Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40352.roa
File:                     AS40352.roa (raw, json)
Hash identifier:          2+vyunyneFPfWbnr0u5eB2CGzFiWm7g3IVgEmNIiMKE=
Subject key identifier:   FB:7E:10:76:98:39:66:F4:C8:AA:99:52:84:DE:71:55:8E:99:8E:00
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3112328E05A958DB8EB46B91B6F2982094E84010
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40352.roa
Signing time:             Tue 07 Apr 2026 03:52:00 +0000
ROA not before:           Tue 07 Apr 2026 03:47:00 +0000
ROA not after:            Tue 06 Apr 2027 03:52:00 +0000
asID:                     40352
IP address blocks:        191.96.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 13:42:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:12:32:8e:05:a9:58:db:8e:b4:6b:91:b6:f2:98:20:94:e8:40:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  7 03:47:00 2026 GMT
            Not After : Apr  6 03:52:00 2027 GMT
        Subject: CN=FB7E1076983966F4C8AA995284DE71558E998E00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7e:71:68:d2:ed:8c:d9:91:e2:05:0e:ac:7f:
                    22:05:b4:55:80:d8:a4:21:67:29:93:43:08:46:df:
                    c1:7b:b4:33:29:29:71:a0:d2:26:4a:a0:6c:0b:f1:
                    1f:50:a1:a0:fa:1e:f6:22:67:ca:0d:5f:4d:8d:0c:
                    01:1f:62:11:c7:2a:e0:fb:98:b2:13:9c:cf:aa:18:
                    cd:3c:85:8b:be:d9:36:49:20:74:45:fb:a5:ee:02:
                    19:a1:88:73:03:fb:15:91:f3:92:bf:29:ab:13:fb:
                    e5:34:70:6a:6f:69:a4:bf:ae:f7:ab:04:e9:cc:73:
                    e1:70:6f:d1:be:f5:cb:f9:f8:d0:68:15:a4:a3:dd:
                    16:40:08:31:6b:1a:aa:21:bb:fd:9b:3c:cc:33:2c:
                    3b:64:31:6b:6d:49:d1:4f:45:97:8a:24:f6:53:33:
                    be:5b:a2:80:75:5d:f7:56:68:9c:53:6d:b4:2f:24:
                    eb:74:0e:01:02:ac:3d:ff:e4:8a:b6:d9:f1:2f:9e:
                    68:27:e7:b3:28:50:f9:d0:51:dc:3d:24:0f:c5:62:
                    78:04:1e:b3:c4:bc:3d:bc:21:5f:9e:af:a8:1a:b3:
                    5f:d6:31:0e:77:2c:1d:e1:58:2b:5a:51:b4:bc:cd:
                    27:0b:30:b3:32:b0:86:63:a1:25:f6:b6:2e:ef:2c:
                    bc:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:7E:10:76:98:39:66:F4:C8:AA:99:52:84:DE:71:55:8E:99:8E:00
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:13:86:77:d0:06:ca:f3:64:15:50:d1:30:10:a9:8b:ef:fe:
         f6:95:bb:5a:5a:c3:b1:d6:d9:52:86:fa:71:88:c8:06:8b:dd:
         30:43:53:9a:c9:1d:0a:87:d4:8b:7a:9e:f3:67:82:75:c8:b9:
         87:6b:a0:58:21:89:3c:07:29:69:67:cf:5c:14:91:3b:e0:b1:
         32:4f:d7:89:79:9c:38:53:ae:7c:b7:1d:dd:e1:6f:51:bf:ad:
         01:0e:96:e1:95:21:c4:e5:08:dc:0b:63:5d:45:c1:ff:05:36:
         42:a8:4b:b7:c1:0b:e9:b4:d1:ea:b4:45:03:b3:a3:16:ef:89:
         e2:66:d6:86:0f:d8:b7:73:59:f5:3d:b9:e1:31:67:71:c4:55:
         aa:c6:57:7f:3f:84:cd:46:d6:62:76:d6:44:a0:b5:e6:1e:32:
         7d:a9:35:19:bd:3e:ca:44:79:33:9f:73:72:ab:25:52:77:d0:
         5a:6a:72:57:1b:b8:66:38:86:17:e3:50:89:0c:9c:6c:71:5f:
         34:c7:de:fe:0c:f5:e6:31:22:18:31:5b:9f:76:9a:f8:4c:6a:
         2c:dd:2e:d2:52:48:6f:14:3d:8e:4a:52:5e:77:23:f2:f5:bb:
         d9:be:f2:8c:a9:45:99:90:79:3f:0b:d8:1b:6b:2d:0f:53:56:
         b8:4c:5b:4b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMRIyjgWpWNuOtGuRtvKYIJToQBAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MDcwMzQ3MDBaFw0yNzA0MDYwMzUyMDBaMDMxMTAvBgNV
BAMTKEZCN0UxMDc2OTgzOTY2RjRDOEFBOTk1Mjg0REU3MTU1OEU5OThFMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDfnFo0u2M2ZHiBQ6sfyIFtFWA
2KQhZymTQwhG38F7tDMpKXGg0iZKoGwL8R9QoaD6HvYiZ8oNX02NDAEfYhHHKuD7
mLITnM+qGM08hYu+2TZJIHRF+6XuAhmhiHMD+xWR85K/KasT++U0cGpvaaS/rver
BOnMc+Fwb9G+9cv5+NBoFaSj3RZACDFrGqohu/2bPMwzLDtkMWttSdFPRZeKJPZT
M75booB1XfdWaJxTbbQvJOt0DgECrD3/5Iq22fEvnmgn57MoUPnQUdw9JA/FYngE
HrPEvD28IV+er6gas1/WMQ53LB3hWCtaUbS8zScLMLMysIZjoSX2ti7vLLzxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+34Qdpg5ZvTIqplShN5xVY6ZjgAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YEEw
DQYJKoZIhvcNAQELBQADggEBADAThnfQBsrzZBVQ0TAQqYvv/vaVu1paw7HW2VKG
+nGIyAaL3TBDU5rJHQqH1It6nvNngnXIuYdroFghiTwHKWlnz1wUkTvgsTJP14l5
nDhTrny3Hd3hb1G/rQEOluGVIcTlCNwLY11Fwf8FNkKoS7fBC+m00eq0RQOzoxbv
ieJm1oYP2LdzWfU9ueExZ3HEVarGV38/hM1G1mJ21kSgteYeMn2pNRm9PspEeTOf
c3KrJVJ30FpqclcbuGY4hhfjUIkMnGxxXzTH3v4M9eYxIhgxW592mvhMaizdLtJS
SG8UPY5KUl53I/L1u9m+8oypRZmQeT8L2BtrLQ9TVrhMW0s=
-----END CERTIFICATE-----