Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201341.roa
File:                     AS201341.roa (raw, json)
Hash identifier:          lHQlWp71A/qlHJXKnzilgJcYFDcWPQjyGOVg9H0aSUY=
Subject key identifier:   44:98:F9:49:EA:A3:44:8D:C9:A2:BB:09:C4:64:B3:C4:5C:EA:CE:95
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7D93E54D84196D13717ECE872D3BDC071AE33B3D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201341.roa
Signing time:             Thu 12 Jun 2025 14:16:33 +0000
ROA not before:           Thu 12 Jun 2025 14:11:33 +0000
ROA not after:            Thu 11 Jun 2026 14:16:33 +0000
asID:                     201341
IP address blocks:        2a0a:a604::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:93:e5:4d:84:19:6d:13:71:7e:ce:87:2d:3b:dc:07:1a:e3:3b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:11:33 2025 GMT
            Not After : Jun 11 14:16:33 2026 GMT
        Subject: CN=4498F949EAA3448DC9A2BB09C464B3C45CEACE95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fa:f9:66:f6:69:2d:00:3b:9d:01:2b:80:38:
                    6e:31:e6:f7:28:de:22:0f:80:72:04:af:3d:5e:09:
                    d6:ba:b6:ce:d5:1d:4e:57:de:c9:ce:f6:3e:14:24:
                    92:dc:95:70:0c:ab:6d:67:8c:c1:cb:93:17:88:57:
                    65:69:86:5e:de:cc:96:d1:f9:44:d2:22:30:23:fa:
                    97:8a:88:41:ce:43:f3:1d:c0:52:ca:86:55:59:5e:
                    52:bf:8b:41:df:2c:bc:3c:ba:db:50:9c:92:3c:e0:
                    63:15:c5:25:58:b8:6d:a1:7f:1d:f4:ee:9e:d6:30:
                    ab:39:2a:ea:b5:24:c1:7e:22:74:e2:c6:aa:50:21:
                    f5:4f:9f:cc:f4:43:13:2f:f1:85:41:a3:96:66:91:
                    dd:4b:2e:63:7f:b1:09:30:50:3c:20:06:5f:f3:b8:
                    da:75:19:70:56:79:dc:01:64:dc:ab:2d:86:62:4e:
                    12:78:6e:89:e3:32:74:69:bb:37:d2:a3:47:27:2b:
                    18:74:07:60:cd:36:a8:15:1c:b1:f1:a6:99:cf:e0:
                    35:6b:2c:95:14:3d:0c:1a:35:f0:58:00:b7:24:79:
                    18:04:37:c4:e2:81:73:6d:3d:d1:44:f1:90:1e:f9:
                    66:e8:2f:93:91:dc:05:df:e3:8e:12:98:69:2f:f2:
                    64:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:98:F9:49:EA:A3:44:8D:C9:A2:BB:09:C4:64:B3:C4:5C:EA:CE:95
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201341.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:a604::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:ef:02:05:cd:4e:9b:6b:d8:83:db:d1:3d:8a:b2:b5:84:11:
         a2:1f:cd:ec:b1:2f:c7:22:61:87:09:2d:3d:96:c7:2f:26:3f:
         2c:e3:da:2e:6f:d2:68:a2:69:7c:d8:e1:ae:03:45:84:d9:02:
         37:fa:ee:32:00:22:90:16:ed:f7:7a:ae:85:a7:dd:5d:e1:7d:
         83:71:13:af:cb:aa:82:8c:30:69:17:e6:fe:c8:a9:00:87:59:
         e6:e2:1b:c6:53:f8:44:a1:46:02:ae:d6:f7:82:ef:00:ff:77:
         65:66:68:83:f0:c3:37:fd:bc:36:9d:2b:af:ae:5c:bc:1f:3c:
         87:0a:fc:37:97:c4:ad:47:62:56:64:5c:c9:04:ee:9f:3f:86:
         56:f0:e6:c8:53:6d:6f:84:a5:be:25:34:e9:7c:c8:3b:db:4c:
         d2:f3:e3:9d:2f:fd:7b:8b:45:b7:28:5e:79:5f:93:e3:79:73:
         48:ae:2d:5a:94:f0:3b:fc:cf:97:54:2a:cd:e4:80:e6:e7:88:
         c4:38:97:9e:1d:18:59:64:c1:03:ba:4e:12:b5:79:fa:6b:0f:
         52:37:e4:5d:14:d3:6f:e1:17:f1:54:36:f0:79:ec:c5:c1:aa:
         93:99:94:23:0f:33:d0:bd:e6:0c:1a:df:32:98:b4:b1:c1:53:
         49:cb:ba:4e
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUfZPlTYQZbRNxfs6HLTvcBxrjOz0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDExMzNaFw0yNjA2MTExNDE2MzNaMDMxMTAvBgNV
BAMTKDQ0OThGOTQ5RUFBMzQ0OERDOUEyQkIwOUM0NjRCM0M0NUNFQUNFOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR+vlm9mktADudASuAOG4x5vco
3iIPgHIErz1eCda6ts7VHU5X3snO9j4UJJLclXAMq21njMHLkxeIV2Vphl7ezJbR
+UTSIjAj+peKiEHOQ/MdwFLKhlVZXlK/i0HfLLw8uttQnJI84GMVxSVYuG2hfx30
7p7WMKs5Kuq1JMF+InTixqpQIfVPn8z0QxMv8YVBo5Zmkd1LLmN/sQkwUDwgBl/z
uNp1GXBWedwBZNyrLYZiThJ4bonjMnRpuzfSo0cnKxh0B2DNNqgVHLHxppnP4DVr
LJUUPQwaNfBYALckeRgEN8TigXNtPdFE8ZAe+WboL5OR3AXf444SmGkv8mSpAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQURJj5SeqjRI3JorsJxGSzxFzqzpUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxMzQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqm
BDANBgkqhkiG9w0BAQsFAAOCAQEAje8CBc1Om2vYg9vRPYqytYQRoh/N7LEvxyJh
hwktPZbHLyY/LOPaLm/SaKJpfNjhrgNFhNkCN/ruMgAikBbt93quhafdXeF9g3ET
r8uqgowwaRfm/sipAIdZ5uIbxlP4RKFGAq7W94LvAP93ZWZog/DDN/28Np0rr65c
vB88hwr8N5fErUdiVmRcyQTunz+GVvDmyFNtb4SlviU06XzIO9tM0vPjnS/9e4tF
tyheeV+T43lzSK4tWpTwO/zPl1QqzeSA5ueIxDiXnh0YWWTBA7pOErV5+msPUjfk
XRTTb+EX8VQ28HnsxcGqk5mUIw8z0L3mDBrfMpi0scFTScu6Tg==
-----END CERTIFICATE-----