Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa
File:                     AS16611.roa (raw, json)
Hash identifier:          a2N1ZI1wEpsMF5G5QZdUkHwKHMqiPysCxp9lDlKI3/8=
Subject key identifier:   E8:D5:A8:63:4C:3B:D4:E8:43:1B:F5:47:EB:F6:22:A2:64:AA:D4:C2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       34E1D654AD825F6C24DE5135667A9076EF937D45
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa
Signing time:             Fri 12 Jun 2026 00:04:19 +0000
ROA not before:           Thu 11 Jun 2026 23:59:19 +0000
ROA not after:            Fri 11 Jun 2027 00:04:19 +0000
asID:                     16611
IP address blocks:        181.214.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:e1:d6:54:ad:82:5f:6c:24:de:51:35:66:7a:90:76:ef:93:7d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 23:59:19 2026 GMT
            Not After : Jun 11 00:04:19 2027 GMT
        Subject: CN=E8D5A8634C3BD4E8431BF547EBF622A264AAD4C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0b:7c:37:f4:a2:df:e8:28:2d:a8:31:e9:ff:
                    5f:1c:1b:fc:78:85:e5:25:8b:41:d6:5c:b1:28:94:
                    a8:e6:e9:bd:d7:94:5a:96:99:45:9f:b1:71:1a:e2:
                    d1:52:73:af:ad:a9:9e:b6:dd:0f:ce:92:25:c0:25:
                    13:57:6d:69:ed:e7:f5:dd:c4:65:51:80:c4:7e:42:
                    61:ee:05:c5:41:f4:f4:23:3f:6d:01:a7:a0:ea:f6:
                    fb:9b:96:d1:ca:7c:3c:10:59:ca:3c:27:68:1e:9e:
                    e8:a6:2c:67:5f:2e:e8:ce:9c:6e:74:c0:60:65:3d:
                    31:76:40:ab:8f:bf:af:e3:7b:46:15:2a:7d:27:79:
                    25:63:95:c1:78:a4:db:ef:3c:d5:23:b2:46:20:a3:
                    f8:16:3d:c4:6f:ca:f7:da:29:20:b4:8f:c0:3d:54:
                    50:ef:f8:50:ab:17:c5:60:76:33:49:37:80:b1:d1:
                    0e:68:82:8b:ee:b3:fd:10:02:13:a2:c1:cd:4e:c7:
                    0e:8a:f6:8d:f2:ef:bc:b8:7a:d5:b0:37:05:ff:e1:
                    43:a8:0c:82:2a:77:5f:f7:c6:30:9e:d8:07:76:cf:
                    d5:ba:8b:31:c2:6c:f7:db:14:63:ba:6e:62:b7:6a:
                    67:03:72:b1:28:b7:9a:d5:5d:7c:c9:3d:59:2f:5c:
                    bc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:D5:A8:63:4C:3B:D4:E8:43:1B:F5:47:EB:F6:22:A2:64:AA:D4:C2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:16:94:1b:c7:bf:c3:c4:1a:cc:22:5f:21:78:9e:1e:39:03:
         2e:eb:0c:ab:33:01:e2:15:01:4e:bb:0f:bf:60:20:a5:2e:18:
         52:75:19:58:26:9b:8c:40:8e:92:d9:f8:0b:10:d8:22:ad:7e:
         70:16:13:b1:1f:b7:f7:16:6b:4d:86:4e:7d:1a:b0:aa:fa:94:
         4d:a3:3c:9f:e3:e0:ad:d4:e1:bd:17:ce:7e:ac:61:aa:e9:87:
         8a:83:04:1c:e4:f5:22:14:f6:18:fe:5c:64:ad:98:34:de:bc:
         93:8b:a0:28:9b:96:31:12:f3:7c:04:f1:28:fd:e9:bc:6b:0d:
         78:c1:f4:0f:65:7f:e2:f0:6d:54:73:8f:4b:54:2e:9b:03:da:
         26:44:24:21:92:dd:37:bc:dd:d1:c4:0c:40:41:d7:a9:48:81:
         0e:74:16:d7:dd:54:e0:b6:26:52:17:21:05:03:e9:b8:92:3e:
         6a:5f:76:0b:8f:dd:79:65:0b:b3:ab:19:83:00:d6:03:3c:24:
         4f:ee:f1:7b:f8:75:20:01:89:35:a2:94:09:4f:d3:72:a8:4f:
         6f:82:d2:e0:39:ae:01:46:71:63:dc:76:bc:67:27:3c:31:05:
         5d:d4:dc:22:f5:fc:6e:77:c1:e8:2c:40:91:ea:2d:bd:94:d9:
         6b:67:c1:14
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNOHWVK2CX2wk3lE1ZnqQdu+TfUUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTEyMzU5MTlaFw0yNzA2MTEwMDA0MTlaMDMxMTAvBgNV
BAMTKEU4RDVBODYzNEMzQkQ0RTg0MzFCRjU0N0VCRjYyMkEyNjRBQUQ0QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMC3w39KLf6CgtqDHp/18cG/x4
heUli0HWXLEolKjm6b3XlFqWmUWfsXEa4tFSc6+tqZ623Q/OkiXAJRNXbWnt5/Xd
xGVRgMR+QmHuBcVB9PQjP20Bp6Dq9vubltHKfDwQWco8J2genuimLGdfLujOnG50
wGBlPTF2QKuPv6/je0YVKn0neSVjlcF4pNvvPNUjskYgo/gWPcRvyvfaKSC0j8A9
VFDv+FCrF8VgdjNJN4Cx0Q5ogovus/0QAhOiwc1Oxw6K9o3y77y4etWwNwX/4UOo
DIIqd1/3xjCe2Ad2z9W6izHCbPfbFGO6bmK3amcDcrEot5rVXXzJPVkvXLyrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU6NWoY0w71OhDG/VH6/YiomSq1MIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY2MTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11rYw
DQYJKoZIhvcNAQELBQADggEBAH8WlBvHv8PEGswiXyF4nh45Ay7rDKszAeIVAU67
D79gIKUuGFJ1GVgmm4xAjpLZ+AsQ2CKtfnAWE7Eft/cWa02GTn0asKr6lE2jPJ/j
4K3U4b0Xzn6sYarph4qDBBzk9SIU9hj+XGStmDTevJOLoCibljES83wE8Sj96bxr
DXjB9A9lf+LwbVRzj0tULpsD2iZEJCGS3Te83dHEDEBB16lIgQ50FtfdVOC2JlIX
IQUD6biSPmpfdguP3XllC7OrGYMA1gM8JE/u8Xv4dSABiTWilAlP03KoT2+C0uA5
rgFGcWPcdrxnJzwxBV3U3CL1/G53wegsQJHqLb2U2WtnwRQ=
-----END CERTIFICATE-----