Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS35661.roa
File:                     AS35661.roa (raw, json)
Hash identifier:          0i44p+WU5GQNS2jF1xRaf0iuALK/unKpL2Ug51DApkE=
Subject key identifier:   97:8F:1B:1B:77:C4:4B:28:E4:DB:BA:B9:1B:49:7D:C2:2C:76:38:69
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       78A47EBE0D62BF4A54A179FC11867748A0E98671
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS35661.roa
Signing time:             Fri 29 May 2026 11:46:55 +0000
ROA not before:           Fri 29 May 2026 11:41:55 +0000
ROA not after:            Fri 28 May 2027 11:46:55 +0000
asID:                     35661
IP address blocks:        84.75.12.0/22 maxlen: 22
                          84.75.20.0/22 maxlen: 22
                          2a13:9500:187::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 19:37:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:a4:7e:be:0d:62:bf:4a:54:a1:79:fc:11:86:77:48:a0:e9:86:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 29 11:41:55 2026 GMT
            Not After : May 28 11:46:55 2027 GMT
        Subject: CN=978F1B1B77C44B28E4DBBAB91B497DC22C763869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:89:03:38:a7:b0:c1:b9:91:6f:93:4d:ed:12:
                    76:ec:8a:8e:98:02:ed:b0:68:c4:99:6c:cd:21:38:
                    b1:65:42:90:74:50:d4:a8:26:4f:f5:31:e6:34:1f:
                    ac:6b:3f:33:59:c8:11:2a:38:68:3b:d8:68:f9:ce:
                    e6:39:95:43:ad:c6:ac:39:0c:e1:07:50:dc:2f:ef:
                    af:d6:4a:01:9d:1f:8d:a6:47:20:c1:90:1f:a7:87:
                    23:8b:1b:79:32:c3:84:06:f7:43:a3:18:88:c6:90:
                    af:fa:ee:ea:f6:3e:d7:c8:8f:e7:be:92:69:a9:71:
                    82:58:e1:30:8e:31:24:b6:05:97:88:d0:d4:0e:b6:
                    11:e8:6d:8d:c6:c0:2f:11:50:2e:d6:69:69:03:73:
                    97:42:56:a0:1c:db:af:8f:db:e9:b8:17:54:e1:ef:
                    22:7a:c3:47:f4:a3:49:e8:be:e6:fa:c9:46:19:21:
                    f7:bb:b3:cf:84:e7:e1:99:30:fc:31:db:50:af:9d:
                    4f:af:65:2d:98:4e:1d:bd:1d:e1:e6:3a:82:6d:07:
                    9b:8a:bb:a6:22:9a:0a:4e:9f:61:00:7d:1b:e1:27:
                    66:ce:ef:de:03:01:c3:5e:9f:a0:44:49:31:f8:b7:
                    e4:d2:ea:b8:16:60:25:cc:8d:0a:0a:23:b0:5f:21:
                    5b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:8F:1B:1B:77:C4:4B:28:E4:DB:BA:B9:1B:49:7D:C2:2C:76:38:69
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS35661.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.12.0/22
                  84.75.20.0/22
                IPv6:
                  2a13:9500:187::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:0a:d1:c2:d2:9f:ef:d2:74:cf:57:24:1d:c7:c5:01:7d:3e:
         d5:9f:8e:0d:1e:1c:48:11:d8:5e:e2:d4:56:3b:5f:cb:86:c9:
         28:ca:05:fd:4e:7e:57:db:83:ed:a9:e9:42:0e:26:b6:21:bc:
         fa:4e:f6:51:1a:27:89:ba:fd:15:08:fd:63:a6:b3:8a:cd:11:
         15:a1:08:d7:99:ab:50:f5:dd:e7:7c:82:c8:56:db:09:40:16:
         e5:89:5a:ab:1f:e9:d1:80:3b:9c:27:c4:1b:f6:18:ad:26:e2:
         74:e7:08:4a:49:c1:ac:ab:4a:40:b2:93:2f:f0:3c:12:d1:ef:
         5d:bb:2f:fb:75:2b:16:13:de:7d:f1:0f:0d:17:ef:3d:98:1c:
         c9:7a:0e:34:0d:69:30:ae:12:da:3f:52:a9:8e:aa:32:21:3b:
         31:aa:7c:b6:f1:0a:35:a4:08:cd:46:bf:2e:35:d6:8f:7d:e1:
         68:de:cc:74:7b:ae:30:78:6c:7f:6c:26:8f:34:6d:be:f4:a4:
         68:3c:9e:fc:42:42:5c:ca:c9:f0:4b:86:50:69:ed:6f:93:a6:
         35:b3:a2:15:4f:be:29:55:19:68:82:9b:ff:c5:f9:48:51:33:
         06:21:bd:7b:b2:1e:a0:48:45:be:63:f8:f0:69:95:b6:47:c2:
         90:73:06:a7
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUeKR+vg1iv0pUoXn8EYZ3SKDphnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjkxMTQxNTVaFw0yNzA1MjgxMTQ2NTVaMDMxMTAvBgNV
BAMTKDk3OEYxQjFCNzdDNDRCMjhFNERCQkFCOTFCNDk3REMyMkM3NjM4NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/iQM4p7DBuZFvk03tEnbsio6Y
Au2waMSZbM0hOLFlQpB0UNSoJk/1MeY0H6xrPzNZyBEqOGg72Gj5zuY5lUOtxqw5
DOEHUNwv76/WSgGdH42mRyDBkB+nhyOLG3kyw4QG90OjGIjGkK/67ur2PtfIj+e+
kmmpcYJY4TCOMSS2BZeI0NQOthHobY3GwC8RUC7WaWkDc5dCVqAc26+P2+m4F1Th
7yJ6w0f0o0novub6yUYZIfe7s8+E5+GZMPwx21CvnU+vZS2YTh29HeHmOoJtB5uK
u6YimgpOn2EAfRvhJ2bO794DAcNen6BESTH4t+TS6rgWYCXMjQoKI7BfIVtdAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUl48bG3fESyjk27q5G0l9wix2OGkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzU2NjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNgYIKwYBBQUHAQcBAf8EJzAlMBIEAgABMAwDBAJUSwwD
BAJUSxQwDwQCAAIwCQMHACoTlQABhzANBgkqhkiG9w0BAQsFAAOCAQEAlgrRwtKf
79J0z1ckHcfFAX0+1Z+ODR4cSBHYXuLUVjtfy4bJKMoF/U5+V9uD7anpQg4mtiG8
+k72URonibr9FQj9Y6azis0RFaEI15mrUPXd53yCyFbbCUAW5Ylaqx/p0YA7nCfE
G/YYrSbidOcISknBrKtKQLKTL/A8EtHvXbsv+3UrFhPeffEPDRfvPZgcyXoONA1p
MK4S2j9SqY6qMiE7Map8tvEKNaQIzUa/LjXWj33haN7MdHuuMHhsf2wmjzRtvvSk
aDye/EJCXMrJ8EuGUGntb5OmNbOiFU++KVUZaIKb/8X5SFEzBiG9e7IeoEhFvmP4
8GmVtkfCkHMGpw==
-----END CERTIFICATE-----