Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3235322e35322e302f32322d3332203d3e203430303231.roa
File:                     352e3235322e35322e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier:          0lofAwQ0Dxnr5pGHEoTAd6qT6CQgmpFLQeUPCfCJw1Q=
Subject key identifier:   5B:4A:0A:FE:78:52:62:52:F9:70:3D:C5:85:E6:71:F1:48:66:7B:51
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       33F1C76F4E438E3BFAF96A8369FFEDBB6B61C59F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3235322e35322e302f32322d3332203d3e203430303231.roa
Signing time:             Sat 07 Mar 2026 10:23:24 +0000
ROA not before:           Sat 07 Mar 2026 10:18:24 +0000
ROA not after:            Sat 06 Mar 2027 10:23:24 +0000
asID:                     40021
IP address blocks:        5.252.52.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:f1:c7:6f:4e:43:8e:3b:fa:f9:6a:83:69:ff:ed:bb:6b:61:c5:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar  7 10:18:24 2026 GMT
            Not After : Mar  6 10:23:24 2027 GMT
        Subject: CN=5B4A0AFE78526252F9703DC585E671F148667B51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9f:ca:d8:07:67:b9:78:d4:d9:8b:97:38:1a:
                    fa:49:86:97:bd:f5:94:fc:20:d9:bf:a9:4f:96:89:
                    f7:b8:60:94:ea:b8:3a:d0:d9:ca:8c:0e:c0:a2:0b:
                    23:89:31:c8:c1:87:c6:7d:77:d2:ac:c5:bb:5a:b8:
                    1e:31:07:5d:32:0b:00:99:68:94:19:b6:62:73:9b:
                    f5:aa:8c:2d:8d:5c:86:dd:df:3e:f0:ee:aa:37:f7:
                    68:20:d9:af:06:35:fb:f9:42:58:1c:21:a6:d3:46:
                    e1:eb:c7:21:d0:71:a3:ad:d3:54:27:2f:4e:dc:22:
                    f8:6a:72:d8:37:47:aa:17:28:e1:21:c4:9e:31:3b:
                    c8:b6:b9:c5:1c:a1:23:34:7e:1e:16:ab:31:c7:98:
                    e8:4f:16:23:f3:98:22:6a:ec:66:e8:8b:5b:a3:c9:
                    d6:a4:b6:22:d5:56:9e:8f:20:9f:4b:1d:9a:71:99:
                    01:47:38:0c:72:64:50:9e:78:cc:b4:aa:78:1c:9b:
                    70:b0:ca:5e:be:4b:f7:05:dc:81:15:1a:62:8f:e9:
                    e5:c5:fe:5f:31:2b:5f:70:94:7c:42:04:f9:5c:4d:
                    c3:e8:1a:1d:e2:57:a1:40:ba:cf:bb:7e:7f:61:99:
                    b6:44:55:1d:90:d6:be:a2:57:8e:35:df:fd:07:37:
                    41:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4A:0A:FE:78:52:62:52:F9:70:3D:C5:85:E6:71:F1:48:66:7B:51
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3235322e35322e302f32322d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:65:bf:11:7d:d7:3a:aa:c9:fd:5d:67:46:9f:4d:c6:e5:5d:
         a2:d8:e2:57:15:07:68:6e:58:c0:b2:68:b1:0d:1d:59:48:20:
         c9:1e:80:a2:82:70:01:86:42:6b:47:7b:05:b7:8c:a1:72:ce:
         3c:23:70:25:4d:01:fe:ba:d0:a5:16:e1:dc:57:7b:04:a0:06:
         7d:61:e2:9a:ed:b3:23:83:d7:be:82:32:69:47:c0:6f:03:4a:
         6b:a5:b6:d7:5b:5d:bc:5c:65:49:98:c0:ad:9c:a3:c5:4d:72:
         8c:a0:18:dd:1a:fc:36:6d:fc:90:fe:c6:68:b2:e4:e1:0d:bb:
         ca:5c:1e:d6:4a:5b:a5:7d:7a:54:93:1d:9c:a2:56:b0:0a:a7:
         1b:1d:c5:13:ce:71:82:9e:85:3e:a9:ea:ce:42:ea:cb:65:c5:
         59:f0:a7:32:28:7f:c5:ad:d3:1b:74:ec:33:67:49:61:04:6f:
         99:43:34:82:a6:47:7c:83:91:cf:c9:bd:3f:3f:86:44:ca:84:
         a5:07:26:f6:fe:f0:07:73:2c:64:c5:91:95:a0:58:89:f0:17:
         d8:3b:e7:e8:ee:1e:f6:9c:a0:8d:dc:96:d3:6c:0a:40:66:5b:
         97:45:f7:03:18:69:94:4d:39:4a:f5:da:26:c2:6a:c6:a2:87:
         1c:64:38:19
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUM/HHb05Djjv6+WqDaf/tu2thxZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAzMDcxMDE4MjRaFw0yNzAzMDYxMDIzMjRaMDMxMTAvBgNV
BAMTKDVCNEEwQUZFNzg1MjYyNTJGOTcwM0RDNTg1RTY3MUYxNDg2NjdCNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVn8rYB2e5eNTZi5c4GvpJhpe9
9ZT8INm/qU+Wife4YJTquDrQ2cqMDsCiCyOJMcjBh8Z9d9KsxbtauB4xB10yCwCZ
aJQZtmJzm/WqjC2NXIbd3z7w7qo392gg2a8GNfv5QlgcIabTRuHrxyHQcaOt01Qn
L07cIvhqctg3R6oXKOEhxJ4xO8i2ucUcoSM0fh4WqzHHmOhPFiPzmCJq7Gboi1uj
ydaktiLVVp6PIJ9LHZpxmQFHOAxyZFCeeMy0qngcm3Cwyl6+S/cF3IEVGmKP6eXF
/l8xK19wlHxCBPlcTcPoGh3iV6FAus+7fn9hmbZEVR2Q1r6iV4413/0HN0GFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUW0oK/nhSYlL5cD3FheZx8Uhme1EwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMyMzUzMjJlMzUzMjJl
MzAyZjMyMzIyZDMzMzIyMDNkM2UyMDM0MzAzMDMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIF/DQw
DQYJKoZIhvcNAQELBQADggEBAKplvxF91zqqyf1dZ0afTcblXaLY4lcVB2huWMCy
aLENHVlIIMkegKKCcAGGQmtHewW3jKFyzjwjcCVNAf660KUW4dxXewSgBn1h4prt
syOD176CMmlHwG8DSmulttdbXbxcZUmYwK2co8VNcoygGN0a/DZt/JD+xmiy5OEN
u8pcHtZKW6V9elSTHZyiVrAKpxsdxRPOcYKehT6p6s5C6stlxVnwpzIof8Wt0xt0
7DNnSWEEb5lDNIKmR3yDkc/JvT8/hkTKhKUHJvb+8AdzLGTFkZWgWInwF9g75+ju
HvacoI3cltNsCkBmW5dF9wMYaZRNOUr12ibCasaihxxkOBk=
-----END CERTIFICATE-----