Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          Jc+Yw0a/HYuyh0SE0LsJ13Hwd5yGPENndHRgvyCldok=
Subject key identifier:   34:13:2A:3F:16:5D:74:B8:10:7A:46:F4:92:AA:87:53:FC:E6:F4:18
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1749B0CA340C166FBE000D77CF4236A1280ADA77
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
Signing time:             Thu 04 Jun 2026 11:13:21 +0000
ROA not before:           Thu 04 Jun 2026 11:08:21 +0000
ROA not after:            Thu 03 Jun 2027 11:13:21 +0000
asID:                     40676
IP address blocks:        46.202.224.0/24 maxlen: 24
                          91.124.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:49:b0:ca:34:0c:16:6f:be:00:0d:77:cf:42:36:a1:28:0a:da:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  4 11:08:21 2026 GMT
            Not After : Jun  3 11:13:21 2027 GMT
        Subject: CN=34132A3F165D74B8107A46F492AA8753FCE6F418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d8:50:c3:35:85:22:83:c7:11:0d:b3:64:44:
                    66:2f:99:31:6e:39:32:c8:da:9c:ad:ea:16:29:ad:
                    b0:48:8b:fe:5b:64:41:f6:24:e9:8c:c0:45:59:f6:
                    85:b8:7d:a3:b3:ef:fc:dd:0e:3f:9e:45:4f:86:08:
                    c6:a4:ab:7c:cc:74:5f:37:be:f8:1e:88:3e:eb:e7:
                    18:ba:ac:fd:5e:c0:0c:74:96:24:16:2d:f2:a1:e8:
                    03:36:a4:bb:e2:f1:59:78:6a:df:fc:74:6c:b1:70:
                    58:00:f5:10:27:79:aa:d2:73:09:b4:b4:19:59:88:
                    6b:81:85:16:40:f1:02:3e:ef:65:97:04:82:41:3e:
                    db:af:2d:ff:2c:5c:7c:43:6f:4e:30:aa:52:9a:dd:
                    93:d0:fe:2b:cb:c8:e7:c8:9d:24:91:ea:e4:88:61:
                    52:d8:7c:f8:15:2b:15:a3:a3:33:1d:b6:d1:0e:6c:
                    55:a3:69:bf:de:71:37:23:40:c3:b7:c3:b2:58:9d:
                    c1:26:3c:85:a3:ab:8f:b4:76:23:1b:d6:2d:39:48:
                    a5:e4:80:e3:12:c4:85:e7:45:c6:e0:ae:e8:f9:53:
                    7c:ea:8a:57:61:33:fe:7a:72:e1:30:f6:2d:a7:9c:
                    95:f3:3b:33:4a:21:72:c0:ba:c4:8d:dc:fa:74:e5:
                    31:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:13:2A:3F:16:5D:74:B8:10:7A:46:F4:92:AA:87:53:FC:E6:F4:18
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.224.0/24
                  91.124.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:1e:33:1f:f8:6a:7a:aa:97:54:46:e2:b9:86:0a:33:eb:c1:
         f6:19:ad:82:57:35:ab:3c:1a:a6:b5:a1:33:21:c8:5c:a9:be:
         bf:f5:76:e0:75:a0:10:32:c7:d0:db:07:0f:e9:20:16:56:bc:
         3b:19:8a:52:f2:2f:28:71:96:9c:a7:42:74:0a:75:5a:66:fc:
         e5:02:7f:c5:9c:8b:1b:42:97:8a:fd:f7:29:7e:9e:37:a2:86:
         ca:38:23:57:bd:b6:3a:37:44:d7:23:9b:50:03:6e:b2:6e:18:
         3d:d1:b0:a1:e8:c7:61:ea:34:e6:5a:43:65:66:91:e8:e1:05:
         7e:45:df:94:d8:b0:7f:57:31:1a:2d:b0:ad:f6:66:16:81:62:
         49:c1:a2:db:d5:77:2e:7b:3c:29:c2:b0:45:48:3a:56:0d:ee:
         0d:50:45:bd:29:3d:0b:30:68:56:01:bb:1a:2e:bc:94:2a:d3:
         1a:5c:1e:6b:3c:f8:d7:50:05:2a:25:c2:e6:13:16:dc:db:1f:
         36:ab:81:2b:95:76:b8:40:08:69:06:2e:a7:8c:e5:c6:4c:a1:
         6d:d5:41:90:03:af:58:9a:69:6a:6f:75:0d:f6:e9:72:9a:2a:
         70:50:c2:72:87:02:8a:0d:77:dd:1c:43:c5:f0:e8:a5:20:63:
         0d:13:28:05
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUF0mwyjQMFm++AA13z0I2oSgK2ncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDQxMTA4MjFaFw0yNzA2MDMxMTEzMjFaMDMxMTAvBgNV
BAMTKDM0MTMyQTNGMTY1RDc0QjgxMDdBNDZGNDkyQUE4NzUzRkNFNkY0MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ2FDDNYUig8cRDbNkRGYvmTFu
OTLI2pyt6hYprbBIi/5bZEH2JOmMwEVZ9oW4faOz7/zdDj+eRU+GCMakq3zMdF83
vvgeiD7r5xi6rP1ewAx0liQWLfKh6AM2pLvi8Vl4at/8dGyxcFgA9RAnearScwm0
tBlZiGuBhRZA8QI+72WXBIJBPtuvLf8sXHxDb04wqlKa3ZPQ/ivLyOfInSSR6uSI
YVLYfPgVKxWjozMdttEObFWjab/ecTcjQMO3w7JYncEmPIWjq4+0diMb1i05SKXk
gOMSxIXnRcbgruj5U3zqildhM/56cuEw9i2nnJXzOzNKIXLAusSN3Pp05TGtAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUNBMqPxZddLgQekb0kqqHU/zm9BgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAuyuAD
BABbfIcwDQYJKoZIhvcNAQELBQADggEBACweMx/4anqql1RG4rmGCjPrwfYZrYJX
Nas8Gqa1oTMhyFypvr/1duB1oBAyx9DbBw/pIBZWvDsZilLyLyhxlpynQnQKdVpm
/OUCf8WcixtCl4r99yl+njeihso4I1e9tjo3RNcjm1ADbrJuGD3RsKHox2HqNOZa
Q2VmkejhBX5F35TYsH9XMRotsK32ZhaBYknBotvVdy57PCnCsEVIOlYN7g1QRb0p
PQswaFYBuxouvJQq0xpcHms8+NdQBSolwuYTFtzbHzargSuVdrhACGkGLqeM5cZM
oW3VQZADr1iaaWpvdQ326XKaKnBQwnKHAooNd90cQ8Xw6KUgYw0TKAU=
-----END CERTIFICATE-----