Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61945.roa
File:                     AS61945.roa (raw, json)
Hash identifier:          rGwQghgOFWkgIaNZp4NlFkgqPr4SeI5PgkbPXe820T4=
Subject key identifier:   AF:71:1B:B2:DA:66:1B:1F:4C:D3:BE:C9:19:4A:9D:9D:E3:27:24:8B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4856BC8DC48DFEF689A13829DF60808C04035DE5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61945.roa
Signing time:             Sun 15 Feb 2026 13:59:57 +0000
ROA not before:           Sun 15 Feb 2026 13:54:57 +0000
ROA not after:            Sun 14 Feb 2027 13:59:57 +0000
asID:                     61945
IP address blocks:        168.222.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:56:bc:8d:c4:8d:fe:f6:89:a1:38:29:df:60:80:8c:04:03:5d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 15 13:54:57 2026 GMT
            Not After : Feb 14 13:59:57 2027 GMT
        Subject: CN=AF711BB2DA661B1F4CD3BEC9194A9D9DE327248B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ce:05:5d:a8:ec:13:d6:1e:e9:10:f5:06:d5:
                    fe:1c:8d:a3:93:7b:2e:70:1e:10:89:74:9d:6f:d7:
                    42:0b:34:27:3f:ce:4e:81:41:60:b8:db:4a:6b:cb:
                    c2:30:eb:5e:d1:62:25:8b:fa:17:44:51:08:11:6a:
                    ec:4f:b5:ee:5e:c7:87:c3:04:b5:52:0d:ab:c7:24:
                    5d:c0:93:0f:a1:14:fc:9b:5c:b4:f2:00:f3:49:bd:
                    b1:1e:fa:7d:d1:33:66:6a:f8:3d:51:64:f1:0e:07:
                    49:2b:ca:aa:4c:42:4f:cb:3a:8d:9a:6d:28:b1:a1:
                    4a:44:08:29:f8:d4:93:69:1a:a9:9e:eb:b4:31:22:
                    3e:a5:9e:17:d6:86:22:95:e2:ea:97:25:b7:74:97:
                    4b:a3:ab:06:f8:e3:9b:95:5c:94:52:fa:33:b4:76:
                    08:8c:f2:84:d4:27:1a:b9:36:b2:e1:3f:7e:9a:57:
                    cd:2b:94:ea:56:42:bd:74:56:49:6c:0b:da:a6:71:
                    2b:92:b8:3f:9e:bd:5c:1c:9c:38:e9:13:a1:9f:b5:
                    d5:f0:41:d3:b2:82:3f:51:7c:f5:32:14:bc:8b:e7:
                    a0:17:41:d3:26:0b:5d:14:e3:a3:68:0e:2a:b2:55:
                    88:25:11:4a:37:dc:18:1b:d4:02:9b:ae:71:8d:94:
                    29:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:71:1B:B2:DA:66:1B:1F:4C:D3:BE:C9:19:4A:9D:9D:E3:27:24:8B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61945.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:45:c0:ea:f9:c4:85:34:e5:c6:9a:80:5c:f2:fb:9c:6a:91:
         91:47:5a:69:4f:04:83:74:c4:a5:8a:8b:76:19:2b:b2:b6:39:
         64:0e:eb:1d:6d:32:83:87:13:2f:a1:4c:49:c8:ac:8f:25:21:
         38:1e:7f:e1:71:c0:d1:76:3a:65:fc:45:a6:25:6f:24:74:09:
         47:30:19:c8:32:b8:bb:5d:67:cc:42:e6:fe:ff:d9:48:3f:bd:
         af:e8:34:40:6d:87:16:67:6a:87:25:36:e5:4d:0c:59:b7:24:
         5a:42:b6:21:dc:6d:f7:b9:f1:0b:a1:9e:66:06:56:b3:06:fb:
         45:58:8a:c2:63:9e:20:10:02:36:22:0c:38:f2:77:ac:b7:0a:
         6e:3c:9b:91:4d:8f:76:12:fa:c1:71:b0:62:6d:70:81:c7:f5:
         e3:62:3d:6d:2c:20:44:24:4e:47:cb:04:36:77:8d:35:99:f8:
         ae:3f:44:10:32:77:71:4d:87:f9:2d:9c:b9:b6:32:d6:50:c6:
         ac:21:81:5c:44:92:57:30:b6:13:d3:68:51:87:5e:22:21:68:
         ad:df:71:5f:37:8b:3b:fd:b9:ac:41:f1:1d:bc:54:c6:78:f5:
         91:35:d8:5a:b0:d9:13:6e:23:bc:e4:5f:60:55:b6:5e:7e:71:
         f1:a3:6b:8c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSFa8jcSN/vaJoTgp32CAjAQDXeUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTUxMzU0NTdaFw0yNzAyMTQxMzU5NTdaMDMxMTAvBgNV
BAMTKEFGNzExQkIyREE2NjFCMUY0Q0QzQkVDOTE5NEE5RDlERTMyNzI0OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzgVdqOwT1h7pEPUG1f4cjaOT
ey5wHhCJdJ1v10ILNCc/zk6BQWC420pry8Iw617RYiWL+hdEUQgRauxPte5ex4fD
BLVSDavHJF3Akw+hFPybXLTyAPNJvbEe+n3RM2Zq+D1RZPEOB0kryqpMQk/LOo2a
bSixoUpECCn41JNpGqme67QxIj6lnhfWhiKV4uqXJbd0l0ujqwb445uVXJRS+jO0
dgiM8oTUJxq5NrLhP36aV80rlOpWQr10VklsC9qmcSuSuD+evVwcnDjpE6GftdXw
QdOygj9RfPUyFLyL56AXQdMmC10U46NoDiqyVYglEUo33Bgb1AKbrnGNlCmBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUr3EbstpmGx9M077JGUqdneMnJIswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjE5NDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKo3mQw
DQYJKoZIhvcNAQELBQADggEBAH9FwOr5xIU05caagFzy+5xqkZFHWmlPBIN0xKWK
i3YZK7K2OWQO6x1tMoOHEy+hTEnIrI8lITgef+FxwNF2OmX8RaYlbyR0CUcwGcgy
uLtdZ8xC5v7/2Ug/va/oNEBthxZnaoclNuVNDFm3JFpCtiHcbfe58QuhnmYGVrMG
+0VYisJjniAQAjYiDDjyd6y3Cm48m5FNj3YS+sFxsGJtcIHH9eNiPW0sIEQkTkfL
BDZ3jTWZ+K4/RBAyd3FNh/ktnLm2MtZQxqwhgVxEklcwthPTaFGHXiIhaK3fcV83
izv9uaxB8R28VMZ49ZE12Fqw2RNuI7zkX2BVtl5+cfGja4w=
-----END CERTIFICATE-----