Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS40605.roa
File:                     AS40605.roa (raw, json)
Hash identifier:          FYlLnzJDntJOSFIUjQ+1OmDl4Oe0gCpu4zzHauE5Or0=
Subject key identifier:   2A:CE:71:CD:7F:92:D9:96:C0:03:44:1A:0A:D2:6D:90:80:D5:F4:D8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       33A3773059C1833AB92638B2780A62ECCF6ED07D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS40605.roa
Signing time:             Thu 26 Jun 2025 21:34:00 +0000
ROA not before:           Thu 26 Jun 2025 21:29:00 +0000
ROA not after:            Thu 25 Jun 2026 21:34:00 +0000
asID:                     40605
IP address blocks:        82.25.33.0/24 maxlen: 24
                          82.25.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:a3:77:30:59:c1:83:3a:b9:26:38:b2:78:0a:62:ec:cf:6e:d0:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 26 21:29:00 2025 GMT
            Not After : Jun 25 21:34:00 2026 GMT
        Subject: CN=2ACE71CD7F92D996C003441A0AD26D9080D5F4D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8d:61:de:98:04:b5:89:c1:19:fe:69:a7:50:
                    4b:99:39:fd:71:77:0c:a4:bf:66:db:d0:bb:e7:ea:
                    d0:6e:63:c2:c3:b0:7c:cf:b9:f6:db:3f:2e:c9:b8:
                    d9:4f:a5:ac:18:59:0b:d4:73:37:dd:1d:5f:d9:42:
                    83:ce:c7:a2:5c:6c:e0:ed:4d:67:51:95:fe:ab:57:
                    80:36:42:52:fb:5d:4c:f3:23:98:c4:10:4e:b1:b9:
                    08:54:0d:ae:44:b2:c8:58:8a:61:5e:b5:48:d5:85:
                    c5:ab:32:16:90:57:6b:cb:45:c3:f6:04:ce:ac:94:
                    8a:88:12:9b:75:17:cc:c5:7a:b6:5f:32:1f:d9:46:
                    b1:a6:0c:ab:3a:a8:25:7e:93:23:d1:02:3a:7f:2d:
                    56:c5:23:3f:81:e2:38:36:2c:b3:3f:4b:bf:9b:87:
                    80:94:04:1f:29:db:04:fe:a8:31:46:6f:e5:59:39:
                    57:48:4c:bb:78:2c:03:0d:e8:fd:fc:d5:0c:53:03:
                    d1:2a:7b:fe:2a:3a:26:6b:c9:6e:54:b0:c8:b7:02:
                    92:1f:bb:c6:ad:30:52:1d:07:d7:b2:71:51:fd:a1:
                    9d:1a:b4:8a:5a:77:16:27:01:7f:1e:63:55:83:7c:
                    21:93:a3:38:e4:36:ce:21:f2:b5:84:77:d4:6b:3b:
                    4d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:CE:71:CD:7F:92:D9:96:C0:03:44:1A:0A:D2:6D:90:80:D5:F4:D8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS40605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.33.0/24
                  82.25.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:cf:04:84:dd:d2:2e:05:b9:69:25:57:6f:e8:15:ed:11:61:
         67:9d:b4:c6:34:3c:3d:4e:d0:8f:59:56:63:e1:9a:e0:8a:db:
         52:6e:aa:86:b7:d8:3c:0d:6d:26:01:c4:db:ce:87:31:3f:63:
         b5:8f:46:88:b1:8e:a9:52:47:82:5e:ad:46:39:75:25:95:ff:
         2f:9e:80:f8:e3:be:6c:04:96:b1:57:30:b1:a1:c7:f9:ef:bd:
         b8:13:ae:48:24:43:1d:ef:63:91:6a:d0:33:dd:16:6e:ee:9f:
         76:87:d1:50:01:8c:fc:f8:9f:ac:2c:bd:36:05:25:67:e5:69:
         d3:51:9a:07:b2:1b:66:93:35:53:44:df:15:f8:69:e9:19:c2:
         35:d8:c6:dc:6f:4f:b9:15:a6:b6:03:33:52:ac:82:36:5b:96:
         58:36:46:db:cd:8f:40:fb:b0:42:22:80:a6:d1:80:d3:74:04:
         aa:b4:0c:cb:54:8d:a7:54:f5:12:4a:f7:fe:3c:33:39:a6:59:
         00:71:55:02:5d:ee:b7:a9:6c:3e:f6:0f:93:ca:91:fa:3d:ee:
         8e:cc:4d:9d:c2:d0:f1:d8:75:29:e2:8f:c6:06:34:62:e7:6d:
         9a:15:f9:68:e6:45:f5:09:f2:d1:40:9f:d7:33:b0:9c:55:17:
         8d:d6:b4:72
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUM6N3MFnBgzq5JjiyeApi7M9u0H0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjYyMTI5MDBaFw0yNjA2MjUyMTM0MDBaMDMxMTAvBgNV
BAMTKDJBQ0U3MUNEN0Y5MkQ5OTZDMDAzNDQxQTBBRDI2RDkwODBENUY0RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2jWHemAS1icEZ/mmnUEuZOf1x
dwykv2bb0Lvn6tBuY8LDsHzPufbbPy7JuNlPpawYWQvUczfdHV/ZQoPOx6JcbODt
TWdRlf6rV4A2QlL7XUzzI5jEEE6xuQhUDa5EsshYimFetUjVhcWrMhaQV2vLRcP2
BM6slIqIEpt1F8zFerZfMh/ZRrGmDKs6qCV+kyPRAjp/LVbFIz+B4jg2LLM/S7+b
h4CUBB8p2wT+qDFGb+VZOVdITLt4LAMN6P381QxTA9Eqe/4qOiZryW5UsMi3ApIf
u8atMFIdB9eycVH9oZ0atIpadxYnAX8eY1WDfCGTozjkNs4h8rWEd9RrO03zAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUKs5xzX+S2ZbAA0QaCtJtkIDV9NgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDA2MDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSGSED
BABSGSgwDQYJKoZIhvcNAQELBQADggEBAHPPBITd0i4FuWklV2/oFe0RYWedtMY0
PD1O0I9ZVmPhmuCK21Juqoa32DwNbSYBxNvOhzE/Y7WPRoixjqlSR4JerUY5dSWV
/y+egPjjvmwElrFXMLGhx/nvvbgTrkgkQx3vY5Fq0DPdFm7un3aH0VABjPz4n6ws
vTYFJWfladNRmgeyG2aTNVNE3xX4aekZwjXYxtxvT7kVprYDM1KsgjZbllg2RtvN
j0D7sEIigKbRgNN0BKq0DMtUjadU9RJK9/48MzmmWQBxVQJd7repbD72D5PKkfo9
7o7MTZ3C0PHYdSnij8YGNGLnbZoV+WjmRfUJ8tFAn9czsJxVF43WtHI=
-----END CERTIFICATE-----