Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
File:                     AS147003.roa (raw, json)
Hash identifier:          KdvM5zmvmlSZc4uK8gep9hJYvSrr/6uywduXUmtanaA=
Subject key identifier:   63:D3:09:00:C6:4F:91:BB:3C:58:BE:09:7C:13:A2:E1:A4:96:D1:E9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       078EE0E4A3450485ED3CB3BBA3F6F7B9CE1222C2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
Signing time:             Thu 12 Feb 2026 00:55:38 +0000
ROA not before:           Thu 12 Feb 2026 00:50:38 +0000
ROA not after:            Thu 11 Feb 2027 00:55:38 +0000
asID:                     147003
IP address blocks:        191.96.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:8e:e0:e4:a3:45:04:85:ed:3c:b3:bb:a3:f6:f7:b9:ce:12:22:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 12 00:50:38 2026 GMT
            Not After : Feb 11 00:55:38 2027 GMT
        Subject: CN=63D30900C64F91BB3C58BE097C13A2E1A496D1E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a8:bc:3f:04:27:53:f1:15:0d:8b:ae:05:7f:
                    01:7e:65:70:d6:92:a9:4f:e1:ad:96:80:da:ec:d3:
                    7f:03:f8:3e:0d:c0:63:30:53:98:ed:71:24:84:62:
                    8b:03:b7:08:cc:33:1d:d7:cf:d3:a2:87:74:6f:0f:
                    4f:bb:f2:c9:fa:c2:b5:c6:62:d7:1d:e1:e9:3b:58:
                    f0:94:3e:f1:ed:5f:6c:ad:ef:b6:42:ed:fd:87:15:
                    e7:70:ae:4d:9b:56:33:41:03:05:ed:2d:81:23:0c:
                    a4:2e:55:4a:a6:b2:a0:b2:cb:ba:91:f6:f4:65:e4:
                    68:ac:e0:dd:92:2b:ed:5b:cb:ee:47:2c:c5:28:ed:
                    40:bb:fa:ff:2a:14:30:61:aa:e8:41:31:0d:a2:e1:
                    5e:30:fe:a9:40:b2:ca:e2:da:8b:c1:23:27:7c:ca:
                    63:4d:41:f4:4e:bf:53:ed:d7:15:7f:43:e0:d0:bc:
                    22:33:84:13:b3:c8:b5:55:76:d5:c6:7c:eb:c5:98:
                    d4:76:ee:3b:8e:ec:93:a8:6d:45:29:a8:fe:4a:3e:
                    40:6c:19:4e:60:f4:91:a8:d3:52:63:7f:1f:2c:0b:
                    d7:ed:77:a4:b0:81:0f:c9:f1:64:4c:c8:41:04:ea:
                    c2:ba:b1:70:7d:f3:49:75:38:6c:69:ee:fa:eb:04:
                    14:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D3:09:00:C6:4F:91:BB:3C:58:BE:09:7C:13:A2:E1:A4:96:D1:E9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:4f:0d:3b:08:a3:7c:66:92:17:a1:b3:f5:05:fd:af:31:a4:
         15:6c:32:69:b8:22:5d:d4:88:12:90:bf:bd:d2:91:ef:13:56:
         e0:5f:69:9b:61:3d:07:d3:d2:dd:1b:fe:d5:dc:ff:a7:5c:19:
         48:d8:7f:1d:62:02:cf:5b:c6:02:51:33:53:5a:fc:0b:71:57:
         a5:55:f2:b9:7b:c4:8a:da:d2:0c:82:bb:31:df:b8:d4:f0:60:
         45:8b:6d:33:1d:1d:f3:f4:1b:aa:36:d8:58:13:a4:7c:10:ec:
         0c:ad:1f:2c:c6:e4:a7:8d:a0:aa:45:da:00:e9:72:13:3d:16:
         48:1e:fd:78:0a:ee:8b:92:47:a5:0d:a5:41:68:34:ea:2a:32:
         a9:ab:b9:e1:76:9d:b0:de:fe:e9:b0:bd:b4:fe:ab:94:12:88:
         53:65:4a:ca:ea:cc:1b:82:2b:b4:e0:7d:a2:0e:9b:b3:c5:62:
         49:42:fd:03:4e:fc:74:26:9e:13:34:4a:7a:1e:3c:41:19:e5:
         41:c2:41:95:04:77:75:13:43:b7:94:1b:3e:59:a2:ea:63:3b:
         bd:e6:99:f2:c6:d3:17:61:7f:f2:3d:2a:62:7d:d3:46:5c:89:
         f7:9f:8e:98:8c:86:12:31:73:17:7d:00:c0:0a:a4:5c:fd:d2:
         bc:9b:ae:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUB47g5KNFBIXtPLO7o/b3uc4SIsIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTIwMDUwMzhaFw0yNzAyMTEwMDU1MzhaMDMxMTAvBgNV
BAMTKDYzRDMwOTAwQzY0RjkxQkIzQzU4QkUwOTdDMTNBMkUxQTQ5NkQxRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3qLw/BCdT8RUNi64FfwF+ZXDW
kqlP4a2WgNrs038D+D4NwGMwU5jtcSSEYosDtwjMMx3Xz9Oih3RvD0+78sn6wrXG
Ytcd4ek7WPCUPvHtX2yt77ZC7f2HFedwrk2bVjNBAwXtLYEjDKQuVUqmsqCyy7qR
9vRl5Gis4N2SK+1by+5HLMUo7UC7+v8qFDBhquhBMQ2i4V4w/qlAssri2ovBIyd8
ymNNQfROv1Pt1xV/Q+DQvCIzhBOzyLVVdtXGfOvFmNR27juO7JOobUUpqP5KPkBs
GU5g9JGo01Jjfx8sC9ftd6SwgQ/J8WRMyEEE6sK6sXB980l1OGxp7vrrBBQ5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUY9MJAMZPkbs8WL4JfBOi4aSW0ekwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ3MDAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ad
MA0GCSqGSIb3DQEBCwUAA4IBAQBdTw07CKN8ZpIXobP1Bf2vMaQVbDJpuCJd1IgS
kL+90pHvE1bgX2mbYT0H09LdG/7V3P+nXBlI2H8dYgLPW8YCUTNTWvwLcVelVfK5
e8SK2tIMgrsx37jU8GBFi20zHR3z9BuqNthYE6R8EOwMrR8sxuSnjaCqRdoA6XIT
PRZIHv14Cu6LkkelDaVBaDTqKjKpq7nhdp2w3v7psL20/quUEohTZUrK6swbgiu0
4H2iDpuzxWJJQv0DTvx0Jp4TNEp6HjxBGeVBwkGVBHd1E0O3lBs+WaLqYzu95pny
xtMXYX/yPSpifdNGXIn3n46YjIYSMXMXfQDACqRc/dK8m64b
-----END CERTIFICATE-----