Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa
File:                     AS35916.roa (raw, json)
Hash identifier:          SFUALOO+uxzPHTLYZG3AgcIPFcXUAV221ie5WVi9LT4=
Subject key identifier:   7A:B3:43:CB:0A:AA:4D:9F:17:01:99:60:25:B2:D6:F1:31:8D:33:6A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2A8C90D61C59C79EFAAE67ED4580A5D0019DEB6B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa
Signing time:             Wed 03 Jun 2026 14:45:16 +0000
ROA not before:           Wed 03 Jun 2026 14:40:16 +0000
ROA not after:            Wed 02 Jun 2027 14:45:16 +0000
asID:                     35916
IP address blocks:        148.135.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:8c:90:d6:1c:59:c7:9e:fa:ae:67:ed:45:80:a5:d0:01:9d:eb:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  3 14:40:16 2026 GMT
            Not After : Jun  2 14:45:16 2027 GMT
        Subject: CN=7AB343CB0AAA4D9F1701996025B2D6F1318D336A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:77:9a:28:20:b7:9c:8a:6a:7f:c6:3a:c9:8e:
                    be:d4:b4:c6:48:6c:53:b9:d2:23:a7:5f:16:2e:33:
                    7d:fd:b6:16:fc:56:a6:b1:f6:ed:64:76:48:30:82:
                    ec:16:13:05:c3:e2:aa:59:cc:29:94:90:4e:f1:54:
                    44:01:6d:66:66:76:1d:e9:42:5a:e9:98:85:fe:9d:
                    75:1c:6c:be:bd:91:39:46:60:58:8a:0f:d2:65:f5:
                    03:a7:89:e3:b9:95:92:62:46:98:8a:6e:7c:34:77:
                    63:c9:77:2e:67:40:af:a0:69:ab:f6:9c:fa:e6:b6:
                    db:1e:28:38:09:36:b8:4b:2a:c1:cf:e9:c0:64:5d:
                    5c:cf:cb:f9:d9:4b:42:62:6e:6c:b2:e2:84:9a:89:
                    aa:05:0b:1e:a5:cb:f6:41:f6:a0:94:af:b7:68:9c:
                    05:cd:de:6b:b0:a5:73:ef:df:ed:08:76:72:9a:37:
                    ed:47:e5:4c:1a:df:13:56:12:5f:87:b9:e9:03:e2:
                    66:29:03:e3:c4:ef:24:96:f2:97:e7:78:42:5f:c5:
                    12:e4:77:76:a9:98:94:9d:7e:45:98:67:6d:5e:dc:
                    e1:d9:f4:c1:1b:0e:75:3b:aa:b3:55:41:cb:d5:69:
                    d5:b5:66:51:da:fc:c4:1e:12:e1:c8:f5:16:23:f7:
                    1e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B3:43:CB:0A:AA:4D:9F:17:01:99:60:25:B2:D6:F1:31:8D:33:6A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         90:ac:56:5f:7d:86:17:b9:1c:a3:3f:6b:3e:4c:58:d9:3a:b0:
         91:d6:56:67:fc:28:82:11:1c:d0:37:5a:c3:2d:06:c4:85:63:
         fb:d4:3b:c2:7e:20:78:50:6d:44:2e:ce:3e:33:b9:7f:94:c7:
         31:40:ee:15:da:b8:dd:27:53:62:71:3b:44:0c:18:40:57:d3:
         00:e4:74:29:8f:bc:c5:09:e5:62:32:94:a0:dc:e0:6d:48:b7:
         83:bd:7d:da:7b:75:e6:bb:95:81:b6:54:e5:0c:d7:f3:f7:11:
         1d:e2:bd:bf:87:ad:52:6f:e7:d3:7a:36:fc:bf:b2:0f:25:e4:
         e8:bf:27:d9:38:f3:62:e9:a0:75:10:2e:c2:1c:eb:07:5f:d1:
         52:ac:a7:db:1f:99:ba:eb:14:00:7b:dc:26:88:6b:ee:21:26:
         b5:ff:f1:7d:b5:0f:33:81:c6:87:c4:57:0d:35:fa:7d:a8:e4:
         5e:de:de:03:17:60:3d:e5:c5:8f:ee:eb:17:fe:74:3c:4e:c1:
         ef:06:50:d7:df:ac:b5:39:cd:c1:68:7e:a0:c8:b7:49:3e:67:
         e4:56:e8:fc:e1:31:1f:15:b7:c2:42:c1:3c:8a:1f:fd:df:e6:
         70:7a:74:9f:96:9f:93:7d:52:0c:4c:d2:33:11:96:86:30:82:
         a5:01:b4:d5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKoyQ1hxZx576rmftRYCl0AGd62swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDMxNDQwMTZaFw0yNzA2MDIxNDQ1MTZaMDMxMTAvBgNV
BAMTKDdBQjM0M0NCMEFBQTREOUYxNzAxOTk2MDI1QjJENkYxMzE4RDMzNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCid5ooILecimp/xjrJjr7UtMZI
bFO50iOnXxYuM339thb8Vqax9u1kdkgwguwWEwXD4qpZzCmUkE7xVEQBbWZmdh3p
QlrpmIX+nXUcbL69kTlGYFiKD9Jl9QOnieO5lZJiRpiKbnw0d2PJdy5nQK+gaav2
nPrmttseKDgJNrhLKsHP6cBkXVzPy/nZS0Jibmyy4oSaiaoFCx6ly/ZB9qCUr7do
nAXN3muwpXPv3+0IdnKaN+1H5Uwa3xNWEl+HuekD4mYpA+PE7ySW8pfneEJfxRLk
d3apmJSdfkWYZ21e3OHZ9MEbDnU7qrNVQcvVadW1ZlHa/MQeEuHI9RYj9x4FAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUerNDywqqTZ8XAZlgJbLW8TGNM2owHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzU5MTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAeUhwAw
DQYJKoZIhvcNAQELBQADggEBAJCsVl99hhe5HKM/az5MWNk6sJHWVmf8KIIRHNA3
WsMtBsSFY/vUO8J+IHhQbUQuzj4zuX+UxzFA7hXauN0nU2JxO0QMGEBX0wDkdCmP
vMUJ5WIylKDc4G1It4O9fdp7dea7lYG2VOUM1/P3ER3ivb+HrVJv59N6Nvy/sg8l
5Oi/J9k482LpoHUQLsIc6wdf0VKsp9sfmbrrFAB73CaIa+4hJrX/8X21DzOBxofE
Vw01+n2o5F7e3gMXYD3lxY/u6xf+dDxOwe8GUNffrLU5zcFofqDIt0k+Z+RW6Pzh
MR8Vt8JCwTyKH/3f5nB6dJ+Wn5N9UgxM0jMRloYwgqUBtNU=
-----END CERTIFICATE-----