Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          isx8+IuP+i1Qtp/B8g8/UO7+dBmmWCkSfmHXnkGcB3I=
Subject key identifier:   42:94:C5:0E:4F:0F:0D:2E:4C:D1:32:77:2E:41:C9:F8:9B:11:C0:BA
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5CAC761028589015F670E12F0BA5C95F8F8D1379
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
Signing time:             Sat 28 Jun 2025 00:02:35 +0000
ROA not before:           Fri 27 Jun 2025 23:57:35 +0000
ROA not after:            Sat 27 Jun 2026 00:02:35 +0000
asID:                     40676
IP address blocks:        46.202.224.0/24 maxlen: 24
                          91.124.135.0/24 maxlen: 24
                          91.124.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ac:76:10:28:58:90:15:f6:70:e1:2f:0b:a5:c9:5f:8f:8d:13:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 27 23:57:35 2025 GMT
            Not After : Jun 27 00:02:35 2026 GMT
        Subject: CN=4294C50E4F0F0D2E4CD132772E41C9F89B11C0BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:06:b2:1d:6f:99:cf:1d:7d:fd:55:bc:5a:dd:
                    6c:e8:d4:09:4f:1d:d9:ef:2b:7d:5e:27:ed:bd:ce:
                    f6:cc:cf:09:74:38:ab:01:b6:f8:2f:de:68:5b:a7:
                    7c:7b:cb:51:78:3a:3b:e9:88:fa:c5:27:c7:03:97:
                    50:94:2a:d5:8e:ab:4f:0b:52:c1:f5:08:75:d7:de:
                    7d:e0:2d:ce:4a:f1:fc:91:b5:75:71:08:91:b9:74:
                    30:40:38:2f:56:8a:33:5d:fa:95:2b:d9:52:7c:66:
                    3d:e6:3d:6e:4c:27:75:da:63:87:59:db:a3:dc:a9:
                    18:23:34:a8:5e:06:bb:f7:67:ef:e2:4d:e3:f6:6a:
                    6c:4d:44:52:70:6c:8c:6c:6d:33:bd:71:28:70:e3:
                    49:65:6f:0b:3c:5a:53:ec:e5:13:50:e4:e3:16:82:
                    aa:28:7a:7e:60:8b:7f:02:e6:3d:a2:ef:59:67:99:
                    9d:c4:0e:56:cd:7b:82:12:c8:8e:d7:40:f8:a6:e7:
                    b8:ef:c9:e3:74:69:4e:13:c5:58:af:6a:a7:02:a6:
                    d8:e5:fb:c3:bc:08:35:e0:55:d1:49:8b:3a:33:43:
                    92:b5:6f:d8:ca:4a:91:48:e9:96:20:60:52:39:4e:
                    a6:ef:de:a7:4a:80:e8:ec:cc:44:ea:59:f9:dd:64:
                    c6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:94:C5:0E:4F:0F:0D:2E:4C:D1:32:77:2E:41:C9:F8:9B:11:C0:BA
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.224.0/24
                  91.124.135.0/24
                  91.124.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:0a:47:49:61:c1:62:e0:69:c1:be:80:27:4d:a2:3e:2f:03:
         be:a5:a5:93:26:cc:c3:6a:5b:a2:10:78:32:f8:c7:19:c8:46:
         80:12:44:25:6b:2e:ec:fe:2f:71:24:18:b3:87:65:00:53:52:
         be:a8:a6:9a:0b:a1:69:52:09:57:79:1b:d2:bd:4d:d9:03:1e:
         ba:79:54:91:8c:cc:60:a2:ac:ee:22:66:e4:fd:12:09:03:fc:
         ba:8f:a7:68:23:d1:1b:96:68:1f:5f:00:f2:3f:3e:b5:bb:0d:
         99:4a:e8:95:2f:70:49:20:6f:67:d8:4b:4e:2a:3d:5e:4c:23:
         10:22:42:ee:01:ff:75:64:a2:9f:65:13:2d:f1:09:d5:fa:61:
         1c:e5:4e:cb:c6:de:b7:36:c5:46:af:08:ff:1c:59:c2:8d:11:
         52:a7:a0:c3:af:24:31:d0:08:1c:81:3a:fb:f0:59:62:7f:04:
         e8:f8:7f:36:bd:68:04:ac:a4:e0:5a:3a:c1:dd:49:65:f9:ca:
         f4:1c:32:e2:3d:81:88:44:64:25:19:8e:0e:11:f5:aa:80:d6:
         cf:31:a5:10:02:82:e3:85:43:ce:ad:ee:18:a4:f5:62:1a:e2:
         3a:34:66:67:cd:19:57:1b:af:17:d4:33:19:df:f1:ad:6d:f1:
         de:27:d9:57
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUXKx2EChYkBX2cOEvC6XJX4+NE3kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjcyMzU3MzVaFw0yNjA2MjcwMDAyMzVaMDMxMTAvBgNV
BAMTKDQyOTRDNTBFNEYwRjBEMkU0Q0QxMzI3NzJFNDFDOUY4OUIxMUMwQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjBrIdb5nPHX39Vbxa3Wzo1AlP
HdnvK31eJ+29zvbMzwl0OKsBtvgv3mhbp3x7y1F4OjvpiPrFJ8cDl1CUKtWOq08L
UsH1CHXX3n3gLc5K8fyRtXVxCJG5dDBAOC9WijNd+pUr2VJ8Zj3mPW5MJ3XaY4dZ
26PcqRgjNKheBrv3Z+/iTeP2amxNRFJwbIxsbTO9cShw40llbws8WlPs5RNQ5OMW
gqooen5gi38C5j2i71lnmZ3EDlbNe4ISyI7XQPim57jvyeN0aU4TxVivaqcCptjl
+8O8CDXgVdFJizozQ5K1b9jKSpFI6ZYgYFI5Tqbv3qdKgOjszETqWfndZMY5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUQpTFDk8PDS5M0TJ3LkHJ+JsRwLowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAuyuAD
BABbfIcDBABbfLIwDQYJKoZIhvcNAQELBQADggEBAKsKR0lhwWLgacG+gCdNoj4v
A76lpZMmzMNqW6IQeDL4xxnIRoASRCVrLuz+L3EkGLOHZQBTUr6oppoLoWlSCVd5
G9K9TdkDHrp5VJGMzGCirO4iZuT9EgkD/LqPp2gj0RuWaB9fAPI/PrW7DZlK6JUv
cEkgb2fYS04qPV5MIxAiQu4B/3Vkop9lEy3xCdX6YRzlTsvG3rc2xUavCP8cWcKN
EVKnoMOvJDHQCByBOvvwWWJ/BOj4fza9aASspOBaOsHdSWX5yvQcMuI9gYhEZCUZ
jg4R9aqA1s8xpRACguOFQ86t7hik9WIa4jo0ZmfNGVcbrxfUMxnf8a1t8d4n2Vc=
-----END CERTIFICATE-----