Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS35661.roa
File:                     AS35661.roa (raw, json)
Hash identifier:          ucDUhEVYTebBOWll5oYjI0rbiAMuBusQ9S3JKNc1piY=
Subject key identifier:   82:23:C9:0E:2A:6A:35:F9:03:D9:01:8A:F5:94:7F:B8:86:46:99:06
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3C63BAD5E239EE1937C3C682A7CD1004B008DA75
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS35661.roa
Signing time:             Thu 09 Apr 2026 12:07:34 +0000
ROA not before:           Thu 09 Apr 2026 12:02:34 +0000
ROA not after:            Thu 08 Apr 2027 12:07:34 +0000
asID:                     35661
IP address blocks:        147.78.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:63:ba:d5:e2:39:ee:19:37:c3:c6:82:a7:cd:10:04:b0:08:da:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  9 12:02:34 2026 GMT
            Not After : Apr  8 12:07:34 2027 GMT
        Subject: CN=8223C90E2A6A35F903D9018AF5947FB886469906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f4:8f:b4:7d:ef:14:45:da:77:98:8f:6c:fe:
                    1e:39:05:fc:c2:a9:d5:dd:a9:97:57:ec:cc:32:2f:
                    ee:7e:eb:05:ab:a5:22:83:3d:9b:8f:eb:b6:71:6c:
                    39:1c:13:76:88:46:95:16:35:14:71:27:1e:3f:f7:
                    08:b7:b2:bb:1a:2f:87:0e:76:0a:c6:cd:6c:f5:99:
                    0c:2b:ab:ba:06:d7:97:2e:78:b1:f7:fa:5d:e5:41:
                    b1:5e:28:07:87:f6:ec:c2:6b:da:b0:d8:fd:52:dc:
                    2c:88:b5:92:ee:eb:f0:2d:17:69:cb:4f:84:01:f7:
                    cf:0b:d4:8f:3a:12:5b:8e:5c:bd:a4:f4:ad:27:72:
                    6f:69:5e:bb:c7:28:81:4d:b7:92:35:b5:b3:f5:82:
                    54:e1:c3:d7:c8:0c:18:3e:67:34:d1:84:44:76:bd:
                    c8:66:d2:2c:12:2e:d0:5e:7e:47:e9:a2:8c:7c:31:
                    09:2d:df:a4:3a:d9:97:65:6d:1e:84:87:96:d4:46:
                    c0:4b:60:8c:2f:fa:77:21:d4:7e:7a:11:7a:74:61:
                    c3:68:87:38:0f:b8:c6:73:a7:bd:9c:5c:01:45:92:
                    dc:7a:8a:40:34:52:ba:52:fa:15:87:fa:ac:a9:bd:
                    49:f0:6e:31:53:b3:09:c3:ce:5b:a4:b6:99:bf:8d:
                    c1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:23:C9:0E:2A:6A:35:F9:03:D9:01:8A:F5:94:7F:B8:86:46:99:06
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS35661.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:4f:07:56:60:05:f2:1d:ff:d6:d9:21:2e:3f:79:ea:fe:18:
         ab:98:3d:c5:73:57:1d:5f:76:66:f9:af:23:db:c1:11:28:ff:
         f8:b5:8a:4c:6d:5b:47:cc:c5:52:a9:0f:05:85:29:dd:f6:8c:
         93:e3:17:3a:81:0b:6b:f5:98:4b:ad:7c:03:23:21:e5:d3:fd:
         04:55:fd:83:49:8a:ed:46:f8:83:a8:26:90:6b:dc:bd:5a:6d:
         c4:57:5e:af:d3:c8:6b:e7:31:ba:14:ed:cc:61:24:6e:61:a2:
         6e:f4:50:00:ea:1d:c2:1e:2d:59:8f:ef:f0:d7:d2:a5:2a:74:
         ea:9a:6c:98:1f:49:f9:3d:82:23:c0:5b:3f:64:f1:98:c2:22:
         76:00:0d:18:f2:bd:a0:41:ff:5f:67:71:09:05:51:70:01:14:
         0d:7a:6e:9b:d7:3c:43:0a:be:79:a0:ea:4c:0a:fb:b7:12:16:
         0f:29:c4:53:b5:04:93:96:37:76:9e:be:db:26:3a:ec:78:5e:
         12:a2:6a:1d:84:ab:40:ac:b2:c3:c0:c9:ae:29:99:cf:9c:bf:
         07:f1:5d:2d:c8:71:f2:5f:14:3d:4b:3a:64:91:a3:ca:e4:36:
         ed:78:48:48:b2:91:fa:c0:2b:f0:95:78:be:16:92:e7:b7:44:
         22:44:e3:f0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPGO61eI57hk3w8aCp80QBLAI2nUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MDkxMjAyMzRaFw0yNzA0MDgxMjA3MzRaMDMxMTAvBgNV
BAMTKDgyMjNDOTBFMkE2QTM1RjkwM0Q5MDE4QUY1OTQ3RkI4ODY0Njk5MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC89I+0fe8URdp3mI9s/h45BfzC
qdXdqZdX7MwyL+5+6wWrpSKDPZuP67ZxbDkcE3aIRpUWNRRxJx4/9wi3srsaL4cO
dgrGzWz1mQwrq7oG15cueLH3+l3lQbFeKAeH9uzCa9qw2P1S3CyItZLu6/AtF2nL
T4QB988L1I86EluOXL2k9K0ncm9pXrvHKIFNt5I1tbP1glThw9fIDBg+ZzTRhER2
vchm0iwSLtBefkfpoox8MQkt36Q62ZdlbR6Eh5bURsBLYIwv+nch1H56EXp0YcNo
hzgPuMZzp72cXAFFktx6ikA0UrpS+hWH+qypvUnwbjFTswnDzluktpm/jcGlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUgiPJDipqNfkD2QGK9ZR/uIZGmQYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzU2NjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTnsw
DQYJKoZIhvcNAQELBQADggEBAJVPB1ZgBfId/9bZIS4/eer+GKuYPcVzVx1fdmb5
ryPbwREo//i1ikxtW0fMxVKpDwWFKd32jJPjFzqBC2v1mEutfAMjIeXT/QRV/YNJ
iu1G+IOoJpBr3L1abcRXXq/TyGvnMboU7cxhJG5hom70UADqHcIeLVmP7/DX0qUq
dOqabJgfSfk9giPAWz9k8ZjCInYADRjyvaBB/19ncQkFUXABFA16bpvXPEMKvnmg
6kwK+7cSFg8pxFO1BJOWN3aevtsmOux4XhKiah2Eq0CsssPAya4pmc+cvwfxXS3I
cfJfFD1LOmSRo8rkNu14SEiykfrAK/CVeL4Wkue3RCJE4/A=
-----END CERTIFICATE-----