Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          AXyHRr71qXHG0ZjnL25AnD0fJCJe03hiibTmqSFD1uI=
Subject key identifier:   6C:47:D9:8E:A7:64:AA:39:38:C8:AA:10:BC:68:FC:77:5B:3F:B6:45
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       66DA070FB29536E140637E1B65BBA782C2ED1B34
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
Signing time:             Mon 30 Mar 2026 10:25:32 +0000
ROA not before:           Mon 30 Mar 2026 10:20:32 +0000
ROA not after:            Mon 29 Mar 2027 10:25:32 +0000
asID:                     62240
IP address blocks:        140.233.180.0/22 maxlen: 22
                          143.14.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:da:07:0f:b2:95:36:e1:40:63:7e:1b:65:bb:a7:82:c2:ed:1b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 30 10:20:32 2026 GMT
            Not After : Mar 29 10:25:32 2027 GMT
        Subject: CN=6C47D98EA764AA3938C8AA10BC68FC775B3FB645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f9:7d:1a:9d:cb:03:ba:31:ae:e7:68:75:a2:
                    03:8e:60:66:0a:8b:b8:80:a8:35:c5:20:65:fa:91:
                    3f:5f:75:ef:f2:5f:af:c9:73:05:29:39:26:9a:8d:
                    16:c9:4f:09:3e:2d:31:81:eb:af:7c:5c:54:22:7f:
                    72:29:49:85:7c:22:7b:f8:98:83:c3:de:f3:b0:c3:
                    03:b6:ef:14:e5:3a:b4:16:e7:91:ad:93:08:64:74:
                    bb:81:85:52:1c:a9:3a:00:92:c6:cb:4d:51:19:e1:
                    36:4d:a0:cf:36:3d:95:2d:e5:b2:76:65:22:df:be:
                    7c:2b:b0:58:ea:83:9a:da:ea:5a:6f:33:4c:f0:f5:
                    b0:d4:cd:5a:7c:45:ee:ef:ab:7c:85:90:60:39:c6:
                    93:24:67:ad:31:90:3f:0a:d3:8b:3b:14:eb:f8:3c:
                    6b:df:f4:d6:c1:8b:24:02:7b:41:dd:f9:02:64:82:
                    e7:d9:b4:e6:f1:53:57:48:41:6c:29:27:cb:4d:00:
                    71:88:36:62:86:fb:6d:14:80:09:8d:40:8e:5e:5c:
                    7f:60:0d:c3:da:3c:ce:07:6d:c2:08:f8:91:a9:2e:
                    2c:b7:86:49:59:7d:48:be:9a:e2:d2:47:3e:fb:d5:
                    bf:f2:64:64:5c:a0:ab:98:09:57:a1:94:26:6b:b8:
                    5d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:47:D9:8E:A7:64:AA:39:38:C8:AA:10:BC:68:FC:77:5B:3F:B6:45
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.180.0/22
                  143.14.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:55:2c:5c:2f:21:03:9b:37:cc:03:c4:b6:ee:87:a2:43:7d:
         b7:33:11:e2:d2:8a:0e:bb:ac:8b:4d:ab:7c:c8:3c:69:27:0e:
         5e:c4:fa:85:ff:12:7d:a2:2e:da:ee:bf:a0:78:37:a3:30:64:
         80:84:45:90:65:57:70:f9:a3:51:59:e7:b9:c2:63:e5:45:8f:
         af:95:d9:dc:52:bf:13:e7:a4:88:18:4b:9f:71:54:29:9f:be:
         2b:e4:03:2e:19:97:5b:e4:53:03:fe:2a:0a:fe:27:f3:78:e7:
         0e:82:34:53:d9:4e:6d:ee:86:8f:a7:a0:86:3b:91:d4:c3:90:
         3a:70:a8:50:59:c6:8f:07:ec:2f:f9:77:29:a3:36:cd:0e:1f:
         f2:67:80:cb:a4:a1:68:8b:7d:91:7e:da:18:6b:c0:bd:cf:26:
         a5:43:c7:ab:71:a8:56:3e:bf:e4:21:21:4d:53:99:10:63:f2:
         a1:c5:28:67:51:91:53:6e:f6:ac:87:41:67:7a:06:40:75:22:
         cd:00:b2:5d:2c:9e:54:5e:39:7d:e4:68:ef:15:79:b9:a3:2f:
         d1:7c:27:a0:17:e5:20:36:0d:e3:0f:fa:30:19:be:8d:66:4a:
         a8:4e:7d:54:67:8c:82:2d:ad:4e:ab:f1:d6:8d:6b:b3:3d:47:
         67:70:80:0b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUZtoHD7KVNuFAY34bZbungsLtGzQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMzAxMDIwMzJaFw0yNzAzMjkxMDI1MzJaMDMxMTAvBgNV
BAMTKDZDNDdEOThFQTc2NEFBMzkzOEM4QUExMEJDNjhGQzc3NUIzRkI2NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu+X0ancsDujGu52h1ogOOYGYK
i7iAqDXFIGX6kT9fde/yX6/JcwUpOSaajRbJTwk+LTGB6698XFQif3IpSYV8Inv4
mIPD3vOwwwO27xTlOrQW55GtkwhkdLuBhVIcqToAksbLTVEZ4TZNoM82PZUt5bJ2
ZSLfvnwrsFjqg5ra6lpvM0zw9bDUzVp8Re7vq3yFkGA5xpMkZ60xkD8K04s7FOv4
PGvf9NbBiyQCe0Hd+QJkgufZtObxU1dIQWwpJ8tNAHGINmKG+20UgAmNQI5eXH9g
DcPaPM4HbcII+JGpLiy3hklZfUi+muLSRz771b/yZGRcoKuYCVehlCZruF0vAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUbEfZjqdkqjk4yKoQvGj8d1s/tkUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKM6bQD
BACPDt0wDQYJKoZIhvcNAQELBQADggEBALxVLFwvIQObN8wDxLbuh6JDfbczEeLS
ig67rItNq3zIPGknDl7E+oX/En2iLtruv6B4N6MwZICERZBlV3D5o1FZ57nCY+VF
j6+V2dxSvxPnpIgYS59xVCmfvivkAy4Zl1vkUwP+Kgr+J/N45w6CNFPZTm3uho+n
oIY7kdTDkDpwqFBZxo8H7C/5dymjNs0OH/JngMukoWiLfZF+2hhrwL3PJqVDx6tx
qFY+v+QhIU1TmRBj8qHFKGdRkVNu9qyHQWd6BkB1Is0Asl0snlReOX3kaO8Vebmj
L9F8J6AX5SA2DeMP+jAZvo1mSqhOfVRnjIItrU6r8daNa7M9R2dwgAs=
-----END CERTIFICATE-----