Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS32418.roa
File:                     AS32418.roa (raw, json)
Hash identifier:          sE8Vi3WQYyaaLCRCy6apnr8R7VJ3AV7GPPzXhybmCl8=
Subject key identifier:   0A:C0:AF:4E:9B:55:95:4D:51:53:6F:D6:53:9D:CF:67:3D:E5:6A:BE
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       18C001ED4D3CB736C81DB52C0FA91199344825A4
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS32418.roa
Signing time:             Wed 29 Apr 2026 13:19:52 +0000
ROA not before:           Wed 29 Apr 2026 13:14:52 +0000
ROA not after:            Wed 28 Apr 2027 13:19:52 +0000
asID:                     32418
IP address blocks:        51.194.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 14:07:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:c0:01:ed:4d:3c:b7:36:c8:1d:b5:2c:0f:a9:11:99:34:48:25:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Apr 29 13:14:52 2026 GMT
            Not After : Apr 28 13:19:52 2027 GMT
        Subject: CN=0AC0AF4E9B55954D51536FD6539DCF673DE56ABE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2c:00:a4:b5:6a:ea:5a:fc:d9:0f:1a:80:d2:
                    13:c7:1c:d1:a3:6e:29:2a:53:1e:ae:28:88:2f:51:
                    53:be:a2:a4:6f:f4:38:04:34:af:b5:56:0f:90:f8:
                    16:80:5a:23:c5:62:37:c2:49:f2:20:0e:f1:4c:e3:
                    33:6d:40:ef:02:29:f7:f0:cc:45:48:f7:df:76:9a:
                    41:a5:0e:1e:c6:77:6a:bf:7b:2e:4f:69:72:2e:74:
                    4d:e8:23:ba:85:bf:38:72:64:17:49:56:82:cf:e7:
                    cd:99:80:6a:51:35:4d:53:1b:cc:1d:e5:b5:58:04:
                    c4:33:03:3d:21:76:4f:b6:c2:9f:6e:07:92:26:64:
                    e6:1d:90:60:4a:3d:0d:c8:f8:96:88:59:6e:8b:90:
                    5f:76:5c:da:41:f8:e7:c7:70:3a:94:3a:02:bc:b8:
                    80:a2:05:7a:c1:bc:07:fc:e3:69:19:c6:f4:78:f4:
                    ea:1f:3c:b7:5d:1b:e8:9f:84:2c:42:cf:a3:dc:3d:
                    ab:60:20:36:b0:79:ce:22:b1:cd:93:a9:1e:1d:2c:
                    de:25:91:6e:80:fd:2c:e9:a6:71:d2:29:27:c6:6d:
                    ea:3b:d1:4a:17:b1:3e:c9:9a:1a:f4:29:39:90:63:
                    f7:71:b0:04:da:22:1e:74:39:c5:de:ae:91:15:82:
                    32:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:C0:AF:4E:9B:55:95:4D:51:53:6F:D6:53:9D:CF:67:3D:E5:6A:BE
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS32418.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a9:68:03:6d:e5:50:1a:aa:b5:56:90:f7:b9:e9:31:ce:67:
         94:e4:8a:96:2a:62:99:e3:f8:e8:73:68:84:98:3f:8e:f2:1b:
         4c:6b:0a:18:34:b8:20:75:ce:3e:4b:7a:9d:84:b6:32:38:e6:
         38:ac:f0:6d:00:ba:e1:21:7c:ca:5f:11:30:7f:31:2f:df:34:
         01:0a:81:3b:9b:af:44:3e:c9:c1:d9:5b:f1:cb:26:58:49:da:
         17:2c:fb:db:c0:1e:1e:96:c4:62:f2:38:45:45:91:d5:54:c5:
         ae:cb:7f:5b:d1:fe:b4:54:e5:7d:2a:07:2c:89:8f:ca:e4:81:
         c5:22:95:01:88:08:fe:31:be:93:e4:7c:37:99:19:e0:5c:32:
         da:19:ad:7c:79:e1:c0:cf:ec:6a:3e:7e:4c:08:ab:72:2c:6e:
         b6:4e:50:b9:36:96:2d:df:f9:60:67:9e:1d:e0:37:fb:a6:f6:
         5e:50:7e:78:f1:13:1e:de:dc:b7:91:32:23:54:b6:f5:f5:62:
         ba:3d:9c:d8:69:02:83:4c:4a:9b:90:30:58:eb:29:22:16:c2:
         a2:c0:40:c4:3b:41:d9:08:05:fb:01:63:fa:d1:40:24:a0:0e:
         56:04:22:16:b3:87:17:ad:d6:e8:30:06:a8:8d:95:d7:78:58:
         24:66:c2:3d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGMAB7U08tzbIHbUsD6kRmTRIJaQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA0MjkxMzE0NTJaFw0yNzA0MjgxMzE5NTJaMDMxMTAvBgNV
BAMTKDBBQzBBRjRFOUI1NTk1NEQ1MTUzNkZENjUzOURDRjY3M0RFNTZBQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjLACktWrqWvzZDxqA0hPHHNGj
bikqUx6uKIgvUVO+oqRv9DgENK+1Vg+Q+BaAWiPFYjfCSfIgDvFM4zNtQO8CKffw
zEVI9992mkGlDh7Gd2q/ey5PaXIudE3oI7qFvzhyZBdJVoLP582ZgGpRNU1TG8wd
5bVYBMQzAz0hdk+2wp9uB5ImZOYdkGBKPQ3I+JaIWW6LkF92XNpB+OfHcDqUOgK8
uICiBXrBvAf842kZxvR49OofPLddG+ifhCxCz6PcPatgIDawec4isc2TqR4dLN4l
kW6A/SzppnHSKSfGbeo70UoXsT7Jmhr0KTmQY/dxsATaIh50OcXerpEVgjIfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUCsCvTptVlU1RU2/WU53PZz3lar4wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMzI0MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAzwpww
DQYJKoZIhvcNAQELBQADggEBAFmpaANt5VAaqrVWkPe56THOZ5TkipYqYpnj+Ohz
aISYP47yG0xrChg0uCB1zj5Lep2EtjI45jis8G0AuuEhfMpfETB/MS/fNAEKgTub
r0Q+ycHZW/HLJlhJ2hcs+9vAHh6WxGLyOEVFkdVUxa7Lf1vR/rRU5X0qByyJj8rk
gcUilQGICP4xvpPkfDeZGeBcMtoZrXx54cDP7Go+fkwIq3IsbrZOULk2li3f+WBn
nh3gN/um9l5QfnjxEx7e3LeRMiNUtvX1Yro9nNhpAoNMSpuQMFjrKSIWwqLAQMQ7
QdkIBfsBY/rRQCSgDlYEIhazhxet1ugwBqiNldd4WCRmwj0=
-----END CERTIFICATE-----