Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
File:                     AS400040.roa (raw, json)
Hash identifier:          WFZILgppBbe+Tw1FgngmDRMY3DWoZlhcAKrjWB61Z1Q=
Subject key identifier:   A7:DC:C6:CF:EF:C6:72:8A:76:0A:4C:C9:1D:CE:4C:99:EB:D8:CF:49
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       322AA5C935CBA25BD90A39118714D1BAF0398B80
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa
Signing time:             Fri 05 Jun 2026 00:01:34 +0000
ROA not before:           Thu 04 Jun 2026 23:56:34 +0000
ROA not after:            Fri 04 Jun 2027 00:01:34 +0000
asID:                     400040
IP address blocks:        141.11.6.0/24 maxlen: 24
                          141.11.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:2a:a5:c9:35:cb:a2:5b:d9:0a:39:11:87:14:d1:ba:f0:39:8b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  4 23:56:34 2026 GMT
            Not After : Jun  4 00:01:34 2027 GMT
        Subject: CN=A7DCC6CFEFC6728A760A4CC91DCE4C99EBD8CF49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7d:a5:01:c0:2d:71:2f:82:53:f5:88:de:1e:
                    77:99:7e:5a:69:7e:68:14:8e:bb:11:ee:54:71:09:
                    ca:b0:e0:6a:35:3e:a3:d4:6a:95:92:12:b0:af:67:
                    81:b1:77:f6:b3:47:be:2e:13:2a:94:65:58:83:dd:
                    2e:90:00:c0:03:3b:5d:83:53:87:53:4b:b9:b1:91:
                    78:b4:29:18:d1:62:1e:6d:ab:4b:e3:f1:ea:72:da:
                    00:dd:e6:dc:8b:9b:dc:49:05:af:06:22:aa:34:09:
                    d7:44:ba:31:e8:bd:0e:ec:62:0d:42:a8:ad:a8:1f:
                    3a:62:c5:b9:36:5f:4e:26:dd:a6:09:bb:3d:94:d8:
                    24:71:ba:30:5d:c5:89:f3:80:6a:e9:7b:d6:31:22:
                    07:5e:ac:87:93:19:33:96:1d:95:9c:0d:d0:9e:00:
                    a6:a6:6e:a5:b8:d8:9d:2b:68:54:df:01:e1:26:5f:
                    37:c7:1f:f5:a0:81:35:a5:fb:1c:24:50:2c:6e:94:
                    c9:b2:e8:84:25:8e:3c:17:c1:46:7c:2a:01:3e:f8:
                    d3:b3:dc:c3:0e:0b:e2:8c:a5:76:60:4e:ed:9b:25:
                    9f:29:12:fb:d2:89:f0:e6:81:c3:b6:68:50:64:da:
                    f0:12:df:03:fb:7d:2c:ad:f8:4f:62:ae:22:6d:e7:
                    61:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:DC:C6:CF:EF:C6:72:8A:76:0A:4C:C9:1D:CE:4C:99:EB:D8:CF:49
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400040.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.6.0/24
                  141.11.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:21:44:89:0d:03:4a:d4:e4:0c:dd:8d:bb:bf:02:9a:7d:ad:
         a4:b4:8f:4f:ac:58:99:35:06:7f:b2:e4:7c:fa:86:85:6b:44:
         1f:f1:e9:38:59:44:4c:fd:bd:b4:d6:19:31:0b:e3:9f:21:4e:
         01:08:b2:de:df:33:d7:8a:00:b4:8f:ba:bf:77:09:8a:cb:37:
         b2:a8:91:5a:ae:1e:47:a0:10:a5:bc:fc:f8:dc:bd:6a:d3:94:
         b3:08:5a:b5:3e:82:4a:d8:c2:88:49:02:dc:30:28:89:12:c3:
         e7:21:62:f5:4f:78:40:8b:4b:74:0c:46:29:c7:65:01:42:31:
         63:f1:f5:7d:7f:c1:58:d2:46:fc:d1:44:50:4d:cb:83:fc:32:
         08:3c:d9:96:e7:79:9f:81:19:97:f5:11:9a:56:4a:c0:4b:5d:
         c1:8f:a6:10:92:4d:a1:3f:b4:ac:78:de:66:6c:c4:27:0b:46:
         fe:fc:63:b6:55:4d:f3:38:0b:3c:b3:ba:e0:be:b1:8e:2a:b8:
         1b:e1:44:19:fa:5e:bf:64:cc:9a:33:a7:a7:03:21:1a:11:7d:
         dd:47:d4:43:70:13:78:79:b8:e7:ec:8a:a8:e2:eb:de:28:43:
         4d:e9:f4:bb:bd:06:64:b5:b4:05:8e:d8:27:25:a8:87:4d:49:
         a0:ef:ea:55
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUMiqlyTXLolvZCjkRhxTRuvA5i4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDQyMzU2MzRaFw0yNzA2MDQwMDAxMzRaMDMxMTAvBgNV
BAMTKEE3RENDNkNGRUZDNjcyOEE3NjBBNENDOTFEQ0U0Qzk5RUJEOENGNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClfaUBwC1xL4JT9YjeHneZflpp
fmgUjrsR7lRxCcqw4Go1PqPUapWSErCvZ4Gxd/azR74uEyqUZViD3S6QAMADO12D
U4dTS7mxkXi0KRjRYh5tq0vj8epy2gDd5tyLm9xJBa8GIqo0CddEujHovQ7sYg1C
qK2oHzpixbk2X04m3aYJuz2U2CRxujBdxYnzgGrpe9YxIgderIeTGTOWHZWcDdCe
AKambqW42J0raFTfAeEmXzfHH/WggTWl+xwkUCxulMmy6IQljjwXwUZ8KgE++NOz
3MMOC+KMpXZgTu2bJZ8pEvvSifDmgcO2aFBk2vAS3wP7fSyt+E9iriJt52FbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUp9zGz+/Gcop2CkzJHc5MmevYz0kwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwMDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQsG
AwQAjQu/MA0GCSqGSIb3DQEBCwUAA4IBAQCNIUSJDQNK1OQM3Y27vwKafa2ktI9P
rFiZNQZ/suR8+oaFa0Qf8ek4WURM/b201hkxC+OfIU4BCLLe3zPXigC0j7q/dwmK
yzeyqJFarh5HoBClvPz43L1q05SzCFq1PoJK2MKISQLcMCiJEsPnIWL1T3hAi0t0
DEYpx2UBQjFj8fV9f8FY0kb80URQTcuD/DIIPNmW53mfgRmX9RGaVkrAS13Bj6YQ
kk2hP7SseN5mbMQnC0b+/GO2VU3zOAs8s7rgvrGOKrgb4UQZ+l6/ZMyaM6enAyEa
EX3dR9RDcBN4ebjn7Iqo4uveKENN6fS7vQZktbQFjtgnJaiHTUmg7+pV
-----END CERTIFICATE-----