Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          mjwHL8Kpufg4qVi2elleWp4/6mi8nlgsHErdgQN0HAA=
Subject key identifier:   07:FC:C5:C1:BA:E4:AF:55:5F:E7:9E:FA:EB:D8:0A:03:C7:45:58:FF
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7C1BA5828F14A6B354244237834AA6ACE75EE5A3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
Signing time:             Mon 04 Aug 2025 00:00:42 +0000
ROA not before:           Sun 03 Aug 2025 23:55:42 +0000
ROA not after:            Mon 03 Aug 2026 00:00:42 +0000
asID:                     62240
IP address blocks:        140.150.236.0/22 maxlen: 22
                          147.79.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:1b:a5:82:8f:14:a6:b3:54:24:42:37:83:4a:a6:ac:e7:5e:e5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  3 23:55:42 2025 GMT
            Not After : Aug  3 00:00:42 2026 GMT
        Subject: CN=07FCC5C1BAE4AF555FE79EFAEBD80A03C74558FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b4:8a:e2:c4:80:9c:b8:11:44:8e:61:69:e7:
                    09:70:88:5b:4d:1a:0a:54:91:08:7e:0c:24:b9:d8:
                    08:36:18:69:f1:63:4d:23:b4:a2:fa:c3:c9:1c:4c:
                    ef:36:6a:ab:70:75:6e:e4:3a:31:24:4d:2e:35:85:
                    63:34:15:3c:69:56:31:aa:34:d9:d7:80:ed:22:5d:
                    ec:96:3e:7b:f4:7a:c9:73:d5:6f:93:2f:c5:66:19:
                    f1:59:b6:48:53:37:5b:f8:2d:ef:f2:ec:0f:58:34:
                    8a:6e:e5:dd:50:e2:ec:65:45:b8:52:8a:d6:46:89:
                    b0:74:70:ad:5d:41:b3:3f:f9:a9:89:b2:68:d8:7a:
                    a4:16:87:3f:04:30:a0:81:12:0a:8a:cd:57:a5:dc:
                    b5:4c:01:1b:02:46:83:aa:c8:17:9a:78:39:68:5c:
                    a7:5c:82:5b:61:9e:ae:c3:48:c1:24:1a:27:75:76:
                    2e:fa:8d:2e:ab:c4:de:6f:70:30:61:0c:73:60:f1:
                    53:d4:bb:eb:48:c2:f1:1a:27:f0:61:71:07:21:e4:
                    21:8f:64:3d:88:c3:e3:b5:27:ab:22:0c:14:c8:57:
                    bc:bc:b9:94:5e:50:7a:4b:5b:d4:41:aa:ba:9d:79:
                    33:1f:e1:67:75:83:c0:6d:c1:b2:57:e1:86:97:c6:
                    97:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FC:C5:C1:BA:E4:AF:55:5F:E7:9E:FA:EB:D8:0A:03:C7:45:58:FF
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.236.0/22
                  147.79.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:15:f2:ba:ee:18:c5:d2:72:03:70:90:7d:2f:1b:60:26:07:
         5d:4c:e6:a7:91:a4:5e:13:1b:ce:55:67:77:40:42:63:91:9a:
         5d:76:3b:54:33:39:6e:39:cf:2a:50:3d:42:eb:ec:4c:ec:ea:
         2a:f9:ad:2b:4a:2a:bd:da:f7:47:9b:ec:3c:8f:f3:01:19:8e:
         7e:10:04:7e:2a:91:ee:36:91:65:17:f9:71:b8:7d:85:26:fa:
         e3:67:92:26:03:d3:2b:3b:a7:32:1d:98:f9:b7:9f:88:5c:e2:
         8b:3a:62:d9:2d:29:64:db:2e:df:94:0d:fd:5f:15:0b:c0:7e:
         81:84:9f:91:8b:c8:28:f2:8c:43:9b:9c:d9:bd:84:69:f2:27:
         07:b2:12:09:60:72:ed:52:54:3d:16:74:b0:65:c4:0e:72:84:
         2a:e5:5e:49:af:49:ef:2a:eb:9f:92:11:25:64:d0:7b:75:78:
         6c:1a:f0:67:4e:d1:23:2c:67:13:3b:7c:d0:6a:3e:1d:5e:dd:
         5a:87:a6:fc:7c:10:0d:b9:37:c6:ae:cc:c7:ce:37:8f:cd:4f:
         cb:96:13:71:74:1e:e3:cf:76:6f:ff:2f:3a:29:0c:49:cb:76:
         68:1a:87:55:95:e5:55:df:21:d3:61:e8:4a:37:98:89:d4:46:
         e4:8b:da:d5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfBulgo8UprNUJEI3g0qmrOde5aMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDMyMzU1NDJaFw0yNjA4MDMwMDAwNDJaMDMxMTAvBgNV
BAMTKDA3RkNDNUMxQkFFNEFGNTU1RkU3OUVGQUVCRDgwQTAzQzc0NTU4RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKtIrixICcuBFEjmFp5wlwiFtN
GgpUkQh+DCS52Ag2GGnxY00jtKL6w8kcTO82aqtwdW7kOjEkTS41hWM0FTxpVjGq
NNnXgO0iXeyWPnv0eslz1W+TL8VmGfFZtkhTN1v4Le/y7A9YNIpu5d1Q4uxlRbhS
itZGibB0cK1dQbM/+amJsmjYeqQWhz8EMKCBEgqKzVel3LVMARsCRoOqyBeaeDlo
XKdcglthnq7DSMEkGid1di76jS6rxN5vcDBhDHNg8VPUu+tIwvEaJ/BhcQch5CGP
ZD2Iw+O1J6siDBTIV7y8uZReUHpLW9RBqrqdeTMf4Wd1g8BtwbJX4YaXxpftAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUB/zFwbrkr1Vf557669gKA8dFWP8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKMluwD
BAGTTwIwDQYJKoZIhvcNAQELBQADggEBACYV8rruGMXScgNwkH0vG2AmB11M5qeR
pF4TG85VZ3dAQmORml12O1QzOW45zypQPULr7Ezs6ir5rStKKr3a90eb7DyP8wEZ
jn4QBH4qke42kWUX+XG4fYUm+uNnkiYD0ys7pzIdmPm3n4hc4os6YtktKWTbLt+U
Df1fFQvAfoGEn5GLyCjyjEObnNm9hGnyJweyEglgcu1SVD0WdLBlxA5yhCrlXkmv
Se8q65+SESVk0Ht1eGwa8GdO0SMsZxM7fNBqPh1e3VqHpvx8EA25N8auzMfON4/N
T8uWE3F0HuPPdm//LzopDEnLdmgah1WV5VXfIdNh6Eo3mInURuSL2tU=
-----END CERTIFICATE-----