Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142146.roa
File:                     AS142146.roa (raw, json)
Hash identifier:          DhOPGUSG4VQ54x0McO4vBYID+n1KDdrC79ETluZ9yV0=
Subject key identifier:   D6:34:D8:59:BE:99:31:D3:57:14:7E:FA:CE:FC:F9:7F:AA:E2:C0:1A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7876C2A6A15ACE46F0FDE6D52B7E86FFB7F09492
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142146.roa
Signing time:             Wed 18 Feb 2026 00:55:38 +0000
ROA not before:           Wed 18 Feb 2026 00:50:38 +0000
ROA not after:            Wed 17 Feb 2027 00:55:38 +0000
asID:                     142146
IP address blocks:        179.61.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:76:c2:a6:a1:5a:ce:46:f0:fd:e6:d5:2b:7e:86:ff:b7:f0:94:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 18 00:50:38 2026 GMT
            Not After : Feb 17 00:55:38 2027 GMT
        Subject: CN=D634D859BE9931D357147EFACEFCF97FAAE2C01A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:50:0b:e4:9f:9f:96:53:98:a8:3a:40:2e:fd:
                    4f:da:63:6b:93:63:e8:e2:23:15:55:32:c5:5d:ce:
                    85:8c:f8:db:b9:f7:ca:76:69:29:37:fb:01:91:12:
                    70:bd:a9:9a:fc:72:75:d4:06:1d:70:88:ca:b2:e7:
                    37:51:1d:44:37:1c:03:f3:62:c1:ba:af:d8:1f:f4:
                    70:02:11:88:f6:fa:2e:e3:16:11:fa:cf:41:18:52:
                    33:a4:c6:95:74:00:6e:46:1d:88:1e:3f:33:96:df:
                    5a:88:a3:b6:73:5a:c6:43:30:72:30:62:64:05:a9:
                    7a:12:2d:36:8a:5d:47:52:bc:ba:32:7c:0e:db:03:
                    b1:e8:f1:6f:b8:33:25:57:34:33:73:41:76:ab:cb:
                    67:fe:95:41:8b:87:81:55:b8:bb:ae:6d:06:85:73:
                    8a:4b:c6:1f:90:c2:35:89:cc:2b:c2:90:fc:6c:0a:
                    60:60:6e:44:07:28:56:4b:7a:cc:5b:3c:db:67:c7:
                    f9:cc:cf:75:52:5e:45:5d:9b:27:49:34:67:b9:34:
                    9f:16:af:43:c5:2d:bd:f6:96:89:a6:c4:ec:9d:db:
                    6f:d9:4e:50:2b:39:cd:21:f5:c9:d3:44:c1:78:7b:
                    8d:a2:25:5e:66:55:a0:19:72:56:c6:7c:8a:25:f6:
                    da:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:34:D8:59:BE:99:31:D3:57:14:7E:FA:CE:FC:F9:7F:AA:E2:C0:1A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142146.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:c9:7e:a3:6b:95:5d:c1:64:30:01:53:29:3d:22:8f:b9:e2:
         08:41:08:8e:e2:6d:4e:22:07:d4:d0:e7:7c:f8:5e:8b:7f:65:
         c8:b6:ed:92:d2:f7:94:92:51:78:1f:c1:ba:cc:32:b1:b8:dc:
         a5:b1:c0:a2:89:63:41:38:21:f1:fb:0f:c4:8e:98:ba:f1:f2:
         9d:c0:ca:d6:15:36:77:9b:36:0d:23:ab:46:af:b7:5b:3a:3d:
         36:90:43:56:1d:9f:5d:c7:5e:1e:c6:22:07:54:f0:17:8e:62:
         6b:bf:33:e4:90:ac:ff:98:7e:67:39:31:e8:90:6a:0f:0d:84:
         89:28:fa:19:ff:9b:7f:ca:de:d5:93:7f:ca:a6:a6:83:db:11:
         8a:32:a4:e1:1f:d9:c5:0b:9d:cb:68:7c:2d:58:d7:d1:b5:3b:
         59:81:92:af:9e:c9:dd:bc:df:cf:ac:df:90:19:30:4a:6c:e7:
         f4:7c:d2:77:7e:5c:9a:06:a8:69:ea:86:18:1f:d0:ec:2d:a6:
         e9:f3:25:09:93:cb:f4:6a:a4:62:46:84:f6:98:4a:46:8c:1a:
         67:18:b8:d9:67:72:e5:fb:e6:87:e1:04:cc:a0:30:b1:6d:6b:
         78:e2:7b:86:6f:14:db:f3:87:2b:85:bc:0f:39:7f:d8:12:01:
         19:07:c7:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeHbCpqFazkbw/ebVK36G/7fwlJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTgwMDUwMzhaFw0yNzAyMTcwMDU1MzhaMDMxMTAvBgNV
BAMTKEQ2MzREODU5QkU5OTMxRDM1NzE0N0VGQUNFRkNGOTdGQUFFMkMwMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuUAvkn5+WU5ioOkAu/U/aY2uT
Y+jiIxVVMsVdzoWM+Nu598p2aSk3+wGREnC9qZr8cnXUBh1wiMqy5zdRHUQ3HAPz
YsG6r9gf9HACEYj2+i7jFhH6z0EYUjOkxpV0AG5GHYgePzOW31qIo7ZzWsZDMHIw
YmQFqXoSLTaKXUdSvLoyfA7bA7Ho8W+4MyVXNDNzQXary2f+lUGLh4FVuLuubQaF
c4pLxh+QwjWJzCvCkPxsCmBgbkQHKFZLesxbPNtnx/nMz3VSXkVdmydJNGe5NJ8W
r0PFLb32lommxOyd22/ZTlArOc0h9cnTRMF4e42iJV5mVaAZclbGfIol9tpbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1jTYWb6ZMdNXFH76zvz5f6riwBowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQyMTQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2w
MA0GCSqGSIb3DQEBCwUAA4IBAQAdyX6ja5VdwWQwAVMpPSKPueIIQQiO4m1OIgfU
0Od8+F6Lf2XItu2S0veUklF4H8G6zDKxuNylscCiiWNBOCHx+w/Ejpi68fKdwMrW
FTZ3mzYNI6tGr7dbOj02kENWHZ9dx14exiIHVPAXjmJrvzPkkKz/mH5nOTHokGoP
DYSJKPoZ/5t/yt7Vk3/KpqaD2xGKMqThH9nFC53LaHwtWNfRtTtZgZKvnsndvN/P
rN+QGTBKbOf0fNJ3flyaBqhp6oYYH9DsLabp8yUJk8v0aqRiRoT2mEpGjBpnGLjZ
Z3Ll++aH4QTMoDCxbWt44nuGbxTb84crhbwPOX/YEgEZB8fx
-----END CERTIFICATE-----