Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS140052.roa
File:                     AS140052.roa (raw, json)
Hash identifier:          sukjHEOBlVKtT1oGlGrVM8IB8rwSzan5tmY9nHDVQUY=
Subject key identifier:   2C:E4:3A:D9:B8:03:4E:22:72:9B:34:B7:41:F4:36:B7:2A:0E:D4:D6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0B629E570231157235BF407D58A28BEBBF2349A6
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS140052.roa
Signing time:             Sun 22 Mar 2026 01:03:02 +0000
ROA not before:           Sun 22 Mar 2026 00:58:02 +0000
ROA not after:            Sun 21 Mar 2027 01:03:02 +0000
asID:                     140052
IP address blocks:        141.11.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:62:9e:57:02:31:15:72:35:bf:40:7d:58:a2:8b:eb:bf:23:49:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 22 00:58:02 2026 GMT
            Not After : Mar 21 01:03:02 2027 GMT
        Subject: CN=2CE43AD9B8034E22729B34B741F436B72A0ED4D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:59:79:08:ac:ad:47:93:7e:9b:59:2e:d8:
                    51:e5:78:3e:2b:f0:42:c0:4c:27:54:52:f2:79:58:
                    d3:70:a9:15:f4:0a:69:fe:b3:15:62:e7:0b:70:24:
                    8b:17:92:99:38:fd:d4:0b:0c:82:90:48:61:87:17:
                    47:e9:ae:28:39:13:60:e1:4a:d6:e5:49:4f:a6:e5:
                    90:08:d5:50:09:2a:3b:40:6f:61:01:f9:42:5d:bf:
                    b3:1f:fb:1b:4f:bd:61:33:b9:68:d5:2f:a3:03:12:
                    da:f9:e6:81:03:24:80:f9:8b:6a:d0:b3:11:27:f8:
                    12:6f:ae:a8:76:56:f6:84:96:a3:74:9a:94:b5:2e:
                    e1:d2:98:05:a5:c7:04:49:36:46:01:f2:9d:08:76:
                    df:88:c6:97:30:df:c6:3a:88:70:d7:23:74:ef:d0:
                    72:9d:75:68:7e:1a:21:96:f6:f0:b7:5b:9b:e1:3e:
                    76:62:23:72:a3:9c:69:03:2d:83:8b:30:c3:c8:dd:
                    0e:bd:99:14:df:a2:0c:5a:f3:81:5d:0a:e5:dd:8b:
                    54:cc:1b:f8:2a:92:b7:2b:49:54:c8:c6:d9:eb:f0:
                    e9:ac:73:fd:f0:c4:29:93:d7:af:97:69:7e:6c:ff:
                    63:ed:8e:e0:e1:cd:f7:ca:62:71:3b:a4:cd:c7:df:
                    16:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E4:3A:D9:B8:03:4E:22:72:9B:34:B7:41:F4:36:B7:2A:0E:D4:D6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS140052.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:ad:51:72:0e:fc:6e:a4:a5:47:0d:7f:f2:fb:01:cf:e6:c9:
         65:bd:57:d8:d0:b5:8e:e1:c7:94:7b:87:9f:02:45:ce:1d:5e:
         e8:ec:af:00:0e:41:92:eb:ac:a3:9a:29:8e:78:da:6e:21:d9:
         26:8d:f9:59:db:82:55:df:79:65:70:d1:a6:c2:c5:17:35:04:
         63:26:69:b5:8f:1c:63:f5:92:77:b8:98:32:d8:1c:2e:a8:38:
         c3:bc:63:27:09:95:64:1c:d5:b4:df:82:ae:d1:c9:9a:1a:2b:
         ae:5c:ac:d1:2f:9a:0f:34:85:c0:ae:98:91:2c:8d:3e:94:20:
         0a:00:98:c7:d6:09:6f:a0:bf:a1:68:00:5d:89:97:9c:6b:fe:
         6a:5e:aa:73:f3:3f:b6:c5:ff:dc:fd:62:b3:c6:31:41:f0:77:
         54:f5:e3:dc:8d:6d:58:e8:7c:1c:9b:f5:1d:b2:aa:1d:f2:68:
         e5:84:87:58:3d:42:73:de:cb:0f:39:c0:9e:84:36:98:c2:e0:
         9b:0c:fe:24:62:5d:3f:9f:45:63:41:bb:c6:a4:98:e6:28:a4:
         a7:24:f6:5e:fb:35:a6:2b:f0:c0:9e:20:61:b3:9f:c0:af:d7:
         c9:ec:dc:00:fe:f0:43:01:6b:9e:6d:e0:87:af:40:6d:4d:e8:
         49:9d:66:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUC2KeVwIxFXI1v0B9WKKL678jSaYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMjIwMDU4MDJaFw0yNzAzMjEwMTAzMDJaMDMxMTAvBgNV
BAMTKDJDRTQzQUQ5QjgwMzRFMjI3MjlCMzRCNzQxRjQzNkI3MkEwRUQ0RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJ1ll5CKytR5N+m1ku2FHleD4r
8ELATCdUUvJ5WNNwqRX0Cmn+sxVi5wtwJIsXkpk4/dQLDIKQSGGHF0fprig5E2Dh
StblSU+m5ZAI1VAJKjtAb2EB+UJdv7Mf+xtPvWEzuWjVL6MDEtr55oEDJID5i2rQ
sxEn+BJvrqh2VvaElqN0mpS1LuHSmAWlxwRJNkYB8p0Idt+Ixpcw38Y6iHDXI3Tv
0HKddWh+GiGW9vC3W5vhPnZiI3KjnGkDLYOLMMPI3Q69mRTfogxa84FdCuXdi1TM
G/gqkrcrSVTIxtnr8Omsc/3wxCmT16+XaX5s/2PtjuDhzffKYnE7pM3H3xZpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULOQ62bgDTiJymzS3QfQ2tyoO1NYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQwMDUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQv7
MA0GCSqGSIb3DQEBCwUAA4IBAQDGrVFyDvxupKVHDX/y+wHP5sllvVfY0LWO4ceU
e4efAkXOHV7o7K8ADkGS66yjmimOeNpuIdkmjflZ24JV33llcNGmwsUXNQRjJmm1
jxxj9ZJ3uJgy2BwuqDjDvGMnCZVkHNW034Ku0cmaGiuuXKzRL5oPNIXArpiRLI0+
lCAKAJjH1glvoL+haABdiZeca/5qXqpz8z+2xf/c/WKzxjFB8HdU9ePcjW1Y6Hwc
m/Udsqod8mjlhIdYPUJz3ssPOcCehDaYwuCbDP4kYl0/n0VjQbvGpJjmKKSnJPZe
+zWmK/DAniBhs5/Ar9fJ7NwA/vBDAWuebeCHr0BtTehJnWYn
-----END CERTIFICATE-----