Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201341.roa
File:                     AS201341.roa (raw, json)
Hash identifier:          36rC9jAV2gtZSU7qp2WTwUSM8ozAT3t7/+VI32uDVeM=
Subject key identifier:   79:6D:7D:DA:78:21:ED:D7:AA:7F:2A:E6:53:AA:E3:D3:D3:73:21:41
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1F881142BD78679E7661F69181D20307C759D6AD
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201341.roa
Signing time:             Tue 01 Jul 2025 12:14:01 +0000
ROA not before:           Tue 01 Jul 2025 12:09:01 +0000
ROA not after:            Tue 30 Jun 2026 12:14:01 +0000
asID:                     201341
IP address blocks:        2a03:a960::/29 maxlen: 48
                          2a0a:a604::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:88:11:42:bd:78:67:9e:76:61:f6:91:81:d2:03:07:c7:59:d6:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  1 12:09:01 2025 GMT
            Not After : Jun 30 12:14:01 2026 GMT
        Subject: CN=796D7DDA7821EDD7AA7F2AE653AAE3D3D3732141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7d:8b:7b:f1:ac:84:47:a8:b8:fa:85:2a:0f:
                    f4:73:e8:3d:de:4b:9e:f9:ef:7a:45:2e:65:96:37:
                    85:98:a0:ce:15:e1:f5:62:5e:a5:46:8b:9c:11:20:
                    09:25:8c:dd:c5:3a:d4:3e:df:a8:e8:d8:39:ac:9b:
                    c2:dc:f2:2b:3a:82:6e:6f:ae:c4:18:9c:83:20:df:
                    a1:10:32:ba:14:52:3d:c9:e9:0d:d0:ce:62:1b:fe:
                    d9:4c:70:66:77:86:cb:7d:52:f1:62:d4:35:a4:dd:
                    64:d9:ff:77:8b:78:b3:90:53:0f:9f:3b:b5:4a:72:
                    ec:86:27:d7:03:fb:9a:b4:7b:44:39:42:fc:df:a0:
                    ee:08:72:3f:a3:c9:2d:d5:6a:2f:56:8a:73:eb:57:
                    91:8a:31:d3:d8:de:0e:57:de:2b:00:99:55:60:ba:
                    5a:11:00:3c:70:b4:92:a8:1c:10:8b:55:f3:dc:d1:
                    67:6d:22:29:39:f3:42:1c:65:2c:2f:3c:9a:b0:20:
                    bc:02:07:93:4b:e9:a0:c1:e7:97:e0:6b:ba:e8:e0:
                    b0:52:9b:1f:f1:d6:9c:95:2a:be:e4:c9:2b:1a:4a:
                    32:2a:ec:66:d8:87:e1:69:76:c0:0e:bd:d4:ff:fd:
                    07:46:61:72:d1:f5:70:12:a3:4a:03:fd:5d:07:28:
                    25:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:6D:7D:DA:78:21:ED:D7:AA:7F:2A:E6:53:AA:E3:D3:D3:73:21:41
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201341.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:a960::/29
                  2a0a:a604::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:1f:82:67:94:ce:c3:27:bc:a6:fb:07:45:d2:4d:50:bb:4f:
         24:c5:1a:d6:ef:5b:90:ec:5b:a4:86:5f:54:f4:70:06:07:06:
         e6:01:9a:f3:fd:15:7d:f0:70:15:b1:89:14:a7:ea:1a:f9:e8:
         06:47:29:a0:bd:df:82:90:9c:de:5d:7c:10:9a:98:7f:ad:b0:
         d2:3e:1c:fc:c0:69:69:f8:30:5f:75:a2:d3:97:c7:cb:30:ab:
         5b:ab:04:e8:84:ee:f5:59:aa:e3:df:0f:f0:47:9b:e8:4a:f6:
         64:3f:1f:a9:aa:5c:8c:e1:6e:0c:d3:43:9a:67:04:95:3f:38:
         11:80:74:9e:df:46:ba:88:ac:79:ae:ee:f6:26:3d:68:94:5c:
         1f:e9:ff:34:60:cf:30:4c:94:ae:4c:51:c8:5b:00:f0:87:cf:
         88:57:b5:4a:00:32:33:85:ff:44:c5:a1:e7:1f:ed:e6:bc:5c:
         e6:2d:46:4a:88:2c:03:23:e7:5a:10:01:14:96:f7:fb:fc:fe:
         0d:72:35:87:60:63:d7:45:16:04:a9:a4:78:bc:bb:72:c6:71:
         fa:65:53:66:93:e9:58:cb:07:b0:f3:67:97:ee:3b:be:7c:62:
         49:e0:a9:a2:5d:5f:d9:6a:ff:ab:50:e4:62:8e:8b:1e:a8:ca:
         c3:c8:94:e1
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUH4gRQr14Z552YfaRgdIDB8dZ1q0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDExMjA5MDFaFw0yNjA2MzAxMjE0MDFaMDMxMTAvBgNV
BAMTKDc5NkQ3RERBNzgyMUVERDdBQTdGMkFFNjUzQUFFM0QzRDM3MzIxNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCafYt78ayER6i4+oUqD/Rz6D3e
S57573pFLmWWN4WYoM4V4fViXqVGi5wRIAkljN3FOtQ+36jo2Dmsm8Lc8is6gm5v
rsQYnIMg36EQMroUUj3J6Q3QzmIb/tlMcGZ3hst9UvFi1DWk3WTZ/3eLeLOQUw+f
O7VKcuyGJ9cD+5q0e0Q5QvzfoO4Icj+jyS3Vai9WinPrV5GKMdPY3g5X3isAmVVg
uloRADxwtJKoHBCLVfPc0WdtIik580IcZSwvPJqwILwCB5NL6aDB55fga7ro4LBS
mx/x1pyVKr7kySsaSjIq7GbYh+FpdsAOvdT//QdGYXLR9XASo0oD/V0HKCVNAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUeW192ngh7deqfyrmU6rj09NzIUEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxMzQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgOp
YAMFACoKpgQwDQYJKoZIhvcNAQELBQADggEBAH4fgmeUzsMnvKb7B0XSTVC7TyTF
GtbvW5DsW6SGX1T0cAYHBuYBmvP9FX3wcBWxiRSn6hr56AZHKaC934KQnN5dfBCa
mH+tsNI+HPzAaWn4MF91otOXx8swq1urBOiE7vVZquPfD/BHm+hK9mQ/H6mqXIzh
bgzTQ5pnBJU/OBGAdJ7fRrqIrHmu7vYmPWiUXB/p/zRgzzBMlK5MUchbAPCHz4hX
tUoAMjOF/0TFoecf7ea8XOYtRkqILAMj51oQARSW9/v8/g1yNYdgY9dFFgSppHi8
u3LGcfplU2aT6VjLB7DzZ5fuO758YkngqaJdX9lq/6tQ5GKOix6oysPIlOE=
-----END CERTIFICATE-----