Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20383334.roa
File:                     352e3138322e33352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          aC+xuftho6Nq7HBPIj9J1t5nqGKsPTXJPBI7lmxAQzY=
Subject key identifier:   77:48:A8:5F:5B:71:E1:F4:26:82:D8:CB:65:5F:E2:33:B3:C8:89:09
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       43C2584E9070F9D3DB3B7BE0335427DE8809FD09
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20383334.roa
Signing time:             Thu 31 Jul 2025 11:40:58 +0000
ROA not before:           Thu 31 Jul 2025 11:35:58 +0000
ROA not after:            Thu 30 Jul 2026 11:40:58 +0000
asID:                     834
IP address blocks:        5.182.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:11:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:c2:58:4e:90:70:f9:d3:db:3b:7b:e0:33:54:27:de:88:09:fd:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jul 31 11:35:58 2025 GMT
            Not After : Jul 30 11:40:58 2026 GMT
        Subject: CN=7748A85F5B71E1F42682D8CB655FE233B3C88909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:84:59:13:20:3d:17:b7:75:d3:3f:6f:92:8f:
                    1b:80:d9:e6:db:8e:18:c7:e1:e5:71:eb:12:02:e4:
                    e4:07:95:3e:e5:9a:ab:ca:aa:cb:23:6c:b2:7a:28:
                    89:05:2c:d0:19:a1:58:67:12:2a:58:0a:07:50:cd:
                    2b:4b:9c:58:76:11:83:b5:7a:3b:86:79:76:c2:b4:
                    6c:e5:a4:23:a4:d1:44:39:93:d2:b4:e6:ab:d5:5c:
                    be:2d:4d:9f:08:96:11:e7:b0:4b:c9:a2:da:57:09:
                    98:6c:5e:91:80:02:43:49:1c:74:e4:6a:a7:d2:21:
                    0e:a4:49:d3:ed:f4:0d:cc:b9:3f:66:da:f4:54:e1:
                    52:cc:72:9d:37:62:1c:fb:31:d1:84:7b:96:f6:05:
                    08:b0:05:8e:5c:43:46:f2:e2:f6:50:56:a9:c5:e2:
                    9a:82:af:6a:fb:62:40:2b:ea:a0:49:71:09:35:b3:
                    c7:58:34:04:43:81:b5:f3:e4:16:a2:fb:55:9c:7e:
                    e8:52:ad:ce:e4:06:e9:c2:a4:1e:68:e4:89:13:06:
                    a3:3a:fd:74:48:14:9b:33:0b:a5:aa:1c:aa:47:3c:
                    de:8a:19:53:a1:a4:00:77:b9:df:56:a4:33:b1:11:
                    68:56:83:dc:c6:68:bc:18:74:23:b8:49:04:53:ee:
                    3d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:48:A8:5F:5B:71:E1:F4:26:82:D8:CB:65:5F:E2:33:B3:C8:89:09
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ac:4d:c5:bf:1f:bf:6a:b9:4f:ba:17:57:3d:a5:97:5b:38:
         00:ce:05:f0:6a:3a:91:17:19:6d:dd:fd:40:26:47:40:bd:aa:
         40:92:64:0c:b2:9f:47:15:92:dc:ce:3e:cc:c9:9b:fd:85:52:
         71:77:de:8f:fb:b8:18:12:f9:58:e6:b5:44:78:9b:bf:f8:d6:
         2d:61:cf:6d:a9:50:52:2d:b0:8a:03:a7:4e:be:b5:21:00:29:
         44:e4:d0:38:26:b3:87:4a:5a:ef:fd:b9:4a:b5:db:a3:4d:18:
         28:d7:1a:d0:3b:16:bb:d8:2b:05:bf:05:cc:02:63:0c:e9:e8:
         b6:48:75:b9:f5:ef:94:af:a5:7a:a3:f9:38:4c:70:6e:4e:97:
         27:c5:36:e9:52:d6:61:68:e3:9d:91:fc:7c:82:e9:03:8a:e2:
         59:61:ae:6c:f4:69:7f:e5:4f:6c:71:8c:49:dc:35:94:57:7a:
         e2:f2:e7:70:30:97:5c:7a:1a:94:5e:5d:bb:5c:aa:91:dc:2a:
         04:cc:6a:26:98:46:c8:80:36:53:e4:59:61:3b:d8:ee:7a:ba:
         a1:99:d4:50:f2:85:fd:d6:81:34:8b:10:73:24:39:6c:f0:ee:
         10:b9:30:19:5f:b3:dd:fc:52:b0:4b:a5:a9:5e:58:02:4c:3e:
         86:07:0d:ec
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUQ8JYTpBw+dPbO3vgM1Qn3ogJ/QkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA3MzExMTM1NThaFw0yNjA3MzAxMTQwNThaMDMxMTAvBgNV
BAMTKDc3NDhBODVGNUI3MUUxRjQyNjgyRDhDQjY1NUZFMjMzQjNDODg5MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYhFkTID0Xt3XTP2+SjxuA2ebb
jhjH4eVx6xIC5OQHlT7lmqvKqssjbLJ6KIkFLNAZoVhnEipYCgdQzStLnFh2EYO1
ejuGeXbCtGzlpCOk0UQ5k9K05qvVXL4tTZ8IlhHnsEvJotpXCZhsXpGAAkNJHHTk
aqfSIQ6kSdPt9A3MuT9m2vRU4VLMcp03Yhz7MdGEe5b2BQiwBY5cQ0by4vZQVqnF
4pqCr2r7YkAr6qBJcQk1s8dYNARDgbXz5Bai+1WcfuhSrc7kBunCpB5o5IkTBqM6
/XRIFJszC6WqHKpHPN6KGVOhpAB3ud9WpDOxEWhWg9zGaLwYdCO4SQRT7j27AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUd0ioX1tx4fQmgtjLZV/iM7PIiQkwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMjJlMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW2IzANBgkq
hkiG9w0BAQsFAAOCAQEAQqxNxb8fv2q5T7oXVz2ll1s4AM4F8Go6kRcZbd39QCZH
QL2qQJJkDLKfRxWS3M4+zMmb/YVScXfej/u4GBL5WOa1RHibv/jWLWHPbalQUi2w
igOnTr61IQApROTQOCazh0pa7/25SrXbo00YKNca0DsWu9grBb8FzAJjDOnotkh1
ufXvlK+leqP5OExwbk6XJ8U26VLWYWjjnZH8fILpA4riWWGubPRpf+VPbHGMSdw1
lFd64vLncDCXXHoalF5du1yqkdwqBMxqJphGyIA2U+RZYTvY7nq6oZnUUPKF/daB
NIsQcyQ5bPDuELkwGV+z3fxSsEulqV5YAkw+hgcN7A==
-----END CERTIFICATE-----