Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          g8FvoE95IR+wnvhWvE9JUh1gAz9yCHfqAWFUqMEB878=
Subject key identifier:   9A:30:4F:3F:95:76:91:11:CF:86:AF:FB:AB:12:18:C2:71:A1:AA:D7
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       45E21E41480AB3786BCE5E2C589C5943C99AD84C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa
Signing time:             Tue 14 Apr 2026 00:54:38 +0000
ROA not before:           Tue 14 Apr 2026 00:49:38 +0000
ROA not after:            Tue 13 Apr 2027 00:54:38 +0000
asID:                     40676
IP address blocks:        46.202.224.0/24 maxlen: 24
                          91.124.135.0/24 maxlen: 24
                          91.124.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:e2:1e:41:48:0a:b3:78:6b:ce:5e:2c:58:9c:59:43:c9:9a:d8:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 14 00:49:38 2026 GMT
            Not After : Apr 13 00:54:38 2027 GMT
        Subject: CN=9A304F3F95769111CF86AFFBAB1218C271A1AAD7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:46:75:a3:b8:66:03:b8:23:5f:8f:84:85:de:
                    cc:9b:80:61:a1:43:64:e2:98:f1:96:19:34:b9:1d:
                    89:13:58:46:89:5b:92:72:34:26:da:c6:66:98:e7:
                    45:14:e2:0e:dc:96:48:ef:f3:87:77:0d:a6:03:0a:
                    42:45:fd:9d:ad:62:27:98:71:7c:60:42:14:64:d8:
                    d9:60:8a:eb:40:b3:b1:68:b5:37:fc:4a:56:7f:0b:
                    c1:e1:4c:68:e2:b5:df:09:7b:78:0c:25:cc:55:75:
                    d2:99:02:c2:2f:d8:01:3e:e0:5f:f1:b4:a7:d8:86:
                    f9:8c:b9:48:77:07:cf:17:a1:26:17:43:3a:ba:46:
                    f3:b4:5e:73:94:5b:db:64:4f:33:5d:f9:40:f2:2d:
                    ab:f9:46:da:2f:01:b0:e8:6c:14:39:90:c0:68:4e:
                    8a:1a:0f:62:94:49:43:13:ea:a6:bc:10:1d:12:d0:
                    f8:97:ca:99:18:7e:f8:ae:a0:05:c6:0e:af:11:b2:
                    11:3a:0e:be:08:80:c8:86:9d:a1:77:6a:06:49:f8:
                    2b:f0:00:b9:b2:30:dc:9d:e4:a7:b6:ff:a3:42:61:
                    58:83:e8:82:de:76:c7:15:a6:56:12:79:37:b9:61:
                    b0:1b:9b:dd:cb:76:63:6f:90:2d:b9:c4:f4:ba:e8:
                    32:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:30:4F:3F:95:76:91:11:CF:86:AF:FB:AB:12:18:C2:71:A1:AA:D7
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.224.0/24
                  91.124.135.0/24
                  91.124.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:dc:a1:d3:aa:45:76:94:e4:44:69:cb:24:5c:27:7b:4b:49:
         f3:f2:ca:6b:60:93:9c:f4:6d:d1:c3:49:3a:43:74:85:b5:93:
         0c:e3:a4:22:f2:93:3c:31:6c:fc:65:d1:39:61:7a:15:27:af:
         ef:91:f9:b4:80:49:09:fc:09:cc:e7:eb:f0:99:64:e2:42:4b:
         64:1c:ac:9e:ab:bc:02:9c:80:1f:fc:ca:77:f2:37:43:18:e4:
         a5:cd:b5:df:ab:fa:2f:3a:b0:03:82:d5:cb:38:ac:33:90:0f:
         47:71:17:5d:7d:62:26:85:ef:93:24:42:7b:46:49:b1:4c:00:
         74:f5:69:39:bd:f8:bb:e9:d6:09:56:3e:85:3b:05:71:73:1a:
         fb:4b:95:c9:e3:3d:1f:d6:ae:92:f4:02:71:e6:f1:38:9e:51:
         28:d7:be:4b:e5:c6:26:b6:3b:73:d3:55:20:b8:4e:db:db:06:
         3d:76:21:5f:47:36:40:4f:fd:d3:a5:8d:96:4b:b9:b4:04:cc:
         21:2c:2c:27:1e:b7:cb:7d:3d:1f:8b:ae:66:80:57:68:17:55:
         f1:24:fb:3b:e4:da:44:95:c8:aa:f5:b0:e1:69:13:7e:04:cb:
         a6:72:a3:01:70:21:f2:f5:c8:63:5d:06:06:1c:43:d2:e0:26:
         88:5c:45:14
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUReIeQUgKs3hrzl4sWJxZQ8ma2EwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MTQwMDQ5MzhaFw0yNzA0MTMwMDU0MzhaMDMxMTAvBgNV
BAMTKDlBMzA0RjNGOTU3NjkxMTFDRjg2QUZGQkFCMTIxOEMyNzFBMUFBRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeRnWjuGYDuCNfj4SF3sybgGGh
Q2TimPGWGTS5HYkTWEaJW5JyNCbaxmaY50UU4g7clkjv84d3DaYDCkJF/Z2tYieY
cXxgQhRk2NlgiutAs7FotTf8SlZ/C8HhTGjitd8Je3gMJcxVddKZAsIv2AE+4F/x
tKfYhvmMuUh3B88XoSYXQzq6RvO0XnOUW9tkTzNd+UDyLav5RtovAbDobBQ5kMBo
TooaD2KUSUMT6qa8EB0S0PiXypkYfviuoAXGDq8RshE6Dr4IgMiGnaF3agZJ+Cvw
ALmyMNyd5Ke2/6NCYViD6ILedscVplYSeTe5YbAbm93LdmNvkC25xPS66DJJAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUmjBPP5V2kRHPhq/7qxIYwnGhqtcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAuyuAD
BABbfIcDBABbfMUwDQYJKoZIhvcNAQELBQADggEBADTcodOqRXaU5ERpyyRcJ3tL
SfPyymtgk5z0bdHDSTpDdIW1kwzjpCLykzwxbPxl0TlhehUnr++R+bSASQn8Cczn
6/CZZOJCS2QcrJ6rvAKcgB/8ynfyN0MY5KXNtd+r+i86sAOC1cs4rDOQD0dxF119
YiaF75MkQntGSbFMAHT1aTm9+Lvp1glWPoU7BXFzGvtLlcnjPR/WrpL0AnHm8Tie
USjXvkvlxia2O3PTVSC4TtvbBj12IV9HNkBP/dOljZZLubQEzCEsLCcet8t9PR+L
rmaAV2gXVfEk+zvk2kSVyKr1sOFpE34Ey6ZyowFwIfL1yGNdBgYcQ9LgJohcRRQ=
-----END CERTIFICATE-----