Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS40605.roa
File:                     AS40605.roa (raw, json)
Hash identifier:          sZypfJNDRZiTtHntmizcFRvE+5OWEQKVLhVWXPArd7M=
Subject key identifier:   4C:FD:10:7E:96:27:D4:85:02:23:15:A2:3F:E8:AC:5D:32:4C:AA:83
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       67DE7AE9FE7B37A191F1EA9DC566A2C369A4AC55
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS40605.roa
Signing time:             Mon 02 Mar 2026 00:03:20 +0000
ROA not before:           Sun 01 Mar 2026 23:58:20 +0000
ROA not after:            Mon 01 Mar 2027 00:03:20 +0000
asID:                     40605
IP address blocks:        82.39.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:de:7a:e9:fe:7b:37:a1:91:f1:ea:9d:c5:66:a2:c3:69:a4:ac:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  1 23:58:20 2026 GMT
            Not After : Mar  1 00:03:20 2027 GMT
        Subject: CN=4CFD107E9627D485022315A23FE8AC5D324CAA83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ae:dd:c5:51:fd:c8:f8:46:1c:3a:58:82:b8:
                    34:14:10:33:41:53:65:ca:cb:78:0b:1d:17:d1:a9:
                    e3:b7:e4:6b:fd:a5:b3:e6:01:4d:14:1d:cb:ef:42:
                    3e:be:d0:4b:bf:f9:63:e0:e7:6c:78:20:c7:48:7e:
                    ea:40:aa:aa:d7:8c:79:9d:43:57:7d:0f:1c:64:fc:
                    00:1d:c3:e9:53:72:83:7f:c2:8d:5e:a3:ff:07:22:
                    10:ed:7a:e7:f3:a2:cd:5d:9e:71:72:b9:74:b4:29:
                    e8:b1:ff:7d:3a:33:0a:6d:88:49:36:6e:40:52:c7:
                    c5:15:c4:2a:d3:3a:96:a4:c2:69:8f:3b:93:39:1e:
                    99:79:59:35:79:21:6c:2f:a5:74:95:02:8d:8a:b8:
                    ac:2b:b1:a5:b0:3d:00:33:ae:2d:4f:41:08:c0:52:
                    61:c0:b9:5c:67:68:97:0a:06:ed:de:c8:78:77:38:
                    59:e3:9d:ed:70:9a:03:d8:08:f3:1c:aa:60:ae:38:
                    29:d4:0a:81:4a:51:4f:1f:f5:ab:62:81:a2:94:8a:
                    2f:02:82:ec:73:e4:c9:b7:de:2c:1d:34:8c:27:65:
                    89:bf:5e:85:53:fe:44:25:32:a3:55:13:4b:96:10:
                    11:9e:8c:a8:a1:d5:ec:bc:f2:57:4f:04:b1:1c:bb:
                    38:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:FD:10:7E:96:27:D4:85:02:23:15:A2:3F:E8:AC:5D:32:4C:AA:83
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS40605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:e6:5d:b5:76:26:11:a7:3a:d3:55:aa:ec:32:c1:ba:fd:dc:
         c4:a8:07:2b:46:f5:e5:36:b1:5e:ad:b7:d8:bd:1f:30:47:91:
         6e:12:17:0f:1a:b3:50:68:3a:68:33:85:c3:eb:75:04:26:60:
         58:f7:54:08:6d:16:52:8e:c4:85:4d:9d:cc:cd:02:ec:50:c8:
         0b:c0:1f:08:3a:68:e4:1d:a6:06:d1:9f:11:88:de:4d:53:c0:
         2f:88:a5:8f:76:ad:0d:ce:93:67:04:ba:9c:71:76:2f:93:c6:
         52:ae:15:8e:8d:ed:4e:f5:69:b0:96:9f:6d:fb:ec:c5:ef:59:
         0d:8b:37:c8:36:40:89:d5:1f:78:38:71:7d:33:08:f0:7d:fd:
         e9:28:9d:bd:ef:ac:30:ae:6a:8e:6f:06:f5:1d:17:92:31:1f:
         08:31:f9:d5:98:7a:fe:10:3a:1e:58:16:e8:75:d5:a5:ab:29:
         58:a5:6c:6f:60:0e:4a:3f:d6:08:a1:40:a1:a2:8d:da:5f:2a:
         62:da:55:28:be:fd:1b:2b:e8:85:c4:bc:e3:16:8a:f2:f5:4b:
         3c:e1:75:21:68:d3:d9:63:49:f9:33:7e:c5:af:1e:20:11:81:
         8a:c0:a7:d7:4a:89:2f:19:0c:a3:a1:d7:01:7f:d3:ca:fe:72:
         37:5f:f7:4d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZ9566f57N6GR8eqdxWaiw2mkrFUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDEyMzU4MjBaFw0yNzAzMDEwMDAzMjBaMDMxMTAvBgNV
BAMTKDRDRkQxMDdFOTYyN0Q0ODUwMjIzMTVBMjNGRThBQzVEMzI0Q0FBODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOrt3FUf3I+EYcOliCuDQUEDNB
U2XKy3gLHRfRqeO35Gv9pbPmAU0UHcvvQj6+0Eu/+WPg52x4IMdIfupAqqrXjHmd
Q1d9Dxxk/AAdw+lTcoN/wo1eo/8HIhDteufzos1dnnFyuXS0Keix/306MwptiEk2
bkBSx8UVxCrTOpakwmmPO5M5Hpl5WTV5IWwvpXSVAo2KuKwrsaWwPQAzri1PQQjA
UmHAuVxnaJcKBu3eyHh3OFnjne1wmgPYCPMcqmCuOCnUCoFKUU8f9atigaKUii8C
guxz5Mm33iwdNIwnZYm/XoVT/kQlMqNVE0uWEBGejKih1ey88ldPBLEcuzjHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUTP0QfpYn1IUCIxWiP+isXTJMqoMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDA2MDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSJ5Yw
DQYJKoZIhvcNAQELBQADggEBAEjmXbV2JhGnOtNVquwywbr93MSoBytG9eU2sV6t
t9i9HzBHkW4SFw8as1BoOmgzhcPrdQQmYFj3VAhtFlKOxIVNnczNAuxQyAvAHwg6
aOQdpgbRnxGI3k1TwC+IpY92rQ3Ok2cEupxxdi+TxlKuFY6N7U71abCWn2377MXv
WQ2LN8g2QInVH3g4cX0zCPB9/ekonb3vrDCuao5vBvUdF5IxHwgx+dWYev4QOh5Y
Fuh11aWrKVilbG9gDko/1gihQKGijdpfKmLaVSi+/Rsr6IXEvOMWivL1SzzhdSFo
09ljSfkzfsWvHiARgYrAp9dKiS8ZDKOh1wF/08r+cjdf900=
-----END CERTIFICATE-----