Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135754.roa
File:                     AS135754.roa (raw, json)
Hash identifier:          1/59Jzkma4tfvYWFqGQCoOPJaS5z9zplT/4/vOZnlEE=
Subject key identifier:   A0:24:71:A2:E7:20:86:20:BE:E8:D4:53:76:83:8E:8C:16:4E:FB:0C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5F35B6F55711B768F1549272739471C78DA32A5B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135754.roa
Signing time:             Sat 13 Jun 2026 05:16:48 +0000
ROA not before:           Sat 13 Jun 2026 05:11:48 +0000
ROA not after:            Sat 12 Jun 2027 05:16:48 +0000
asID:                     135754
IP address blocks:        179.61.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:35:b6:f5:57:11:b7:68:f1:54:92:72:73:94:71:c7:8d:a3:2a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 13 05:11:48 2026 GMT
            Not After : Jun 12 05:16:48 2027 GMT
        Subject: CN=A02471A2E7208620BEE8D45376838E8C164EFB0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e3:21:11:25:70:af:d5:d7:2f:8b:33:92:bf:
                    dc:7f:bd:78:6b:6f:00:8d:c8:b1:26:f5:a3:c2:88:
                    19:0f:0a:4e:c3:00:01:33:61:30:2d:10:12:8d:ec:
                    1e:d1:f1:b6:23:67:f0:ce:8a:cc:06:5d:54:69:13:
                    0f:d6:d6:bc:ab:c0:44:42:ee:a5:9a:6d:bd:02:31:
                    9d:ea:6e:1c:25:25:d5:1a:7f:3a:16:3d:8f:4a:6c:
                    36:de:c9:16:e5:1e:63:0c:66:18:08:0f:ed:e4:f8:
                    94:8c:79:9d:2f:35:41:94:6d:f9:56:c2:88:cd:b6:
                    57:37:40:bd:19:ae:77:05:8b:7c:6a:6d:c3:ee:ab:
                    8e:9f:07:51:bd:02:f6:35:ab:84:a8:bb:bf:85:f1:
                    2b:a2:40:c8:53:a2:9c:f5:34:22:c1:2e:b8:1e:a3:
                    5e:90:43:50:f0:77:ef:d3:0f:8d:a4:3e:31:d8:4a:
                    d9:90:dc:57:02:67:4f:2c:02:ce:73:0f:83:0e:24:
                    dd:8e:93:38:04:64:f3:b0:74:05:d8:50:7e:e4:4c:
                    c4:04:b3:10:f8:c1:14:8b:1e:6a:96:01:1d:92:47:
                    df:c8:67:53:44:c1:d8:2a:fd:be:b2:bf:f5:29:56:
                    8f:a4:fa:a8:cc:a0:be:9c:1e:37:fe:70:52:64:b7:
                    c7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:24:71:A2:E7:20:86:20:BE:E8:D4:53:76:83:8E:8C:16:4E:FB:0C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135754.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:70:0f:cb:42:0f:e1:28:8e:70:b2:8d:91:58:8b:f2:fd:a2:
         96:7c:b9:31:d7:ad:43:46:8c:13:49:64:c4:4c:b3:79:74:59:
         4e:ff:23:4a:26:8c:aa:fa:0d:2d:76:bc:23:7e:97:66:73:85:
         7f:92:bd:9f:ff:00:ae:3c:0c:1d:70:b7:0a:a3:36:ca:9a:c3:
         07:ed:18:cd:da:b0:90:45:7f:38:c4:53:e3:62:d9:bd:28:2b:
         5a:ef:64:d7:ce:bd:bf:36:93:64:fe:7a:c2:1b:11:44:2f:08:
         8f:b2:d1:19:a2:3d:e9:46:b2:2c:13:78:25:bb:9d:db:08:61:
         a4:15:01:f1:3b:73:c5:2a:04:0f:74:ac:83:16:ff:03:2d:30:
         99:be:1e:84:1e:61:51:5b:e5:20:1c:df:32:e2:bf:85:a6:c6:
         ec:28:82:2d:f9:17:6c:c0:28:89:e8:60:51:cb:c1:cc:7a:fa:
         1b:7f:a1:9b:c1:5e:71:54:57:78:ba:83:69:a9:8d:cb:32:ed:
         73:bd:66:52:68:24:6c:1c:a5:6a:31:9d:3a:bf:82:ee:4a:8e:
         bd:f5:d2:37:ee:b6:8a:db:a0:38:44:a4:f5:5f:0b:38:97:7f:
         4e:0a:4e:82:37:f7:84:5f:95:17:82:4e:5e:61:cb:5a:c8:28:
         c1:a2:17:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXzW29VcRt2jxVJJyc5Rxx42jKlswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTMwNTExNDhaFw0yNzA2MTIwNTE2NDhaMDMxMTAvBgNV
BAMTKEEwMjQ3MUEyRTcyMDg2MjBCRUU4RDQ1Mzc2ODM4RThDMTY0RUZCMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU4yERJXCv1dcvizOSv9x/vXhr
bwCNyLEm9aPCiBkPCk7DAAEzYTAtEBKN7B7R8bYjZ/DOiswGXVRpEw/W1ryrwERC
7qWabb0CMZ3qbhwlJdUafzoWPY9KbDbeyRblHmMMZhgID+3k+JSMeZ0vNUGUbflW
wojNtlc3QL0ZrncFi3xqbcPuq46fB1G9AvY1q4Sou7+F8SuiQMhTopz1NCLBLrge
o16QQ1Dwd+/TD42kPjHYStmQ3FcCZ08sAs5zD4MOJN2OkzgEZPOwdAXYUH7kTMQE
sxD4wRSLHmqWAR2SR9/IZ1NEwdgq/b6yv/UpVo+k+qjMoL6cHjf+cFJkt8cfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoCRxoucghiC+6NRTdoOOjBZO+wwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1NzU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz3t
MA0GCSqGSIb3DQEBCwUAA4IBAQCdcA/LQg/hKI5wso2RWIvy/aKWfLkx161DRowT
SWTETLN5dFlO/yNKJoyq+g0tdrwjfpdmc4V/kr2f/wCuPAwdcLcKozbKmsMH7RjN
2rCQRX84xFPjYtm9KCta72TXzr2/NpNk/nrCGxFELwiPstEZoj3pRrIsE3glu53b
CGGkFQHxO3PFKgQPdKyDFv8DLTCZvh6EHmFRW+UgHN8y4r+FpsbsKIIt+RdswCiJ
6GBRy8HMevobf6GbwV5xVFd4uoNpqY3LMu1zvWZSaCRsHKVqMZ06v4LuSo699dI3
7raK26A4RKT1Xws4l39OCk6CN/eEX5UXgk5eYctayCjBohft
-----END CERTIFICATE-----