Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40352.roa
File:                     AS40352.roa (raw, json)
Hash identifier:          P6E4bjbpXw/O35x68EQ/OUlJKdxryigDdQ+9XMicS0U=
Subject key identifier:   04:BC:FC:C0:28:8B:4B:E2:EA:D9:7A:07:90:79:FE:93:14:CB:10:18
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4C86413FC495EF998289D6C010E6F45EBE4F49C0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40352.roa
Signing time:             Tue 02 Jun 2026 12:00:56 +0000
ROA not before:           Tue 02 Jun 2026 11:55:56 +0000
ROA not after:            Tue 01 Jun 2027 12:00:56 +0000
asID:                     40352
IP address blocks:        162.141.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:86:41:3f:c4:95:ef:99:82:89:d6:c0:10:e6:f4:5e:be:4f:49:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  2 11:55:56 2026 GMT
            Not After : Jun  1 12:00:56 2027 GMT
        Subject: CN=04BCFCC0288B4BE2EAD97A079079FE9314CB1018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:55:e9:0f:4e:cf:69:4b:cb:48:f1:74:76:cd:
                    96:99:d8:2b:6f:a3:5a:61:42:55:7a:d1:06:8f:11:
                    20:eb:98:35:b2:58:5c:f3:31:1a:dd:0e:40:ec:b7:
                    7f:59:2d:f6:8f:84:cc:5b:ce:11:84:1a:96:cf:72:
                    80:71:3f:97:64:e7:84:54:28:47:3a:3c:90:f1:68:
                    2c:c8:bc:af:46:99:a3:7c:8d:be:b4:2b:91:05:6f:
                    8f:09:97:46:23:04:51:75:40:08:2d:24:10:35:15:
                    cf:29:a1:ca:c0:28:86:9c:d0:26:c1:4e:f3:c5:44:
                    37:0c:3b:9c:97:29:59:eb:18:8e:1a:89:cc:bb:cf:
                    14:21:96:64:c0:7b:dd:aa:83:f8:0d:f9:00:f9:87:
                    23:e9:96:35:4d:b0:4b:e3:64:aa:ce:03:cd:72:4a:
                    e3:4c:b8:cd:38:3d:ad:73:9c:84:ab:f3:a9:0d:0b:
                    71:3b:4c:49:eb:df:13:12:97:d5:2b:b4:23:c2:e4:
                    f3:87:e4:e6:86:32:9e:b3:0d:47:fb:92:2e:7b:45:
                    9d:1c:d8:4c:78:af:31:d4:c6:60:bd:8c:15:81:36:
                    7a:34:24:55:03:28:43:a1:b5:b5:20:27:fa:91:80:
                    03:a4:e0:8f:a5:e9:78:56:d0:f0:c7:e0:80:ce:b2:
                    0f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:BC:FC:C0:28:8B:4B:E2:EA:D9:7A:07:90:79:FE:93:14:CB:10:18
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:17:93:39:56:a6:a8:fc:cf:d6:a8:52:ab:78:8c:ea:f5:c0:
         53:1a:8f:9a:fc:2e:d4:9e:71:12:8b:51:34:2d:ba:d6:14:10:
         36:16:38:e8:de:c6:50:f9:1e:69:6b:05:85:22:09:9d:4d:b7:
         80:35:9a:28:05:a1:18:0e:6a:3e:78:f6:0d:d9:33:0b:29:ca:
         5d:4e:bb:b7:a5:9b:f6:cd:0a:45:bf:b9:08:08:95:17:08:b8:
         4d:87:f1:e1:56:43:e8:47:d0:b3:e3:5b:e7:e6:7a:ce:c4:b3:
         32:29:e4:3c:ff:21:72:c8:ed:36:0f:89:64:e2:14:0e:6d:0f:
         cb:6d:4d:e4:90:26:6c:e8:38:c2:1e:cc:ed:8a:68:d8:6f:eb:
         c5:39:37:86:78:69:6d:01:69:75:55:85:79:54:5a:45:4c:9a:
         75:0d:9b:1c:e1:13:b8:5a:56:7d:c6:43:b0:60:43:75:f7:6a:
         40:d7:a3:bb:f2:c5:86:cd:ce:c0:c9:fc:63:4a:fa:81:fc:7b:
         7e:a2:c5:d0:41:75:8b:de:6b:16:a4:6b:5d:96:4b:83:bb:b1:
         d8:c3:bc:6b:c7:24:9d:46:48:bc:2f:3a:ee:21:f6:b7:3d:66:
         57:66:cd:d9:c0:c0:9b:1f:fb:8f:cf:30:dc:42:d3:a8:4c:48:
         28:63:c3:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTIZBP8SV75mCidbAEOb0Xr5PScAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDIxMTU1NTZaFw0yNzA2MDExMjAwNTZaMDMxMTAvBgNV
BAMTKDA0QkNGQ0MwMjg4QjRCRTJFQUQ5N0EwNzkwNzlGRTkzMTRDQjEwMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBVekPTs9pS8tI8XR2zZaZ2Ctv
o1phQlV60QaPESDrmDWyWFzzMRrdDkDst39ZLfaPhMxbzhGEGpbPcoBxP5dk54RU
KEc6PJDxaCzIvK9GmaN8jb60K5EFb48Jl0YjBFF1QAgtJBA1Fc8pocrAKIac0CbB
TvPFRDcMO5yXKVnrGI4aicy7zxQhlmTAe92qg/gN+QD5hyPpljVNsEvjZKrOA81y
SuNMuM04Pa1znISr86kNC3E7TEnr3xMSl9UrtCPC5POH5OaGMp6zDUf7ki57RZ0c
2Ex4rzHUxmC9jBWBNno0JFUDKEOhtbUgJ/qRgAOk4I+l6XhW0PDH4IDOsg+XAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUBLz8wCiLS+Lq2XoHkHn+kxTLEBgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACijUQw
DQYJKoZIhvcNAQELBQADggEBADMXkzlWpqj8z9aoUqt4jOr1wFMaj5r8LtSecRKL
UTQtutYUEDYWOOjexlD5HmlrBYUiCZ1Nt4A1migFoRgOaj549g3ZMwspyl1Ou7el
m/bNCkW/uQgIlRcIuE2H8eFWQ+hH0LPjW+fmes7EszIp5Dz/IXLI7TYPiWTiFA5t
D8ttTeSQJmzoOMIezO2KaNhv68U5N4Z4aW0BaXVVhXlUWkVMmnUNmxzhE7haVn3G
Q7BgQ3X3akDXo7vyxYbNzsDJ/GNK+oH8e36ixdBBdYveaxaka12WS4O7sdjDvGvH
JJ1GSLwvOu4h9rc9ZldmzdnAwJsf+4/PMNxC06hMSChjwzo=
-----END CERTIFICATE-----