Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
File:                     AS61317.roa (raw, json)
Hash identifier:          Eta1orId+YFaYa5wezSpYuBu/tyB7NlbA3CblkoGi+0=
Subject key identifier:   F1:2E:07:0B:23:F0:29:FD:9D:22:B6:7F:7D:B3:BF:C2:6E:CC:DC:C0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       33FA3C0C8DFE60E8DE1BA815542DC2F2F041C14E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
Signing time:             Thu 31 Jul 2025 00:02:16 +0000
ROA not before:           Wed 30 Jul 2025 23:57:16 +0000
ROA not after:            Thu 30 Jul 2026 00:02:16 +0000
asID:                     61317
IP address blocks:        147.79.29.0/24 maxlen: 24
                          148.135.162.0/24 maxlen: 24
                          167.148.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:fa:3c:0c:8d:fe:60:e8:de:1b:a8:15:54:2d:c2:f2:f0:41:c1:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 30 23:57:16 2025 GMT
            Not After : Jul 30 00:02:16 2026 GMT
        Subject: CN=F12E070B23F029FD9D22B67F7DB3BFC26ECCDCC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:46:97:fc:13:0c:15:fd:f5:b2:3a:e7:9c:ec:
                    6d:16:ff:7c:79:c9:b1:7c:f0:3d:4e:6d:23:99:32:
                    45:b6:d5:9a:71:38:b7:f0:50:28:40:9d:3e:51:77:
                    bd:42:68:0f:22:17:7f:62:7c:62:ec:11:fc:56:93:
                    dc:bb:8b:be:d6:91:53:5c:b3:ff:25:07:78:e1:cb:
                    29:63:ad:c7:41:c5:f4:a4:4f:7d:26:25:e0:e8:37:
                    f3:cc:2a:8a:ff:be:08:77:8e:4e:ea:77:e3:58:7e:
                    7d:a7:30:a7:a6:f8:1d:89:7c:a2:e9:d4:1c:1a:3a:
                    a6:aa:0b:48:30:87:c3:50:66:56:7f:ed:33:0e:2c:
                    b0:da:fd:ff:4e:1b:5d:4a:ec:9a:94:00:a3:11:bc:
                    4f:ed:0f:d8:e2:e1:7a:e4:86:d2:4d:80:38:df:d4:
                    96:65:76:0e:a3:5a:62:2d:a6:d5:ec:3d:c6:10:cf:
                    7f:48:c2:36:16:b8:71:7d:b3:9a:22:71:a0:6c:ff:
                    ca:ab:5f:e7:51:78:83:73:da:d5:ff:4e:9a:a7:a4:
                    9e:91:ec:87:05:08:92:ed:7f:b0:27:b6:7d:1c:07:
                    d7:d7:8a:79:7d:1b:e0:41:14:13:53:0e:c1:e6:8c:
                    46:9f:62:4e:e3:7a:9c:2b:37:70:53:98:e7:85:c7:
                    36:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:2E:07:0B:23:F0:29:FD:9D:22:B6:7F:7D:B3:BF:C2:6E:CC:DC:C0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.29.0/24
                  148.135.162.0/24
                  167.148.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:72:28:e8:df:8a:f2:2d:dc:24:84:ca:5f:cb:b7:e3:60:12:
         96:63:3a:4b:fa:bf:ed:e5:6c:b1:4b:2f:70:bd:53:e4:f2:5c:
         79:01:f1:75:df:6f:47:d5:99:3d:b3:22:ae:d1:d2:8b:42:d1:
         5a:50:54:be:6a:13:d4:f5:2a:04:2a:88:58:8b:d5:0e:70:84:
         45:7d:cf:ce:5b:1b:e3:cf:c6:44:5c:f6:fc:0b:7b:e9:32:73:
         b9:8b:2b:6c:d0:70:1e:bb:65:b4:37:5e:20:6b:67:ff:72:0e:
         ae:e9:3a:bf:dc:66:65:f1:1a:f8:16:96:dc:4a:46:c1:2a:bd:
         6a:93:5b:33:59:7b:b2:28:94:14:f2:eb:21:7f:59:dd:c8:08:
         e3:3d:c9:37:33:75:fb:25:66:21:a8:08:6a:e2:bf:99:e4:cc:
         9d:60:62:41:88:dd:32:12:36:08:25:2e:d4:c7:09:23:9b:e5:
         4f:5d:33:55:b8:73:67:c2:0b:29:ac:bd:05:01:50:39:24:fb:
         1e:95:34:ee:46:79:78:49:45:37:37:17:4b:9c:9a:e6:71:9e:
         15:8d:fb:e2:73:fc:6b:a5:aa:ec:d8:d7:c4:54:f0:34:f6:67:
         1a:92:f1:4b:ff:67:66:0d:f1:82:0b:96:2c:98:4d:1b:dc:16:
         c9:3c:fb:27
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUM/o8DI3+YOjeG6gVVC3C8vBBwU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MzAyMzU3MTZaFw0yNjA3MzAwMDAyMTZaMDMxMTAvBgNV
BAMTKEYxMkUwNzBCMjNGMDI5RkQ5RDIyQjY3RjdEQjNCRkMyNkVDQ0RDQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwRpf8EwwV/fWyOuec7G0W/3x5
ybF88D1ObSOZMkW21ZpxOLfwUChAnT5Rd71CaA8iF39ifGLsEfxWk9y7i77WkVNc
s/8lB3jhyyljrcdBxfSkT30mJeDoN/PMKor/vgh3jk7qd+NYfn2nMKem+B2JfKLp
1BwaOqaqC0gwh8NQZlZ/7TMOLLDa/f9OG11K7JqUAKMRvE/tD9ji4XrkhtJNgDjf
1JZldg6jWmItptXsPcYQz39IwjYWuHF9s5oicaBs/8qrX+dReINz2tX/TpqnpJ6R
7IcFCJLtf7Antn0cB9fXinl9G+BBFBNTDsHmjEafYk7jepwrN3BTmOeFxzZbAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU8S4HCyPwKf2dIrZ/fbO/wm7M3MAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjEzMTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACTTx0D
BACUh6IDBAGnlMIwDQYJKoZIhvcNAQELBQADggEBALpyKOjfivIt3CSEyl/Lt+Ng
EpZjOkv6v+3lbLFLL3C9U+TyXHkB8XXfb0fVmT2zIq7R0otC0VpQVL5qE9T1KgQq
iFiL1Q5whEV9z85bG+PPxkRc9vwLe+kyc7mLK2zQcB67ZbQ3XiBrZ/9yDq7pOr/c
ZmXxGvgWltxKRsEqvWqTWzNZe7IolBTy6yF/Wd3ICOM9yTczdfslZiGoCGriv5nk
zJ1gYkGI3TISNgglLtTHCSOb5U9dM1W4c2fCCymsvQUBUDkk+x6VNO5GeXhJRTc3
F0ucmuZxnhWN++Jz/GulquzY18RU8DT2ZxqS8Uv/Z2YN8YILliyYTRvcFsk8+yc=
-----END CERTIFICATE-----