Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36351.roa
File:                     AS36351.roa (raw, json)
Hash identifier:          DSuBfAp1FjfQVDAwwpe5KEP9+qZDjO+mCj0f66YgNzc=
Subject key identifier:   CC:58:14:79:18:2B:FE:A7:50:B0:B4:7E:E1:AE:25:85:D6:41:C8:BE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1770CCF8795DCF7D450D7DB4A8821C4770EBC5A3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36351.roa
Signing time:             Wed 06 May 2026 13:39:06 +0000
ROA not before:           Wed 06 May 2026 13:34:06 +0000
ROA not after:            Wed 05 May 2027 13:39:06 +0000
asID:                     36351
IP address blocks:        181.214.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:70:cc:f8:79:5d:cf:7d:45:0d:7d:b4:a8:82:1c:47:70:eb:c5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  6 13:34:06 2026 GMT
            Not After : May  5 13:39:06 2027 GMT
        Subject: CN=CC581479182BFEA750B0B47EE1AE2585D641C8BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ca:83:14:8f:77:57:fd:ce:61:70:30:05:fb:
                    68:c7:af:d6:19:19:c0:76:54:42:bb:0a:b4:94:d1:
                    b3:ea:48:a5:42:ea:df:e6:48:ed:d9:20:6c:11:8a:
                    19:42:73:44:8c:a5:9d:16:94:0e:b6:67:5a:99:39:
                    a5:9e:eb:fd:fb:de:10:57:8a:ef:f3:2e:9a:06:46:
                    c6:41:d0:ac:87:3e:ac:d7:29:20:6f:d2:44:8a:a6:
                    11:9c:82:48:4a:47:20:57:ae:0c:ad:75:d9:a1:70:
                    e9:ba:ae:15:de:7e:1a:57:51:b1:d9:3d:bf:09:63:
                    d3:d5:af:4a:d4:88:77:80:69:96:6d:88:ae:58:e3:
                    9b:f4:25:d8:00:4f:6d:1b:42:7d:b8:42:57:3d:50:
                    e8:df:8d:41:e5:e0:36:e4:9c:ef:94:f4:c7:d3:ab:
                    9b:50:13:ac:80:35:69:a5:70:5d:49:08:1e:0b:5e:
                    e4:4e:be:42:d5:77:92:57:08:be:c5:aa:e3:3f:72:
                    cd:2f:44:e8:5a:78:5b:9f:ec:85:55:3d:ce:29:a0:
                    c4:91:6c:2b:e9:e9:22:1a:64:f3:10:6e:ab:f7:27:
                    96:1e:16:ee:28:5f:fc:e6:77:0d:ac:03:59:67:1b:
                    cf:a9:3f:e6:08:32:4e:ba:78:f1:5d:42:53:f8:27:
                    70:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:58:14:79:18:2B:FE:A7:50:B0:B4:7E:E1:AE:25:85:D6:41:C8:BE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36351.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:90:14:f2:43:1f:43:af:22:c7:6c:db:57:d7:1c:97:90:a9:
         83:bf:74:99:32:b8:6d:e4:a8:30:a1:ef:58:66:2c:d9:a2:10:
         05:54:23:46:d5:cd:6f:99:68:c5:1f:51:f5:d4:36:ff:49:2e:
         c4:42:e5:7c:b1:32:fc:2c:9c:d5:2f:f9:3d:6c:dd:50:29:a4:
         6d:27:52:e6:18:f1:dc:99:1d:81:ac:a9:4d:05:ce:45:a9:f8:
         95:70:86:aa:3d:67:48:9c:a0:8f:bd:2a:8e:f9:84:60:69:70:
         19:88:42:67:57:e1:ec:37:47:c4:e2:01:32:28:8b:91:55:92:
         76:37:5d:1a:e2:72:e8:1f:4b:ba:06:53:0a:73:34:9a:de:e1:
         d4:2e:e3:8d:8f:7e:32:44:83:c7:0f:c3:38:fa:e5:d3:a8:8e:
         c9:64:bc:e9:e3:af:32:f3:a7:50:f7:25:4c:3c:4b:bc:cd:d8:
         82:27:52:7b:31:bf:d4:b0:c0:4f:d0:12:7e:bb:0d:db:01:3f:
         ad:dc:fc:f4:b3:75:02:7d:2b:ec:08:18:e3:7b:ad:c6:ad:63:
         89:36:5e:17:41:e7:7f:b2:7f:4f:4c:9a:74:0c:30:45:ea:e4:
         87:50:3e:99:7f:2b:36:0b:c1:ef:c5:05:0e:47:ca:21:37:7f:
         52:bb:10:fe
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUF3DM+Hldz31FDX20qIIcR3DrxaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDYxMzM0MDZaFw0yNzA1MDUxMzM5MDZaMDMxMTAvBgNV
BAMTKENDNTgxNDc5MTgyQkZFQTc1MEIwQjQ3RUUxQUUyNTg1RDY0MUM4QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAyoMUj3dX/c5hcDAF+2jHr9YZ
GcB2VEK7CrSU0bPqSKVC6t/mSO3ZIGwRihlCc0SMpZ0WlA62Z1qZOaWe6/373hBX
iu/zLpoGRsZB0KyHPqzXKSBv0kSKphGcgkhKRyBXrgytddmhcOm6rhXefhpXUbHZ
Pb8JY9PVr0rUiHeAaZZtiK5Y45v0JdgAT20bQn24Qlc9UOjfjUHl4DbknO+U9MfT
q5tQE6yANWmlcF1JCB4LXuROvkLVd5JXCL7FquM/cs0vROhaeFuf7IVVPc4poMSR
bCvp6SIaZPMQbqv3J5YeFu4oX/zmdw2sA1lnG8+pP+YIMk66ePFdQlP4J3BPAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzFgUeRgr/qdQsLR+4a4lhdZByL4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzYzNTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11ngw
DQYJKoZIhvcNAQELBQADggEBAKSQFPJDH0OvIsds21fXHJeQqYO/dJkyuG3kqDCh
71hmLNmiEAVUI0bVzW+ZaMUfUfXUNv9JLsRC5XyxMvwsnNUv+T1s3VAppG0nUuYY
8dyZHYGsqU0FzkWp+JVwhqo9Z0icoI+9Ko75hGBpcBmIQmdX4ew3R8TiATIoi5FV
knY3XRricugfS7oGUwpzNJre4dQu442PfjJEg8cPwzj65dOojslkvOnjrzLzp1D3
JUw8S7zN2IInUnsxv9SwwE/QEn67DdsBP63c/PSzdQJ9K+wIGON7rcatY4k2XhdB
53+yf09MmnQMMEXq5IdQPpl/KzYLwe/FBQ5HyiE3f1K7EP4=
-----END CERTIFICATE-----