Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147176.roa
File:                     AS147176.roa (raw, json)
Hash identifier:          oZwyX1cJUaGZiwbABfOh51wZR/E8K0l0wmmD6/6uk4w=
Subject key identifier:   3C:6A:4E:C4:84:97:21:5B:E3:62:DA:B8:A5:BC:15:33:36:AF:37:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       21DDC3657A69598763210E00780C854280AF9691
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147176.roa
Signing time:             Wed 04 Feb 2026 04:59:57 +0000
ROA not before:           Wed 04 Feb 2026 04:54:57 +0000
ROA not after:            Wed 03 Feb 2027 04:59:57 +0000
asID:                     147176
IP address blocks:        191.96.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:dd:c3:65:7a:69:59:87:63:21:0e:00:78:0c:85:42:80:af:96:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  4 04:54:57 2026 GMT
            Not After : Feb  3 04:59:57 2027 GMT
        Subject: CN=3C6A4EC48497215BE362DAB8A5BC153336AF372F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:58:94:ba:9d:98:63:c6:fb:6e:07:1d:16:2b:
                    c2:5c:8c:a8:65:a4:b1:6a:e2:a1:36:c2:1e:7d:5e:
                    86:cd:28:82:62:61:37:80:5f:0e:17:45:2b:d4:ec:
                    91:c0:0f:79:41:88:4a:19:db:a7:14:41:23:98:83:
                    d4:04:82:d1:b7:97:e6:24:86:28:be:b5:f7:7e:b7:
                    3f:cd:7e:b9:b7:4b:e5:42:32:9f:dc:aa:5f:17:22:
                    29:1f:8e:75:33:0a:7b:16:e2:0d:0d:4b:ac:a9:bf:
                    e2:62:8b:36:74:58:b5:cd:fd:d2:b2:65:f2:60:4c:
                    27:54:67:7a:cd:1d:41:a8:32:26:37:09:b6:6c:55:
                    a9:29:48:47:16:b7:8c:ad:34:e0:39:5e:57:6e:ef:
                    48:5e:ce:41:68:79:1b:1f:3d:69:ce:b1:5a:12:44:
                    34:b2:6b:39:82:43:55:64:38:87:fd:43:6d:4d:9c:
                    c4:fb:e2:1c:05:89:7c:3a:ab:a9:29:7f:3b:83:8f:
                    c2:52:43:a6:9b:66:c5:bd:03:59:c1:2d:fb:87:c5:
                    44:4a:07:95:04:a9:8f:1c:e1:15:a1:db:e1:9e:63:
                    ea:4d:88:d2:60:92:3c:f5:5d:62:c0:a2:1d:32:87:
                    c9:fd:9e:39:61:be:fc:71:8d:bd:af:63:47:52:4d:
                    fd:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:6A:4E:C4:84:97:21:5B:E3:62:DA:B8:A5:BC:15:33:36:AF:37:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:9b:59:f5:72:00:42:ed:c7:2f:e4:19:f0:ea:fe:53:29:d9:
         59:8a:e7:d7:19:d9:ee:a0:f4:63:73:c7:ca:de:3e:67:0c:02:
         b3:63:6e:f9:21:d7:8b:e3:3e:ff:58:eb:28:88:93:89:ec:d1:
         be:27:3c:90:8b:2b:81:2a:00:f9:c2:50:8b:45:11:11:9e:b7:
         f3:1f:4a:1e:ed:9a:81:9f:15:14:e2:bf:e3:26:e2:9e:8f:c9:
         10:45:31:ec:43:f0:f0:cf:9f:b3:0e:ae:99:f3:33:55:cc:ac:
         d4:f5:d6:53:ad:f7:82:22:e6:0b:9e:26:a6:b7:69:28:59:a6:
         96:e0:e3:5c:ef:80:05:b7:8a:f2:6b:b0:cf:97:dd:d7:d0:62:
         2d:c3:37:37:c1:fe:65:af:56:ec:5a:3d:29:75:c8:8f:b6:14:
         c7:5e:56:59:06:d8:3b:7b:b4:1b:c9:93:53:ad:de:9a:66:49:
         50:6a:8a:68:17:52:61:7c:42:ac:7a:0a:60:7a:da:bb:1f:d1:
         99:48:bc:56:61:ba:5d:3a:43:f1:aa:a6:d4:2a:05:a0:5b:5f:
         82:ff:c4:32:7a:18:d0:76:70:e0:2d:11:62:13:43:a1:a0:30:
         41:f1:d5:e4:99:1a:33:c9:01:a2:11:cc:8e:a8:83:d3:02:0e:
         b3:f4:35:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUId3DZXppWYdjIQ4AeAyFQoCvlpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMDQwNDU0NTdaFw0yNzAyMDMwNDU5NTdaMDMxMTAvBgNV
BAMTKDNDNkE0RUM0ODQ5NzIxNUJFMzYyREFCOEE1QkMxNTMzMzZBRjM3MkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJWJS6nZhjxvtuBx0WK8JcjKhl
pLFq4qE2wh59XobNKIJiYTeAXw4XRSvU7JHAD3lBiEoZ26cUQSOYg9QEgtG3l+Yk
hii+tfd+tz/Nfrm3S+VCMp/cql8XIikfjnUzCnsW4g0NS6ypv+JiizZ0WLXN/dKy
ZfJgTCdUZ3rNHUGoMiY3CbZsVakpSEcWt4ytNOA5Xldu70hezkFoeRsfPWnOsVoS
RDSyazmCQ1VkOIf9Q21NnMT74hwFiXw6q6kpfzuDj8JSQ6abZsW9A1nBLfuHxURK
B5UEqY8c4RWh2+GeY+pNiNJgkjz1XWLAoh0yh8n9njlhvvxxjb2vY0dSTf07AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPGpOxISXIVvjYtq4pbwVMzavNy8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ3MTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Bd
MA0GCSqGSIb3DQEBCwUAA4IBAQCNm1n1cgBC7ccv5Bnw6v5TKdlZiufXGdnuoPRj
c8fK3j5nDAKzY275IdeL4z7/WOsoiJOJ7NG+JzyQiyuBKgD5wlCLRRERnrfzH0oe
7ZqBnxUU4r/jJuKej8kQRTHsQ/Dwz5+zDq6Z8zNVzKzU9dZTrfeCIuYLniamt2ko
WaaW4ONc74AFt4rya7DPl93X0GItwzc3wf5lr1bsWj0pdciPthTHXlZZBtg7e7Qb
yZNTrd6aZklQaopoF1JhfEKsegpgetq7H9GZSLxWYbpdOkPxqqbUKgWgW1+C/8Qy
ehjQdnDgLRFiE0OhoDBB8dXkmRozyQGiEcyOqIPTAg6z9DXK
-----END CERTIFICATE-----