Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          DozKbhhwdlTiyADj1lk6KWT3Kw6fFDYAYNUVpKWhp+8=
Subject key identifier:   84:FE:C3:95:CC:C4:3C:5B:B8:60:E2:59:F3:5D:6C:64:51:21:BE:23
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       127FE024D68DEB334B13B902B300D610344FA706
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa
Signing time:             Sat 06 Jun 2026 08:16:53 +0000
ROA not before:           Sat 06 Jun 2026 08:11:53 +0000
ROA not after:            Sat 05 Jun 2027 08:16:53 +0000
asID:                     62240
IP address blocks:        143.14.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:7f:e0:24:d6:8d:eb:33:4b:13:b9:02:b3:00:d6:10:34:4f:a7:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  6 08:11:53 2026 GMT
            Not After : Jun  5 08:16:53 2027 GMT
        Subject: CN=84FEC395CCC43C5BB860E259F35D6C645121BE23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:32:c8:b8:b4:dc:87:ac:2e:73:b2:97:19:a6:
                    3d:15:47:6a:4d:69:4e:98:b5:fa:ff:08:f9:16:82:
                    41:da:e3:ad:2f:01:da:8f:17:c5:1d:e4:4f:1c:9c:
                    95:71:4d:49:c7:30:e1:40:a6:0c:d5:9a:aa:21:62:
                    c8:5b:55:56:57:73:30:e7:d1:70:25:53:b0:c3:45:
                    a0:0b:5c:59:c1:56:e5:8a:26:0e:8b:83:97:0e:61:
                    b4:a7:9b:47:a7:7b:f0:d6:ac:c6:cf:8f:c8:26:d0:
                    dd:65:17:f7:82:e2:05:73:97:e7:85:cb:b2:b8:b4:
                    6b:dc:1b:21:b3:33:3f:54:ab:bf:2a:ba:dd:62:0e:
                    9e:84:81:2b:cc:46:71:fb:65:6f:c2:18:55:97:b4:
                    e4:c5:7c:7e:88:11:f7:3c:dc:a0:87:9a:62:47:6a:
                    f3:33:db:e3:c2:5c:7f:3c:b4:2b:32:db:36:6a:e1:
                    fe:b6:0e:52:a8:5f:8d:cc:34:04:da:da:1e:b5:4c:
                    3e:7e:1d:a4:a3:34:47:ef:d9:7b:99:b0:df:23:ee:
                    38:27:8b:8d:a9:6d:ef:32:0a:b3:72:1e:0f:72:ec:
                    cb:04:cb:5d:98:5f:ea:eb:ae:9e:d5:4e:df:da:a3:
                    1e:e3:82:6c:16:99:de:bd:8a:b3:4f:d5:78:a4:60:
                    4e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FE:C3:95:CC:C4:3C:5B:B8:60:E2:59:F3:5D:6C:64:51:21:BE:23
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e8:d6:70:28:e4:fe:bf:3a:18:c2:42:07:f1:e5:22:69:5c:
         bb:58:a6:69:e5:8f:ba:84:6d:99:3f:30:1b:e2:9a:ba:0f:40:
         97:ad:3b:3e:1f:1c:ac:de:97:92:78:4b:91:02:7d:03:5b:de:
         aa:1e:fc:ad:20:b9:f2:6f:d9:b2:74:f4:d0:3c:78:e9:0e:57:
         79:b9:63:83:8a:22:bd:36:e3:44:0d:4b:c1:34:bb:f5:d3:b3:
         a2:30:66:8a:91:2f:09:06:62:b4:0c:ea:dc:2d:46:e0:06:71:
         3f:a1:3b:63:e7:29:f6:9e:0e:70:b4:3a:ef:2d:91:32:d6:21:
         53:fb:36:98:30:4c:82:d7:73:a0:f4:6b:08:ae:6b:f9:45:ab:
         34:9b:3b:aa:c7:f4:c0:a0:84:4a:a7:5b:f6:9e:db:c2:a2:51:
         d5:f6:86:07:03:ee:e1:05:60:6a:7a:e5:56:b4:f7:53:7f:6e:
         08:42:12:54:ba:79:44:40:43:18:be:07:f0:00:62:83:ba:49:
         83:66:e9:05:7e:38:1f:26:89:6f:b2:de:58:6d:ac:29:35:3e:
         4e:de:a9:e3:02:3a:eb:57:6c:7b:b9:4c:12:6f:19:17:0f:b3:
         94:51:b7:0f:84:37:40:c3:e9:d0:04:a5:78:c4:e9:0d:f1:0d:
         51:28:49:74
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEn/gJNaN6zNLE7kCswDWEDRPpwYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDYwODExNTNaFw0yNzA2MDUwODE2NTNaMDMxMTAvBgNV
BAMTKDg0RkVDMzk1Q0NDNDNDNUJCODYwRTI1OUYzNUQ2QzY0NTEyMUJFMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeMsi4tNyHrC5zspcZpj0VR2pN
aU6Ytfr/CPkWgkHa460vAdqPF8Ud5E8cnJVxTUnHMOFApgzVmqohYshbVVZXczDn
0XAlU7DDRaALXFnBVuWKJg6Lg5cOYbSnm0ene/DWrMbPj8gm0N1lF/eC4gVzl+eF
y7K4tGvcGyGzMz9Uq78qut1iDp6EgSvMRnH7ZW/CGFWXtOTFfH6IEfc83KCHmmJH
avMz2+PCXH88tCsy2zZq4f62DlKoX43MNATa2h61TD5+HaSjNEfv2XuZsN8j7jgn
i42pbe8yCrNyHg9y7MsEy12YX+rrrp7VTt/aox7jgmwWmd69irNP1XikYE6tAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUhP7DlczEPFu4YOJZ811sZFEhviMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPDt0w
DQYJKoZIhvcNAQELBQADggEBAADo1nAo5P6/OhjCQgfx5SJpXLtYpmnlj7qEbZk/
MBvimroPQJetOz4fHKzel5J4S5ECfQNb3qoe/K0gufJv2bJ09NA8eOkOV3m5Y4OK
Ir0240QNS8E0u/XTs6IwZoqRLwkGYrQM6twtRuAGcT+hO2PnKfaeDnC0Ou8tkTLW
IVP7NpgwTILXc6D0awiua/lFqzSbO6rH9MCghEqnW/ae28KiUdX2hgcD7uEFYGp6
5Va091N/bghCElS6eURAQxi+B/AAYoO6SYNm6QV+OB8miW+y3lhtrCk1Pk7eqeMC
OutXbHu5TBJvGRcPs5RRtw+EN0DD6dAEpXjE6Q3xDVEoSXQ=
-----END CERTIFICATE-----