmzsD4+hOTBKfzAS9hhVl4T8Nir7Pol9rY9Q0SfSbQbn3xJH
HA6NtPYgpi8zhjUpT5uzLtUbStVrLgDGNm7fSisBnfhjcfppkUX+kyv1pl/uAAuu
41d7ZcrvzNXnCX3Rh2EcsVKzQ0CCu3Sp1j/lMBgfPLGBCiDH6R8mLsv8ois9EzU/
ZGMC94AbYj0hS2cal0t2uGGX2jognzt3FXnhOOZMo+sX/PMJYDfdin8qtThesslA
yze3ZqfSww2dy+jVkUCRtP8rb4LBdK0ILOV6qRd23UVQOFfhcPbMNCJ7Yi2hAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUvZC/LjcSCYfDb29yVPwUVehBl5owHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTU0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACSZxkD
BACSZyYwDQYJKoZIhvcNAQELBQADggEBADDYPPr+x/TLRNoYycTi5ieDKzoms2V+
LVhr6vq9U6uEllpQvYDCB+zUz0gzct0IAKC8DvUN7at4LDhYO110J6SuK+MygtAH
zW1/2CcbIpYKSSCa54gSTmgc2ZUcf52mqcy+uDW6LIe6kmTMP+IR/7hG9/2fu7ZT
PO3B7BovLRH3M8Wl0tYQ2daK537jwm/hnFQ3w+NKkbc28v0A6tyV/GlVGgTLtMPR
UryPviC25KtzsDnFtzKQLru0hYVOsH4jL516cKCJ8/n33eQU5v1gLuHLvhFEngKj
l+tgZTZlfAGH6bFFArf9GZ7I8B8C3+3gPr8j/0PU0HjM0VQppQOpQbs=
-----END CERTIFICATE-----