Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS36352.roa
File:                     AS36352.roa (raw, json)
Hash identifier:          sM7gT/f4qkZjCJUfLKPfHl9jG0aSEaUf5kNqI+hOIdY=
Subject key identifier:   12:DC:7C:19:E6:F8:93:3E:03:8D:78:F5:36:F3:8E:86:78:A2:E6:16
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2EBCAD7936F97D226A4E6526784AD88E24D9ADCD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS36352.roa
Signing time:             Sat 09 May 2026 10:32:28 +0000
ROA not before:           Sat 09 May 2026 10:27:28 +0000
ROA not after:            Sat 08 May 2027 10:32:28 +0000
asID:                     36352
IP address blocks:        162.141.17.0/24 maxlen: 24
                          168.222.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:bc:ad:79:36:f9:7d:22:6a:4e:65:26:78:4a:d8:8e:24:d9:ad:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  9 10:27:28 2026 GMT
            Not After : May  8 10:32:28 2027 GMT
        Subject: CN=12DC7C19E6F8933E038D78F536F38E8678A2E616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:cc:4b:d7:9c:c3:9c:15:07:f4:60:d8:0b:02:
                    81:a6:a1:50:7b:f7:af:3f:bc:ab:e2:34:9c:3c:d3:
                    58:cb:da:cd:5f:21:91:4a:09:a2:bf:2d:12:69:49:
                    5a:57:7c:ab:3b:37:69:8e:bc:c6:a3:66:19:a3:4e:
                    86:b9:60:5d:3f:ff:8a:8d:c1:5b:58:8a:28:7c:ea:
                    3f:ff:bb:da:a9:65:51:b8:d7:7d:18:b5:56:da:5e:
                    29:27:d3:a9:bf:b1:7c:22:8b:ad:d4:f3:a4:2c:55:
                    32:66:68:c0:0c:4d:4c:67:db:e9:fb:6d:90:92:43:
                    49:cd:50:bb:6e:a9:f1:87:3c:96:99:7a:0b:dd:f0:
                    10:b7:a7:32:d9:64:25:36:2c:4b:3d:d9:52:c8:a3:
                    94:1c:58:76:bb:c7:8b:90:78:54:4b:92:35:67:d6:
                    d9:77:32:dc:6a:86:a6:8c:78:7a:8d:2b:40:1f:69:
                    94:bf:23:04:6d:43:fc:ee:8a:a8:87:64:83:ba:45:
                    81:c8:40:0c:71:2d:97:f8:41:e1:9a:f5:92:f7:4c:
                    b6:96:dc:75:d5:90:cf:f4:65:5a:e4:ba:94:0d:b2:
                    f7:35:4f:69:c0:54:42:ee:18:d1:65:3d:ca:df:77:
                    72:0e:5e:80:e8:61:fb:0f:31:81:ea:21:d8:8d:92:
                    f7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DC:7C:19:E6:F8:93:3E:03:8D:78:F5:36:F3:8E:86:78:A2:E6:16
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS36352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.17.0/24
                  168.222.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:b3:cc:b7:bc:26:9e:20:e9:10:44:85:1a:44:1a:7b:72:b9:
         f4:e2:71:bd:f9:6b:c2:39:f0:3b:f4:45:57:b1:42:21:08:ad:
         82:34:70:f4:54:48:96:b0:50:45:90:bb:7a:e0:76:7b:04:c0:
         2d:54:1d:ad:69:f3:ae:e9:a9:2a:c6:90:10:9e:bf:4b:89:99:
         bb:85:59:32:43:2d:66:2b:93:92:f1:1f:5c:8a:80:f1:03:6a:
         f9:12:9a:a8:a4:a0:ba:e3:58:78:56:ad:d2:4c:52:b0:c2:5a:
         52:32:4d:e9:ad:23:52:bb:ad:92:54:be:b7:f7:ee:04:7d:82:
         94:20:07:77:c4:2f:02:b0:72:09:a7:83:e7:bc:9a:5c:73:52:
         05:46:79:ef:11:f9:92:0a:2b:10:88:0d:a3:49:87:5b:cf:c1:
         45:c7:93:3e:ec:62:54:e0:b9:32:f2:66:a5:ff:ba:70:bc:7c:
         ac:cd:23:22:35:80:9c:2a:32:29:bc:87:56:26:f7:fb:63:28:
         8f:e6:e0:1c:a7:59:98:9b:98:d6:87:63:87:26:ae:3b:0a:9f:
         88:9f:3f:95:2e:58:df:51:2d:5b:18:ee:e7:38:0e:cd:22:55:
         d4:3f:b5:70:09:69:21:e9:26:95:56:0b:4c:c3:5a:25:62:cf:
         cb:94:80:56
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIULryteTb5fSJqTmUmeErYjiTZrc0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDkxMDI3MjhaFw0yNzA1MDgxMDMyMjhaMDMxMTAvBgNV
BAMTKDEyREM3QzE5RTZGODkzM0UwMzhENzhGNTM2RjM4RTg2NzhBMkU2MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXzEvXnMOcFQf0YNgLAoGmoVB7
968/vKviNJw801jL2s1fIZFKCaK/LRJpSVpXfKs7N2mOvMajZhmjToa5YF0//4qN
wVtYiih86j//u9qpZVG4130YtVbaXikn06m/sXwii63U86QsVTJmaMAMTUxn2+n7
bZCSQ0nNULtuqfGHPJaZegvd8BC3pzLZZCU2LEs92VLIo5QcWHa7x4uQeFRLkjVn
1tl3MtxqhqaMeHqNK0AfaZS/IwRtQ/zuiqiHZIO6RYHIQAxxLZf4QeGa9ZL3TLaW
3HXVkM/0ZVrkupQNsvc1T2nAVELuGNFlPcrfd3IOXoDoYfsPMYHqIdiNkvfBAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUEtx8Geb4kz4DjXj1NvOOhnii5hYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzYzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACijRED
BACo3lQwDQYJKoZIhvcNAQELBQADggEBAGazzLe8Jp4g6RBEhRpEGntyufTicb35
a8I58Dv0RVexQiEIrYI0cPRUSJawUEWQu3rgdnsEwC1UHa1p867pqSrGkBCev0uJ
mbuFWTJDLWYrk5LxH1yKgPEDavkSmqikoLrjWHhWrdJMUrDCWlIyTemtI1K7rZJU
vrf37gR9gpQgB3fELwKwcgmng+e8mlxzUgVGee8R+ZIKKxCIDaNJh1vPwUXHkz7s
YlTguTLyZqX/unC8fKzNIyI1gJwqMim8h1Ym9/tjKI/m4BynWZibmNaHY4cmrjsK
n4ifP5UuWN9RLVsY7uc4Ds0iVdQ/tXAJaSHpJpVWC0zDWiViz8uUgFY=
-----END CERTIFICATE-----