Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40352.roa
File:                     AS40352.roa (raw, json)
Hash identifier:          NgzSPpG7zJRnHp1AuxkRC1uAYV681wfXOMm6UkXcfvg=
Subject key identifier:   E9:E3:A7:B6:88:A3:4E:B4:07:EF:A5:B9:AF:AF:BF:6A:13:CA:D6:80
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6E479CA28FB6957CFF9DA83901624F1EFFF9D0FF
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40352.roa
Signing time:             Tue 02 Jun 2026 12:00:52 +0000
ROA not before:           Tue 02 Jun 2026 11:55:52 +0000
ROA not after:            Tue 01 Jun 2027 12:00:52 +0000
asID:                     40352
IP address blocks:        178.95.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:47:9c:a2:8f:b6:95:7c:ff:9d:a8:39:01:62:4f:1e:ff:f9:d0:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  2 11:55:52 2026 GMT
            Not After : Jun  1 12:00:52 2027 GMT
        Subject: CN=E9E3A7B688A34EB407EFA5B9AFAFBF6A13CAD680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6f:16:47:51:0d:88:90:04:7c:cb:b9:a4:84:
                    f4:85:72:04:cb:93:5e:d9:ff:df:96:9f:45:0c:b0:
                    71:73:10:aa:18:36:08:a9:5b:9a:9c:d5:26:46:86:
                    fb:be:a0:ce:b8:d3:6c:fd:14:cf:80:1a:14:a1:d7:
                    aa:50:00:0a:b6:de:da:2c:b4:b2:58:99:a1:ae:dd:
                    df:0e:49:8f:53:0b:71:71:75:4f:c5:a1:5f:82:77:
                    d0:52:23:90:76:db:22:66:3d:4b:df:2c:e9:71:56:
                    6c:a2:80:6b:2a:29:00:aa:91:c4:9b:2b:83:f7:f7:
                    50:8c:c1:0d:16:d4:db:7b:a0:b4:a2:d2:33:66:0a:
                    02:d4:b6:8c:06:e3:f4:b6:69:86:96:3d:98:24:77:
                    61:fd:78:57:f9:12:09:0b:68:b2:f2:6f:f2:a9:43:
                    e0:b3:19:11:74:9e:9f:25:a3:66:87:73:aa:52:b2:
                    ef:ab:5c:3d:65:08:ee:4b:87:04:b8:a6:19:31:99:
                    00:65:da:01:48:46:36:81:0e:33:5c:fc:c5:29:0b:
                    c2:63:76:bd:5a:9a:fb:cb:0d:f8:20:f7:e8:90:8a:
                    3b:da:1e:61:40:d5:06:fe:e4:1d:3e:56:1c:53:55:
                    2c:1c:55:cb:27:ef:a5:93:56:77:6f:f7:15:bb:b6:
                    19:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E3:A7:B6:88:A3:4E:B4:07:EF:A5:B9:AF:AF:BF:6A:13:CA:D6:80
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:e5:fc:21:0a:e2:06:b5:b8:b2:92:7a:2e:83:10:0e:dd:0f:
         5a:b9:05:29:ce:c4:fa:a4:fb:44:9b:51:8c:d9:57:0c:28:b4:
         dd:46:20:1a:74:e8:a0:95:e5:c1:f5:8f:6c:80:e7:ce:1b:be:
         1c:58:d9:c9:9b:4a:85:b2:b7:d2:eb:ec:5d:fb:82:f8:f0:20:
         51:0a:ce:2e:74:a5:af:ef:7b:71:48:1f:20:11:5b:14:8d:61:
         9c:cc:31:3f:6f:44:7f:4a:d7:77:0d:61:31:61:d7:f8:12:c7:
         ac:30:a2:72:cf:77:51:a5:a0:fa:35:2b:18:ce:e4:13:32:b5:
         ff:a0:89:23:b4:9c:cc:57:ba:e5:8f:9b:f4:1b:d8:26:0e:1a:
         96:04:70:e5:b2:96:9f:dd:38:1a:32:c5:b2:86:93:f6:00:7a:
         8f:86:8f:07:2f:e4:60:2f:c5:a2:1c:2b:c7:19:9a:2a:78:50:
         8c:f4:c6:4b:3d:19:ee:fb:26:98:ea:78:5e:e6:1c:be:f6:3a:
         e9:f5:61:63:a1:cb:a6:bc:b9:a4:5c:29:b5:b3:f6:da:98:a3:
         ba:53:3b:8c:0e:b2:0e:b2:67:a2:a7:f1:0d:2a:04:f1:58:1b:
         2b:7a:af:90:a9:83:3a:f0:8d:88:b6:ac:c2:c7:17:3b:4b:75:
         4f:3e:9e:19
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbkecoo+2lXz/nag5AWJPHv/50P8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDIxMTU1NTJaFw0yNzA2MDExMjAwNTJaMDMxMTAvBgNV
BAMTKEU5RTNBN0I2ODhBMzRFQjQwN0VGQTVCOUFGQUZCRjZBMTNDQUQ2ODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYbxZHUQ2IkAR8y7mkhPSFcgTL
k17Z/9+Wn0UMsHFzEKoYNgipW5qc1SZGhvu+oM6402z9FM+AGhSh16pQAAq23tos
tLJYmaGu3d8OSY9TC3FxdU/FoV+Cd9BSI5B22yJmPUvfLOlxVmyigGsqKQCqkcSb
K4P391CMwQ0W1Nt7oLSi0jNmCgLUtowG4/S2aYaWPZgkd2H9eFf5EgkLaLLyb/Kp
Q+CzGRF0np8lo2aHc6pSsu+rXD1lCO5LhwS4phkxmQBl2gFIRjaBDjNc/MUpC8Jj
dr1amvvLDfgg9+iQijvaHmFA1Qb+5B0+VhxTVSwcVcsn76WTVndv9xW7thm7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU6eOntoijTrQH76W5r6+/ahPK1oAwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyXwow
DQYJKoZIhvcNAQELBQADggEBAKvl/CEK4ga1uLKSei6DEA7dD1q5BSnOxPqk+0Sb
UYzZVwwotN1GIBp06KCV5cH1j2yA584bvhxY2cmbSoWyt9Lr7F37gvjwIFEKzi50
pa/ve3FIHyARWxSNYZzMMT9vRH9K13cNYTFh1/gSx6wwonLPd1GloPo1KxjO5BMy
tf+giSO0nMxXuuWPm/Qb2CYOGpYEcOWylp/dOBoyxbKGk/YAeo+Gjwcv5GAvxaIc
K8cZmip4UIz0xks9Ge77JpjqeF7mHL72Oun1YWOhy6a8uaRcKbWz9tqYo7pTO4wO
sg6yZ6Kn8Q0qBPFYGyt6r5CpgzrwjYi2rMLHFztLdU8+nhk=
-----END CERTIFICATE-----