Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20383334.roa
File:                     352e3138322e33352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Ov2XbCC0wTybgtbMrd7k7jlLwAGAtPGFEZp/W120NuY=
Subject key identifier:   31:EA:B4:42:A6:7D:A7:C0:CB:88:F1:07:E8:E6:A1:FF:75:79:CB:B1
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       0867108475DB02B10AF7CC14BD565A06CC0331AA
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20383334.roa
Signing time:             Sat 20 Jun 2026 07:15:17 +0000
ROA not before:           Sat 20 Jun 2026 07:10:17 +0000
ROA not after:            Sat 19 Jun 2027 07:15:17 +0000
asID:                     834
IP address blocks:        5.182.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:67:10:84:75:db:02:b1:0a:f7:cc:14:bd:56:5a:06:cc:03:31:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun 20 07:10:17 2026 GMT
            Not After : Jun 19 07:15:17 2027 GMT
        Subject: CN=31EAB442A67DA7C0CB88F107E8E6A1FF7579CBB1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:25:dd:28:c7:4d:94:2f:8d:16:1c:6d:be:10:
                    1c:38:a4:f5:a0:99:d9:0a:44:56:a0:1f:4f:f7:f3:
                    ee:8f:5a:e2:76:b4:1b:7e:dc:42:39:b7:11:15:d2:
                    15:bc:56:a1:0d:48:ff:0e:cc:60:e5:ea:4d:d6:98:
                    9c:74:81:63:7c:84:9a:be:03:fa:1b:43:c1:29:82:
                    e4:45:f2:cf:92:7c:fe:2c:96:32:7f:d8:0c:c9:b2:
                    cd:42:0a:d8:96:de:bc:b0:18:b7:e9:47:53:03:db:
                    a9:57:3a:d7:90:86:17:32:98:6b:ae:be:be:6e:ee:
                    66:0a:d1:3f:2c:43:45:00:56:63:a8:c7:14:8d:e3:
                    b2:5f:b1:82:2d:b9:52:ee:49:d3:6c:9e:4c:64:e5:
                    07:86:87:97:44:99:42:f4:51:cd:27:cf:36:f5:8b:
                    34:87:a6:36:79:8a:13:f3:db:86:d9:14:75:f2:70:
                    09:0c:5b:dd:53:6d:b7:ad:f5:b2:0b:af:fa:47:04:
                    28:3d:c1:a9:4f:d4:07:39:de:d9:34:1d:75:9e:70:
                    28:04:45:4b:cd:d6:4f:31:de:55:11:3e:2e:ce:2b:
                    b5:38:53:de:ea:e8:4f:06:28:82:06:3f:69:d5:50:
                    cc:13:2d:8d:39:31:e1:69:ad:45:42:32:de:42:71:
                    b8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EA:B4:42:A6:7D:A7:C0:CB:88:F1:07:E8:E6:A1:FF:75:79:CB:B1
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:8d:0b:9f:b7:97:bd:0b:29:a2:94:f8:3c:bd:73:29:f7:f1:
         94:2b:72:78:43:97:f5:7c:dd:f2:24:a3:10:15:83:ce:95:d3:
         a4:6d:5b:d9:5f:d8:57:a3:03:09:e7:0e:95:86:64:44:0e:0c:
         f1:33:45:e1:b0:dd:30:88:c4:ed:cd:37:e1:9d:59:d4:d5:f5:
         fb:df:91:bb:3f:da:56:5a:08:73:d0:93:80:3d:63:81:0e:da:
         33:92:56:09:a2:81:0b:77:27:bc:49:f7:42:16:53:f8:9b:10:
         4c:3f:77:fb:55:6b:5b:c0:ad:8f:ee:95:33:b2:b8:ea:f0:39:
         8e:9d:75:10:83:95:56:d8:3d:dc:86:dc:23:73:ff:a1:05:9b:
         f6:fc:e0:e6:64:d3:e6:24:d1:3a:b1:6d:d8:cf:62:3d:8c:03:
         d8:d3:33:88:ab:37:53:00:2c:d1:2d:65:41:aa:c8:5e:dc:5d:
         da:59:52:7d:e6:89:9c:3e:a9:ce:92:4d:26:82:ae:32:6a:21:
         85:5d:ca:27:5f:52:f9:15:fa:ff:7e:f2:8a:35:74:53:19:a0:
         26:58:32:8a:d2:9f:61:86:ef:14:16:8a:0a:c7:00:ed:7d:32:
         17:90:44:aa:65:c2:b5:ee:d6:c9:53:e0:65:72:3f:f9:a7:48:
         bf:49:c7:87
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUCGcQhHXbArEK98wUvVZaBswDMaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjA2MjAwNzEwMTdaFw0yNzA2MTkwNzE1MTdaMDMxMTAvBgNV
BAMTKDMxRUFCNDQyQTY3REE3QzBDQjg4RjEwN0U4RTZBMUZGNzU3OUNCQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPJd0ox02UL40WHG2+EBw4pPWg
mdkKRFagH0/38+6PWuJ2tBt+3EI5txEV0hW8VqENSP8OzGDl6k3WmJx0gWN8hJq+
A/obQ8EpguRF8s+SfP4sljJ/2AzJss1CCtiW3rywGLfpR1MD26lXOteQhhcymGuu
vr5u7mYK0T8sQ0UAVmOoxxSN47JfsYItuVLuSdNsnkxk5QeGh5dEmUL0Uc0nzzb1
izSHpjZ5ihPz24bZFHXycAkMW91Tbbet9bILr/pHBCg9walP1Ac53tk0HXWecCgE
RUvN1k8x3lURPi7OK7U4U97q6E8GKIIGP2nVUMwTLY05MeFprUVCMt5CcbgTAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUMeq0QqZ9p8DLiPEH6Oah/3V5y7EwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMjJlMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW2IzANBgkq
hkiG9w0BAQsFAAOCAQEAC40Ln7eXvQspopT4PL1zKffxlCtyeEOX9Xzd8iSjEBWD
zpXTpG1b2V/YV6MDCecOlYZkRA4M8TNF4bDdMIjE7c034Z1Z1NX1+9+Ruz/aVloI
c9CTgD1jgQ7aM5JWCaKBC3cnvEn3QhZT+JsQTD93+1VrW8Ctj+6VM7K46vA5jp11
EIOVVtg93IbcI3P/oQWb9vzg5mTT5iTROrFt2M9iPYwD2NMziKs3UwAs0S1lQarI
Xtxd2llSfeaJnD6pzpJNJoKuMmohhV3KJ19S+RX6/37yijV0UxmgJlgyitKfYYbv
FBaKCscA7X0yF5BEqmXCte7WyVPgZXI/+adIv0nHhw==
-----END CERTIFICATE-----