Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          Xalj7sfmFuV7DVooY5AoJrcu6H9Q4hzPX8z8wAC4muA=
Subject key identifier:   A4:5D:F0:6C:49:F7:50:C7:DF:1B:2C:06:00:A2:7A:79:C7:01:60:04
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1449C75398E60DF135A8E8E834FAEE10DBD3BA21
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
Signing time:             Thu 18 Sep 2025 00:01:16 +0000
ROA not before:           Wed 17 Sep 2025 23:56:16 +0000
ROA not after:            Thu 17 Sep 2026 00:01:16 +0000
asID:                     40676
IP address blocks:        145.223.52.0/24 maxlen: 24
                          145.223.56.0/24 maxlen: 24
                          146.103.44.0/24 maxlen: 24
                          146.103.55.0/24 maxlen: 24
                          146.103.59.0/24 maxlen: 24
                          150.241.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:49:c7:53:98:e6:0d:f1:35:a8:e8:e8:34:fa:ee:10:db:d3:ba:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 17 23:56:16 2025 GMT
            Not After : Sep 17 00:01:16 2026 GMT
        Subject: CN=A45DF06C49F750C7DF1B2C0600A27A79C7016004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:da:c8:4f:21:fb:30:55:96:89:5e:2f:ca:2c:
                    99:e2:b9:97:04:a5:83:ee:26:47:f1:e4:32:0b:89:
                    9c:bf:f3:ad:f5:f6:3b:f5:f3:dc:0e:cf:6e:23:4f:
                    02:5c:02:71:ee:ae:5d:47:c3:b6:07:0c:87:8b:cb:
                    4a:a8:2b:72:52:de:90:4b:f3:ed:a0:e4:40:89:1c:
                    4e:f1:eb:82:c3:b5:0a:27:bf:a1:75:d6:57:0e:5b:
                    02:7b:22:c7:81:50:65:2b:83:49:68:f5:26:ea:7c:
                    fa:66:df:41:28:dc:51:b3:1d:3c:43:7d:6f:b9:5d:
                    11:2d:43:87:f6:02:9d:6f:2c:98:c3:e4:29:6f:23:
                    37:6a:1f:55:1b:00:92:75:c3:d9:7a:72:bd:bc:85:
                    99:76:19:7e:4a:72:b9:4b:b2:21:12:12:5d:f4:5d:
                    e4:92:ae:05:70:3e:dc:b5:66:e1:4f:ee:8f:c5:76:
                    d3:55:da:3b:02:33:68:8a:47:6e:6e:ed:1f:42:b6:
                    f0:3d:86:6b:66:69:6c:ea:b7:fa:6d:e7:3d:74:d6:
                    47:49:5b:86:ad:88:b4:c6:bf:87:0e:11:25:be:9a:
                    d1:9c:3e:7e:b1:6e:72:52:ed:96:48:e4:89:ef:69:
                    81:8d:52:c6:cf:12:c9:1e:a1:61:2c:00:3f:41:3f:
                    93:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:5D:F0:6C:49:F7:50:C7:DF:1B:2C:06:00:A2:7A:79:C7:01:60:04
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.223.52.0/24
                  145.223.56.0/24
                  146.103.44.0/24
                  146.103.55.0/24
                  146.103.59.0/24
                  150.241.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:25:ac:de:ef:65:39:27:9b:00:fe:0a:45:ee:39:af:b7:e3:
         48:6d:85:35:c9:18:1c:c8:ef:5d:84:e2:a4:05:6c:55:ce:c9:
         df:ed:d2:2b:64:77:63:78:d6:f3:9a:d4:54:ca:c3:c9:a8:bf:
         43:0a:2d:67:36:c1:2e:11:c8:7a:d2:36:68:ce:07:c7:f8:98:
         68:b2:fe:04:e2:a0:d3:e7:9e:8c:9a:84:dc:ef:fc:cd:cf:7f:
         48:ac:01:1d:53:1a:06:d8:b1:37:f2:d3:05:20:cb:b5:ee:de:
         37:bd:c1:82:1e:65:75:ab:21:49:03:04:72:48:6a:dc:58:1b:
         ae:38:e4:d0:6f:50:70:4a:24:1b:e1:98:96:de:fe:67:6a:09:
         08:eb:3e:1c:ef:01:18:b8:1e:1a:6f:24:90:be:9d:9b:be:9c:
         93:86:91:2e:8f:80:3d:9f:4e:5c:e7:d1:41:74:60:cf:cc:4a:
         4d:8c:4c:53:c0:7c:83:18:85:83:f3:e7:9f:d0:8b:e3:28:3e:
         ca:71:7a:43:59:48:3a:2a:29:dc:7c:d8:d9:0d:92:d7:7f:ed:
         1c:3f:00:4d:1e:fa:3f:c3:76:97:b2:9d:e5:e5:67:b1:88:0b:
         ae:88:e4:07:74:80:75:fd:73:d0:a3:04:4a:b7:78:7e:f2:ce:
         83:e9:9c:21
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUFEnHU5jmDfE1qOjoNPruENvTuiEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MTcyMzU2MTZaFw0yNjA5MTcwMDAxMTZaMDMxMTAvBgNV
BAMTKEE0NURGMDZDNDlGNzUwQzdERjFCMkMwNjAwQTI3QTc5QzcwMTYwMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ2shPIfswVZaJXi/KLJniuZcE
pYPuJkfx5DILiZy/86319jv189wOz24jTwJcAnHurl1Hw7YHDIeLy0qoK3JS3pBL
8+2g5ECJHE7x64LDtQonv6F11lcOWwJ7IseBUGUrg0lo9SbqfPpm30Eo3FGzHTxD
fW+5XREtQ4f2Ap1vLJjD5ClvIzdqH1UbAJJ1w9l6cr28hZl2GX5KcrlLsiESEl30
XeSSrgVwPty1ZuFP7o/FdtNV2jsCM2iKR25u7R9CtvA9hmtmaWzqt/pt5z101kdJ
W4atiLTGv4cOESW+mtGcPn6xbnJS7ZZI5InvaYGNUsbPEskeoWEsAD9BP5P5AgMB
AAGjggInMIICIzAdBgNVHQ4EFgQUpF3wbEn3UMffGywGAKJ6eccBYAQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgABMCQDBACR3zQD
BACR3zgDBACSZywDBACSZzcDBACSZzsDBACW8ccwDQYJKoZIhvcNAQELBQADggEB
AJElrN7vZTknmwD+CkXuOa+340hthTXJGBzI712E4qQFbFXOyd/t0itkd2N41vOa
1FTKw8mov0MKLWc2wS4RyHrSNmjOB8f4mGiy/gTioNPnnoyahNzv/M3Pf0isAR1T
GgbYsTfy0wUgy7Xu3je9wYIeZXWrIUkDBHJIatxYG6445NBvUHBKJBvhmJbe/mdq
CQjrPhzvARi4HhpvJJC+nZu+nJOGkS6PgD2fTlzn0UF0YM/MSk2MTFPAfIMYhYPz
55/Qi+MoPspxekNZSDoqKdx82NkNktd/7Rw/AE0e+j/DdpeyneXlZ7GIC66I5Ad0
gHX9c9CjBEq3eH7yzoPpnCE=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:42:35 2025 by rpki-client