Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
File:                     AS400040.roa (raw, json)
Hash identifier:          yvZztrbJR4aCZwVexfDnwgrbF3oxB+niPWXW/Xr+fow=
Subject key identifier:   AA:12:EE:14:1C:A1:AC:7F:A8:82:90:C8:71:5C:A8:CB:23:E9:31:20
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4A73BD61907EAFF7012E066AB54AAC9D6870C006
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
Signing time:             Tue 30 Sep 2025 15:55:07 +0000
ROA not before:           Tue 30 Sep 2025 15:50:07 +0000
ROA not after:            Tue 29 Sep 2026 15:55:07 +0000
asID:                     400040
IP address blocks:        141.11.6.0/24 maxlen: 24
                          141.11.44.0/24 maxlen: 24
                          141.11.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:73:bd:61:90:7e:af:f7:01:2e:06:6a:b5:4a:ac:9d:68:70:c0:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 30 15:50:07 2025 GMT
            Not After : Sep 29 15:55:07 2026 GMT
        Subject: CN=AA12EE141CA1AC7FA88290C8715CA8CB23E93120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:00:00:2e:7d:9a:bd:af:0e:8b:20:f6:2e:e0:
                    7c:11:45:34:68:41:bb:88:dc:37:13:ca:6d:88:49:
                    fd:d8:0a:6d:16:84:ed:0a:a0:4a:fd:88:e4:67:a1:
                    be:eb:ec:6a:e4:ba:ee:17:9c:d3:23:50:06:44:35:
                    17:21:56:94:69:1d:0e:f5:df:d7:dd:e5:43:93:47:
                    51:90:dc:86:f0:35:c9:48:a6:bf:0b:98:1e:2c:96:
                    08:52:73:d3:86:07:2f:ba:40:f4:ee:b9:17:6d:19:
                    f7:6a:e5:7d:2f:2a:06:79:90:88:16:1d:68:47:4e:
                    28:b2:e0:9a:b7:04:53:cb:3d:12:da:b1:ec:33:5e:
                    ac:a9:a8:47:61:4f:1a:08:06:c0:69:d4:48:5d:d3:
                    9e:15:57:14:b8:16:f2:ec:f2:5a:70:e7:23:83:9d:
                    1c:c1:cd:e5:86:32:98:64:a1:8b:8f:a4:3a:06:f0:
                    b0:6b:b7:7d:83:f3:d9:f9:3c:fe:7f:bd:0f:0d:0d:
                    24:40:3e:31:f8:0a:b6:c2:77:aa:33:f3:4e:90:50:
                    a5:9c:ba:9e:db:82:38:ea:3f:b2:2e:6d:6a:de:da:
                    53:b6:c4:7f:da:12:d2:5a:9b:96:7a:56:69:3a:75:
                    63:51:44:20:22:18:0d:be:22:4b:c3:28:34:d9:1e:
                    7d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:12:EE:14:1C:A1:AC:7F:A8:82:90:C8:71:5C:A8:CB:23:E9:31:20
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.6.0/24
                  141.11.44.0/24
                  141.11.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:07:e1:63:e0:98:7b:53:fd:4f:cd:67:13:29:30:10:9a:b0:
         ac:8d:bf:91:59:19:da:b3:d6:bc:a5:0d:cb:eb:3f:a4:45:b2:
         16:db:62:39:47:24:e8:56:b1:2e:ba:f5:b8:e2:60:52:d6:59:
         76:ba:15:33:c2:ff:ea:58:bd:6a:1c:c7:b5:82:ba:77:48:d2:
         cb:1d:f7:32:90:2a:e2:2d:45:c8:ee:0b:eb:bc:18:fa:8a:da:
         9e:77:d6:d0:b7:da:3b:0c:8c:53:ec:66:1e:d4:ef:09:3c:64:
         63:66:10:32:ee:55:79:e6:c9:e9:b1:9e:04:51:37:ca:50:a9:
         4e:a0:28:06:99:2b:2e:be:92:31:af:c8:51:69:9a:cf:cf:64:
         77:01:90:a4:b2:11:b9:c7:5e:14:67:f9:88:02:4e:22:d5:a5:
         06:45:14:3a:b6:10:15:94:47:95:58:26:85:6c:4e:b6:4e:94:
         bf:0f:90:dd:ce:9b:51:83:8e:29:d3:ac:3a:93:3a:ff:24:ff:
         3f:f3:3f:b5:72:cf:5b:3f:5c:17:72:ca:4e:32:2f:68:1a:c4:
         7f:25:f9:da:46:86:2c:c3:8d:28:ce:13:72:dc:36:f6:04:79:
         c8:8f:c3:55:ce:f0:01:98:1d:97:30:42:d2:2b:91:6f:c1:a9:
         0e:e6:a1:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUSnO9YZB+r/cBLgZqtUqsnWhwwAYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MzAxNTUwMDdaFw0yNjA5MjkxNTU1MDdaMDMxMTAvBgNV
BAMTKEFBMTJFRTE0MUNBMUFDN0ZBODgyOTBDODcxNUNBOENCMjNFOTMxMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSAAAufZq9rw6LIPYu4HwRRTRo
QbuI3DcTym2ISf3YCm0WhO0KoEr9iORnob7r7Grkuu4XnNMjUAZENRchVpRpHQ71
39fd5UOTR1GQ3IbwNclIpr8LmB4slghSc9OGBy+6QPTuuRdtGfdq5X0vKgZ5kIgW
HWhHTiiy4Jq3BFPLPRLasewzXqypqEdhTxoIBsBp1Ehd054VVxS4FvLs8lpw5yOD
nRzBzeWGMphkoYuPpDoG8LBrt32D89n5PP5/vQ8NDSRAPjH4CrbCd6oz806QUKWc
up7bgjjqP7IubWre2lO2xH/aEtJam5Z6Vmk6dWNRRCAiGA2+IkvDKDTZHn3vAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUqhLuFByhrH+ogpDIcVyoyyPpMSAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwMDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQsG
AwQAjQssAwQAjQu/MA0GCSqGSIb3DQEBCwUAA4IBAQByB+Fj4Jh7U/1PzWcTKTAQ
mrCsjb+RWRnas9a8pQ3L6z+kRbIW22I5RyToVrEuuvW44mBS1ll2uhUzwv/qWL1q
HMe1grp3SNLLHfcykCriLUXI7gvrvBj6itqed9bQt9o7DIxT7GYe1O8JPGRjZhAy
7lV55snpsZ4EUTfKUKlOoCgGmSsuvpIxr8hRaZrPz2R3AZCkshG5x14UZ/mIAk4i
1aUGRRQ6thAVlEeVWCaFbE62TpS/D5DdzptRg44p06w6kzr/JP8/8z+1cs9bP1wX
cspOMi9oGsR/JfnaRoYsw40ozhNy3Db2BHnIj8NVzvABmB2XMELSK5FvwakO5qFP
-----END CERTIFICATE-----