Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS32878.roa
File:                     AS32878.roa (raw, json)
Hash identifier:          PrVjh01MjkddqVvGGsJAR6OdRz/rKm9DBXF8ojzZYZU=
Subject key identifier:   5A:D3:05:16:E2:E8:EF:14:4C:15:F0:B7:90:AA:F8:5C:41:7B:71:48
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       20A93078CFBD76ECC143B8504CBA0EDC2FC1840D
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS32878.roa
Signing time:             Fri 13 Mar 2026 08:17:11 +0000
ROA not before:           Fri 13 Mar 2026 08:12:11 +0000
ROA not after:            Fri 12 Mar 2027 08:17:11 +0000
asID:                     32878
IP address blocks:        46.202.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:a9:30:78:cf:bd:76:ec:c1:43:b8:50:4c:ba:0e:dc:2f:c1:84:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 13 08:12:11 2026 GMT
            Not After : Mar 12 08:17:11 2027 GMT
        Subject: CN=5AD30516E2E8EF144C15F0B790AAF85C417B7148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6a:82:59:13:5c:13:1f:66:5f:e4:cb:b9:15:
                    7e:9b:91:86:8c:c9:c6:f0:04:08:36:3b:8c:67:fc:
                    33:03:95:96:89:13:d9:2b:d3:42:22:79:09:1a:45:
                    bf:10:9a:a2:ef:cf:6d:41:ad:a7:10:14:06:0f:fd:
                    b9:82:25:aa:e1:a0:a8:4a:95:37:cc:4f:d7:31:08:
                    eb:41:63:d5:c0:5c:59:03:b4:a5:4a:9d:11:4c:76:
                    5c:01:10:3f:32:32:c4:d9:9c:33:f8:4f:8b:c4:8a:
                    d0:cb:a5:35:0f:89:3e:26:d6:77:df:7c:5b:59:79:
                    73:fa:81:55:74:2d:4d:dc:5c:7c:ca:99:94:0f:1c:
                    6f:0b:48:3f:26:13:cd:bc:91:74:ae:90:8b:d6:17:
                    b0:d4:c0:db:20:e1:33:a1:9d:59:49:cc:68:96:c3:
                    bd:5a:27:25:ac:f2:33:eb:c9:1c:ef:f7:66:dc:7e:
                    ab:15:12:14:5a:90:c3:5b:8c:7b:f8:34:60:24:15:
                    38:47:96:2f:d9:92:2f:88:9a:4c:06:66:f3:51:9a:
                    bb:d4:f6:04:f1:1c:84:35:1a:f3:f1:87:a7:c0:43:
                    3b:83:b1:d1:10:b5:1a:bd:55:52:7a:d5:67:bb:d5:
                    9e:57:16:72:f0:5a:ca:44:cc:19:1c:4a:30:2e:c7:
                    0e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D3:05:16:E2:E8:EF:14:4C:15:F0:B7:90:AA:F8:5C:41:7B:71:48
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS32878.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:06:b1:07:be:70:42:41:df:5e:41:ce:82:f2:c9:b5:16:8b:
         fa:47:28:96:83:a5:8c:3a:ea:1b:a8:4d:02:ad:16:a0:07:5f:
         96:a8:d1:cb:5a:28:41:41:5e:80:33:21:00:e1:ff:99:9b:7d:
         4c:c1:fe:d6:43:13:43:f7:a5:f9:4d:b2:ed:9f:6c:0c:f2:a8:
         7a:11:7a:e6:80:1b:1b:0d:44:d5:55:22:fc:13:de:a7:3e:44:
         91:74:85:39:27:ff:9a:82:4d:ac:6b:df:ed:47:e3:0f:cb:28:
         83:23:8c:0e:85:30:db:a2:74:15:a0:3f:69:03:5b:87:ec:88:
         5a:09:89:30:84:19:6c:14:53:d8:38:9c:d2:56:a4:3b:30:b8:
         53:82:02:d6:06:04:b2:8c:b6:84:88:cd:92:06:79:46:ba:01:
         66:95:65:a6:c4:2e:0f:9b:05:e4:21:20:0d:84:0a:59:26:f3:
         e1:87:09:26:af:15:d6:c1:da:aa:d5:c1:c7:10:fa:f0:f1:f3:
         03:02:68:79:a7:82:38:13:f4:ac:05:cf:95:41:52:8d:2f:cf:
         92:34:8e:eb:4a:ab:76:84:f8:b8:73:ae:90:8b:5c:9c:a3:86:
         88:e9:09:bb:c5:70:33:14:98:e3:d6:5e:df:c3:2e:b6:62:16:
         45:0a:dc:f4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUIKkweM+9duzBQ7hQTLoO3C/BhA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMTMwODEyMTFaFw0yNzAzMTIwODE3MTFaMDMxMTAvBgNV
BAMTKDVBRDMwNTE2RTJFOEVGMTQ0QzE1RjBCNzkwQUFGODVDNDE3QjcxNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpaoJZE1wTH2Zf5Mu5FX6bkYaM
ycbwBAg2O4xn/DMDlZaJE9kr00IieQkaRb8QmqLvz21BracQFAYP/bmCJarhoKhK
lTfMT9cxCOtBY9XAXFkDtKVKnRFMdlwBED8yMsTZnDP4T4vEitDLpTUPiT4m1nff
fFtZeXP6gVV0LU3cXHzKmZQPHG8LSD8mE828kXSukIvWF7DUwNsg4TOhnVlJzGiW
w71aJyWs8jPryRzv92bcfqsVEhRakMNbjHv4NGAkFThHli/Zki+ImkwGZvNRmrvU
9gTxHIQ1GvPxh6fAQzuDsdEQtRq9VVJ61We71Z5XFnLwWspEzBkcSjAuxw6rAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUWtMFFuLo7xRMFfC3kKr4XEF7cUgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzI4Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAuyiQw
DQYJKoZIhvcNAQELBQADggEBAAsGsQe+cEJB315BzoLyybUWi/pHKJaDpYw66huo
TQKtFqAHX5ao0ctaKEFBXoAzIQDh/5mbfUzB/tZDE0P3pflNsu2fbAzyqHoReuaA
GxsNRNVVIvwT3qc+RJF0hTkn/5qCTaxr3+1H4w/LKIMjjA6FMNuidBWgP2kDW4fs
iFoJiTCEGWwUU9g4nNJWpDswuFOCAtYGBLKMtoSIzZIGeUa6AWaVZabELg+bBeQh
IA2EClkm8+GHCSavFdbB2qrVwccQ+vDx8wMCaHmngjgT9KwFz5VBUo0vz5I0jutK
q3aE+LhzrpCLXJyjhojpCbvFcDMUmOPWXt/DLrZiFkUK3PQ=
-----END CERTIFICATE-----