Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40352.roa
File:                     AS40352.roa (raw, json)
Hash identifier:          cAiXDUsK+WogbxULRHFEjItsuTfKy3PHV2GH/DM2MC0=
Subject key identifier:   FB:0B:9D:34:55:6C:96:71:98:4A:82:99:63:17:CA:9C:1F:4B:19:40
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3C9936FB6630DC1D70BC703A3ECA7AE9CCBEC226
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40352.roa
Signing time:             Tue 07 Apr 2026 11:58:06 +0000
ROA not before:           Tue 07 Apr 2026 11:53:06 +0000
ROA not after:            Tue 06 Apr 2027 11:58:06 +0000
asID:                     40352
IP address blocks:        96.62.255.0/24 maxlen: 24
                          155.117.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:99:36:fb:66:30:dc:1d:70:bc:70:3a:3e:ca:7a:e9:cc:be:c2:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  7 11:53:06 2026 GMT
            Not After : Apr  6 11:58:06 2027 GMT
        Subject: CN=FB0B9D34556C9671984A82996317CA9C1F4B1940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b3:70:09:df:21:22:55:78:e8:4c:1a:94:8f:
                    d6:dc:8d:ba:cc:43:06:75:b1:91:09:ab:ec:9f:3b:
                    dc:88:66:c4:f5:23:c1:97:ef:07:8a:0f:86:5c:c7:
                    0d:c7:e9:00:d4:77:db:14:a4:22:27:cf:f6:7d:30:
                    e8:09:74:0d:d3:5b:c0:f8:cd:36:5f:3d:d8:03:7e:
                    54:ee:0b:f5:3e:61:d6:31:52:c2:f1:65:f1:8c:8b:
                    8f:cb:7c:56:af:5f:3a:56:54:58:e9:d8:e0:7d:5a:
                    25:a2:b8:d6:0d:6f:b0:5b:24:c2:39:2a:b5:57:d1:
                    64:24:7a:77:31:fb:64:51:c9:87:e8:80:85:63:00:
                    5c:ad:1a:ac:48:54:a5:97:9c:9e:74:bb:09:01:28:
                    37:cd:f4:61:0b:ac:0e:a5:c6:ec:b7:2e:e8:83:3c:
                    9b:55:8d:8f:89:d5:e2:cd:b9:56:77:fc:de:d6:c4:
                    a9:97:e9:54:60:a8:ae:9d:4d:34:04:bc:01:da:49:
                    8f:48:1d:b6:bf:3e:7f:6f:6b:ec:1e:a6:e5:10:85:
                    f4:7a:e3:57:d4:b6:a2:e6:d6:44:2f:9c:1c:ec:64:
                    3d:c5:0f:6e:72:d3:c5:05:88:f7:34:c8:9f:32:8e:
                    db:aa:fd:60:05:c8:aa:a2:b6:01:c9:9e:de:42:c6:
                    46:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:0B:9D:34:55:6C:96:71:98:4A:82:99:63:17:CA:9C:1F:4B:19:40
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.255.0/24
                  155.117.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:69:39:bc:3c:70:e8:4c:68:81:bb:a5:28:14:24:0f:88:91:
         ed:f6:81:a6:c0:05:c0:cf:bd:07:af:e3:0c:ea:9f:5c:d9:f0:
         f4:b9:6f:5b:a2:40:d7:7d:4f:cd:0b:62:70:63:fe:e4:d1:d3:
         86:e8:04:2a:78:5b:9a:78:57:b5:99:67:e0:f5:b6:f4:bb:63:
         8b:90:d0:76:b6:91:73:e1:90:b2:b3:3e:ea:0f:9d:f3:7f:40:
         fd:67:cc:cb:e9:94:ff:3f:26:9c:4d:fa:da:d4:08:48:77:5e:
         5c:a0:c0:f7:dc:75:85:1e:14:0b:64:ff:df:57:df:65:ca:10:
         aa:32:e1:e9:41:4d:ca:65:6b:5a:19:46:b6:16:84:d6:60:f3:
         e5:00:5e:50:04:ad:d4:05:ea:76:68:80:48:fd:c2:b2:ba:8c:
         55:c8:72:f6:ff:26:be:1a:27:fe:81:63:97:4a:05:89:76:7c:
         67:da:34:f6:a8:08:1f:2c:a8:45:88:e3:10:c0:a7:00:32:27:
         4d:d0:b6:d0:72:a4:04:cd:14:c9:18:14:6c:67:6a:2e:eb:e0:
         55:0b:3e:24:95:40:ec:67:56:4b:e5:5d:f9:c0:de:a4:6a:47:
         2f:3a:7f:a2:ca:c1:3d:fb:31:45:ff:96:f9:dd:4a:88:dd:fd:
         03:08:65:76
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUPJk2+2Yw3B1wvHA6Psp66cy+wiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDcxMTUzMDZaFw0yNzA0MDYxMTU4MDZaMDMxMTAvBgNV
BAMTKEZCMEI5RDM0NTU2Qzk2NzE5ODRBODI5OTYzMTdDQTlDMUY0QjE5NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLs3AJ3yEiVXjoTBqUj9bcjbrM
QwZ1sZEJq+yfO9yIZsT1I8GX7weKD4Zcxw3H6QDUd9sUpCInz/Z9MOgJdA3TW8D4
zTZfPdgDflTuC/U+YdYxUsLxZfGMi4/LfFavXzpWVFjp2OB9WiWiuNYNb7BbJMI5
KrVX0WQkencx+2RRyYfogIVjAFytGqxIVKWXnJ50uwkBKDfN9GELrA6lxuy3LuiD
PJtVjY+J1eLNuVZ3/N7WxKmX6VRgqK6dTTQEvAHaSY9IHba/Pn9va+wepuUQhfR6
41fUtqLm1kQvnBzsZD3FD25y08UFiPc0yJ8yjtuq/WAFyKqitgHJnt5CxkbbAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU+wudNFVslnGYSoKZYxfKnB9LGUAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPv8D
BACbdZwwDQYJKoZIhvcNAQELBQADggEBAIFpObw8cOhMaIG7pSgUJA+Ike32gabA
BcDPvQev4wzqn1zZ8PS5b1uiQNd9T80LYnBj/uTR04boBCp4W5p4V7WZZ+D1tvS7
Y4uQ0Ha2kXPhkLKzPuoPnfN/QP1nzMvplP8/JpxN+trUCEh3XlygwPfcdYUeFAtk
/99X32XKEKoy4elBTcpla1oZRrYWhNZg8+UAXlAErdQF6nZogEj9wrK6jFXIcvb/
Jr4aJ/6BY5dKBYl2fGfaNPaoCB8sqEWI4xDApwAyJ03QttBypATNFMkYFGxnai7r
4FULPiSVQOxnVkvlXfnA3qRqRy86f6LKwT37MUX/lvndSojd/QMIZXY=
-----END CERTIFICATE-----