Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40352.roa
File:                     AS40352.roa (raw, json)
Hash identifier:          3iWJ3MO4unhMjZdn62AuhBLKqD3lLG2B8YD8yVJTaMI=
Subject key identifier:   24:39:55:C8:7B:2F:78:2E:7B:9F:E0:02:DC:87:37:16:F8:F4:D3:D7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4C81A9CDE269C0207ED0039790F8303DF900913B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40352.roa
Signing time:             Tue 02 Jun 2026 12:00:48 +0000
ROA not before:           Tue 02 Jun 2026 11:55:48 +0000
ROA not after:            Tue 01 Jun 2027 12:00:48 +0000
asID:                     40352
IP address blocks:        185.173.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:81:a9:cd:e2:69:c0:20:7e:d0:03:97:90:f8:30:3d:f9:00:91:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  2 11:55:48 2026 GMT
            Not After : Jun  1 12:00:48 2027 GMT
        Subject: CN=243955C87B2F782E7B9FE002DC873716F8F4D3D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f9:8e:94:69:f7:7e:fe:d4:2b:68:d6:49:4f:
                    09:a5:fc:ae:18:92:4d:f9:93:40:2a:a2:b5:ec:78:
                    cf:93:7a:d3:d5:77:65:59:9b:a1:43:1a:39:fb:15:
                    34:b5:3b:93:ec:4e:87:55:42:b6:0c:8d:13:34:2b:
                    07:2d:23:c5:fa:07:76:c9:7b:65:09:26:88:35:10:
                    57:ec:71:4d:96:f9:ab:28:c1:d9:cf:a7:4b:18:af:
                    6b:9d:11:b8:b5:fc:4a:3d:e6:cb:d9:4d:59:6b:a0:
                    89:65:6a:8e:48:0d:9f:f4:27:0b:0b:69:68:cf:13:
                    c3:88:ba:75:65:b3:b5:84:00:4a:dc:66:23:b2:21:
                    fc:4b:d9:57:5d:e2:9f:61:1f:67:8e:64:5d:45:a1:
                    49:5a:fa:5f:12:37:18:d6:f9:fb:b1:7b:d2:05:8a:
                    20:b5:20:e3:77:15:7d:b3:95:45:0e:14:4a:00:46:
                    9e:e7:9e:95:d1:cc:12:b2:a4:fe:8d:8b:83:87:75:
                    78:ae:1d:41:96:dc:70:b1:f0:f3:f8:47:4c:a6:01:
                    9e:5a:fa:00:59:d5:65:e5:ad:94:0d:05:83:3b:4a:
                    56:36:d9:69:25:0e:39:48:cf:f2:14:c2:bd:84:81:
                    9d:ea:3b:54:ed:67:82:54:f8:ae:e8:84:b4:5f:92:
                    94:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:39:55:C8:7B:2F:78:2E:7B:9F:E0:02:DC:87:37:16:F8:F4:D3:D7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:49:49:4c:31:29:21:b2:5a:f4:b8:42:e5:7f:3a:f0:a2:fd:
         41:ce:e7:ef:da:df:36:d2:3a:42:a4:77:b5:a2:19:12:31:6c:
         cc:a7:27:a2:ff:92:79:76:76:ee:db:eb:78:a5:66:5f:08:81:
         12:15:e5:9e:86:82:f0:24:e2:2d:d1:ea:43:22:a3:f6:f3:6a:
         b2:5e:01:2a:34:e4:7c:69:15:23:0e:41:46:12:b6:8b:b7:f8:
         8a:2c:35:17:30:f1:f0:0e:75:33:fb:01:b0:55:7e:4b:fc:3a:
         72:af:32:c3:c0:ca:84:7b:b4:b9:47:ca:05:09:7d:bc:91:be:
         82:e6:f2:58:d3:f9:90:5e:2c:8a:e0:99:d6:5c:b3:af:f3:a2:
         a2:ca:9d:67:4f:0f:b4:76:47:99:48:f3:ac:12:b0:69:9c:4f:
         dc:a9:74:0e:d2:a1:b6:ed:2f:74:dd:a1:e0:60:ce:09:6e:b9:
         22:01:fd:f0:9b:91:1e:6b:c4:a1:e0:41:10:90:c9:67:aa:dc:
         b5:5f:f3:6d:68:82:1f:a9:63:dd:3f:f5:f8:6c:79:3a:b0:b4:
         29:bc:a1:37:9d:e3:6d:45:8d:37:5d:3e:77:04:7f:3d:29:86:
         5d:3b:33:a3:73:58:4e:74:e9:6e:56:47:11:6c:e1:21:6c:59:
         30:3d:e4:91
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTIGpzeJpwCB+0AOXkPgwPfkAkTswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDIxMTU1NDhaFw0yNzA2MDExMjAwNDhaMDMxMTAvBgNV
BAMTKDI0Mzk1NUM4N0IyRjc4MkU3QjlGRTAwMkRDODczNzE2RjhGNEQzRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi+Y6Uafd+/tQraNZJTwml/K4Y
kk35k0AqorXseM+TetPVd2VZm6FDGjn7FTS1O5PsTodVQrYMjRM0KwctI8X6B3bJ
e2UJJog1EFfscU2W+asowdnPp0sYr2udEbi1/Eo95svZTVlroIllao5IDZ/0JwsL
aWjPE8OIunVls7WEAErcZiOyIfxL2Vdd4p9hH2eOZF1FoUla+l8SNxjW+fuxe9IF
iiC1ION3FX2zlUUOFEoARp7nnpXRzBKypP6Ni4OHdXiuHUGW3HCx8PP4R0ymAZ5a
+gBZ1WXlrZQNBYM7SlY22WklDjlIz/IUwr2EgZ3qO1TtZ4JU+K7ohLRfkpTNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUJDlVyHsveC57n+AC3Ic3Fvj009cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5rSMw
DQYJKoZIhvcNAQELBQADggEBAKlJSUwxKSGyWvS4QuV/OvCi/UHO5+/a3zbSOkKk
d7WiGRIxbMynJ6L/knl2du7b63ilZl8IgRIV5Z6GgvAk4i3R6kMio/bzarJeASo0
5HxpFSMOQUYStou3+IosNRcw8fAOdTP7AbBVfkv8OnKvMsPAyoR7tLlHygUJfbyR
voLm8ljT+ZBeLIrgmdZcs6/zoqLKnWdPD7R2R5lI86wSsGmcT9ypdA7SobbtL3Td
oeBgzgluuSIB/fCbkR5rxKHgQRCQyWeq3LVf821ogh+pY90/9fhseTqwtCm8oTed
421FjTddPncEfz0phl07M6NzWE506W5WRxFs4SFsWTA95JE=
-----END CERTIFICATE-----