Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          mxe8NZKXdQa1fgEXtCVp7UXA/3FLay/ZlC23mGbHy6w=
Subject key identifier:   8E:C7:7E:A8:68:70:95:14:93:9B:C8:D9:ED:9B:4D:E9:90:E1:8F:79
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       618B32365F4B2B6C64EB0419901935648A6552A3
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40676.roa
Signing time:             Sun 06 Apr 2025 10:25:04 +0000
ROA not before:           Sun 06 Apr 2025 10:20:04 +0000
ROA not after:            Sun 05 Apr 2026 10:25:04 +0000
asID:                     40676
IP address blocks:        141.11.245.0/24 maxlen: 24
                          141.11.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8b:32:36:5f:4b:2b:6c:64:eb:04:19:90:19:35:64:8a:65:52:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr  6 10:20:04 2025 GMT
            Not After : Apr  5 10:25:04 2026 GMT
        Subject: CN=8EC77EA868709514939BC8D9ED9B4DE990E18F79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b1:73:77:bf:6a:74:26:65:a2:58:7b:e6:df:
                    75:a2:e0:b7:1a:ee:19:ea:60:f4:5c:1b:57:14:c6:
                    1e:50:a4:4b:35:28:61:a6:74:87:e6:f2:19:b6:1b:
                    17:b8:6e:83:a4:b1:d3:8c:33:3b:8d:8b:9b:4b:c2:
                    72:26:e1:72:21:3d:a8:76:56:a8:b7:15:3d:a0:f8:
                    54:4f:da:d7:45:c5:d2:97:4a:19:99:6b:07:49:84:
                    da:a1:03:33:4d:a2:07:d8:3c:de:78:c3:e6:68:88:
                    cb:cb:af:52:f7:a6:c6:dc:e8:f9:ed:c2:aa:b8:db:
                    a9:15:5b:e0:4e:b6:59:02:ee:e3:8d:93:86:11:9b:
                    15:87:a2:7b:8f:5d:9c:11:7e:81:9d:5a:b5:0a:1b:
                    0a:1c:6d:a2:15:e2:92:41:cd:69:35:de:6d:14:a5:
                    7a:e7:32:86:5c:50:bd:51:c5:06:f5:a0:15:18:30:
                    4f:38:8b:06:b6:e0:c2:e1:a1:31:75:da:81:e7:f3:
                    87:c6:97:c7:25:86:e5:3e:db:fd:41:e3:ce:59:61:
                    36:64:37:3d:33:a0:cc:12:7c:15:db:1b:a4:9f:8b:
                    92:b2:d3:e6:e4:e9:c1:98:04:73:6b:ed:3a:1c:4e:
                    f2:46:ee:0b:a5:fa:f3:40:33:4a:89:21:68:c7:4a:
                    29:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:C7:7E:A8:68:70:95:14:93:9B:C8:D9:ED:9B:4D:E9:90:E1:8F:79
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.245.0/24
                  141.11.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:e5:75:0c:c8:4b:d9:e9:1e:f0:dc:f3:53:ec:7b:e2:8b:f6:
         07:92:0c:b3:ba:75:c4:26:78:28:21:ce:f1:9b:d5:3a:8e:a8:
         2b:0f:dd:1b:84:9b:a9:7e:60:6a:40:03:ac:78:6d:4c:52:47:
         46:57:6e:f4:c8:06:f0:d6:37:52:23:87:8b:26:b5:ab:ed:0a:
         7f:85:79:bc:12:b7:c8:79:43:64:7b:62:87:ea:26:58:22:8c:
         54:97:30:96:fd:f0:ba:5c:c3:c2:35:65:ba:9f:66:2b:cc:1e:
         9a:04:51:4a:37:ed:6f:2d:c5:68:14:dd:3a:79:fb:45:c2:41:
         bb:4b:eb:9c:97:1e:d3:02:8d:3e:4c:89:2e:00:57:c3:e2:41:
         36:ab:51:6d:e6:5a:70:27:ce:85:39:73:b3:d2:04:e7:e1:6c:
         48:af:be:b9:76:93:72:c3:7a:18:5a:b9:21:e7:18:63:d1:e6:
         1c:31:b0:4f:f1:f2:4f:ac:29:0e:8f:53:bf:5d:7e:24:2a:52:
         57:ae:c7:4f:ea:9e:5f:76:0c:01:21:70:4a:64:a0:a2:90:af:
         72:ff:03:e1:3e:95:3d:63:23:16:a2:4c:2a:8e:37:68:27:02:
         1b:56:c9:ba:45:d0:1f:e9:c8:fc:e4:a2:50:fd:9b:38:f9:5e:
         eb:c0:e2:e8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUYYsyNl9LK2xk6wQZkBk1ZIplUqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MDYxMDIwMDRaFw0yNjA0MDUxMDI1MDRaMDMxMTAvBgNV
BAMTKDhFQzc3RUE4Njg3MDk1MTQ5MzlCQzhEOUVEOUI0REU5OTBFMThGNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJsXN3v2p0JmWiWHvm33Wi4Lca
7hnqYPRcG1cUxh5QpEs1KGGmdIfm8hm2Gxe4boOksdOMMzuNi5tLwnIm4XIhPah2
Vqi3FT2g+FRP2tdFxdKXShmZawdJhNqhAzNNogfYPN54w+ZoiMvLr1L3psbc6Pnt
wqq426kVW+BOtlkC7uONk4YRmxWHonuPXZwRfoGdWrUKGwocbaIV4pJBzWk13m0U
pXrnMoZcUL1RxQb1oBUYME84iwa24MLhoTF12oHn84fGl8clhuU+2/1B485ZYTZk
Nz0zoMwSfBXbG6Sfi5Ky0+bk6cGYBHNr7TocTvJG7gul+vNAM0qJIWjHSikzAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUjsd+qGhwlRSTm8jZ7ZtN6ZDhj3kwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNC/UD
BACNC/swDQYJKoZIhvcNAQELBQADggEBAJ3ldQzIS9npHvDc81Pse+KL9geSDLO6
dcQmeCghzvGb1TqOqCsP3RuEm6l+YGpAA6x4bUxSR0ZXbvTIBvDWN1Ijh4smtavt
Cn+FebwSt8h5Q2R7YofqJlgijFSXMJb98Lpcw8I1ZbqfZivMHpoEUUo37W8txWgU
3Tp5+0XCQbtL65yXHtMCjT5MiS4AV8PiQTarUW3mWnAnzoU5c7PSBOfhbEivvrl2
k3LDehhauSHnGGPR5hwxsE/x8k+sKQ6PU79dfiQqUleux0/qnl92DAEhcEpkoKKQ
r3L/A+E+lT1jIxaiTCqON2gnAhtWybpF0B/pyPzkolD9mzj5XuvA4ug=
-----END CERTIFICATE-----