Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20333935343730.roa
File:                     352e3138322e33352e302f32342d3234203d3e20333935343730.roa (raw, json)
Hash identifier:          +qw3aKq4onzdU82N6oQhW8J29uKjOmt84dQUCndzvek=
Subject key identifier:   D9:4A:2E:CD:CB:19:5A:A7:26:65:7E:8E:52:C1:5C:4E:3E:B8:0B:C0
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1003C3C4A976BBF218D25510BBEE07ED600B3482
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20333935343730.roa
Signing time:             Thu 28 May 2026 11:29:36 +0000
ROA not before:           Thu 28 May 2026 11:24:36 +0000
ROA not after:            Thu 27 May 2027 11:29:36 +0000
asID:                     395470
IP address blocks:        5.182.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:03:c3:c4:a9:76:bb:f2:18:d2:55:10:bb:ee:07:ed:60:0b:34:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 28 11:24:36 2026 GMT
            Not After : May 27 11:29:36 2027 GMT
        Subject: CN=D94A2ECDCB195AA726657E8E52C15C4E3EB80BC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:28:be:fe:6d:2b:ac:a4:3f:dd:40:78:21:fd:
                    f0:2e:09:42:fc:b7:f8:e4:df:ba:8f:cb:d3:b3:b7:
                    9f:f2:90:e1:06:e7:38:6c:0d:6e:c7:32:5a:7b:a6:
                    29:ac:04:10:39:13:25:fc:b6:45:12:58:93:5a:cc:
                    e8:12:b9:f0:7e:05:ce:68:c0:7c:f0:54:e1:5b:81:
                    6a:4c:d9:3e:9d:ae:2b:96:73:dd:13:7c:70:0e:bf:
                    17:02:8e:de:ad:a3:c8:10:6b:71:4e:bf:38:e7:93:
                    a8:76:61:fc:53:c8:24:16:f0:9f:32:46:df:fc:9c:
                    fb:83:50:29:84:54:45:63:75:b6:25:fe:fa:d8:79:
                    34:af:e3:9a:e1:48:61:aa:88:08:66:ce:9c:93:f9:
                    ea:d8:57:de:5c:e3:c0:fa:1a:88:e8:1b:c2:48:28:
                    59:30:41:c0:02:8e:ed:9b:84:a2:a4:c8:91:e5:c8:
                    c5:fa:c4:c4:9b:15:99:bb:13:0e:8e:0d:2e:07:c2:
                    1f:3e:27:31:b7:47:e7:75:68:c4:50:27:a8:cf:be:
                    d3:51:c9:50:db:e6:9f:6d:ec:37:47:c6:7f:28:c8:
                    f7:98:01:f0:3d:11:6f:33:8e:09:b3:95:39:e8:d7:
                    bc:35:6e:ab:42:03:11:2b:c1:9d:a7:fb:f4:54:5a:
                    27:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4A:2E:CD:CB:19:5A:A7:26:65:7E:8E:52:C1:5C:4E:3E:B8:0B:C0
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20333935343730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:1a:20:9a:96:58:ba:33:89:ff:4e:9a:7e:cb:be:df:3a:d5:
         fe:17:83:d7:d2:31:17:9e:f0:3d:56:71:18:bf:c0:05:48:34:
         ad:96:a5:df:0b:b9:41:34:d3:8d:23:fb:a8:d1:5b:3e:9d:93:
         42:e5:94:fb:7d:a7:c6:87:91:8e:fc:bc:76:29:16:29:b8:7b:
         98:9a:0c:d2:d0:cd:79:7b:52:2a:50:61:b4:15:83:fc:f2:07:
         4f:ae:c9:f3:fd:44:64:2c:ca:7a:5c:12:e0:fc:68:3c:2c:97:
         c0:4d:f6:92:47:b7:13:b8:2f:6d:e6:b3:1e:18:7e:b7:55:a4:
         53:ba:15:68:f1:62:95:17:43:81:cd:bb:8d:4f:47:5b:97:05:
         5c:9f:2f:d6:46:bf:d6:07:ab:e4:36:ad:fe:49:d4:bb:1a:60:
         8a:6a:28:35:29:73:0d:a3:fa:6c:27:31:14:5c:fe:0a:a8:39:
         65:cf:0b:01:57:19:d3:47:fe:5d:2e:c8:5b:c0:5a:bb:ed:b9:
         16:37:90:cb:49:08:5a:d6:dd:81:4f:bc:5c:6a:66:57:6d:26:
         14:a5:80:17:a5:9f:0c:e7:9c:00:40:20:fe:57:95:19:05:dc:
         89:f3:0e:0c:4d:81:b7:39:77:7f:f3:1f:98:85:9c:bd:0d:67:
         0c:83:85:a7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEAPDxKl2u/IY0lUQu+4H7WALNIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjA1MjgxMTI0MzZaFw0yNzA1MjcxMTI5MzZaMDMxMTAvBgNV
BAMTKEQ5NEEyRUNEQ0IxOTVBQTcyNjY1N0U4RTUyQzE1QzRFM0VCODBCQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChKL7+bSuspD/dQHgh/fAuCUL8
t/jk37qPy9Ozt5/ykOEG5zhsDW7HMlp7pimsBBA5EyX8tkUSWJNazOgSufB+Bc5o
wHzwVOFbgWpM2T6driuWc90TfHAOvxcCjt6to8gQa3FOvzjnk6h2YfxTyCQW8J8y
Rt/8nPuDUCmEVEVjdbYl/vrYeTSv45rhSGGqiAhmzpyT+erYV95c48D6GojoG8JI
KFkwQcACju2bhKKkyJHlyMX6xMSbFZm7Ew6ODS4Hwh8+JzG3R+d1aMRQJ6jPvtNR
yVDb5p9t7DdHxn8oyPeYAfA9EW8zjgmzlTno17w1bqtCAxErwZ2n+/RUWidNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU2UouzcsZWqcmZX6OUsFcTj64C8AwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMjJlMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNTM0MzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW2
IzANBgkqhkiG9w0BAQsFAAOCAQEAdxogmpZYujOJ/06afsu+3zrV/heD19IxF57w
PVZxGL/ABUg0rZal3wu5QTTTjSP7qNFbPp2TQuWU+32nxoeRjvy8dikWKbh7mJoM
0tDNeXtSKlBhtBWD/PIHT67J8/1EZCzKelwS4PxoPCyXwE32kke3E7gvbeazHhh+
t1WkU7oVaPFilRdDgc27jU9HW5cFXJ8v1ka/1ger5Dat/knUuxpgimooNSlzDaP6
bCcxFFz+Cqg5Zc8LAVcZ00f+XS7IW8Bau+25FjeQy0kIWtbdgU+8XGpmV20mFKWA
F6WfDOecAEAg/leVGQXcifMODE2Btzl3f/MfmIWcvQ1nDIOFpw==
-----END CERTIFICATE-----