Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201891.roa
File:                     AS201891.roa (raw, json)
Hash identifier:          C/gzn8PYrlvzvZNjbNx0HbTVV0gNGJLEo9Zc/3QjtSE=
Subject key identifier:   1F:90:04:9A:93:15:8C:18:B0:2F:7D:D7:E8:7C:14:F0:33:F2:9B:DA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2A198344FB07AE208866DF2197DA2F759EFFD1CF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201891.roa
Signing time:             Tue 14 Apr 2026 17:15:25 +0000
ROA not before:           Tue 14 Apr 2026 17:10:25 +0000
ROA not after:            Tue 13 Apr 2027 17:15:25 +0000
asID:                     201891
IP address blocks:        2a0a:be01::/32 maxlen: 48
                          2a0a:ce02::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:19:83:44:fb:07:ae:20:88:66:df:21:97:da:2f:75:9e:ff:d1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 14 17:10:25 2026 GMT
            Not After : Apr 13 17:15:25 2027 GMT
        Subject: CN=1F90049A93158C18B02F7DD7E87C14F033F29BDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:6e:48:cf:29:f7:9d:55:21:d3:d4:6f:92:03:
                    69:ae:18:c4:08:9c:c5:a9:9f:d7:fa:94:a5:8d:04:
                    4e:dd:39:0a:aa:37:18:6a:95:17:7d:ec:e2:b6:98:
                    d2:45:be:34:de:fd:d2:d3:75:aa:70:50:31:44:9b:
                    01:d1:2f:bc:0c:1d:c2:25:6b:b5:ea:40:87:24:8c:
                    ae:cf:9e:f6:e5:fa:b3:24:43:d9:3d:2f:c3:51:77:
                    24:b8:1f:78:6b:cb:59:03:de:f5:cf:6e:0d:97:76:
                    33:3e:2e:31:30:8c:f3:e5:3b:71:6a:5b:9d:0c:80:
                    76:5c:96:54:72:66:73:6f:a0:f2:ac:d5:4e:8e:96:
                    45:96:d7:49:2d:99:18:29:47:7e:5c:a4:aa:53:c2:
                    40:7d:de:a2:70:2a:d5:7c:87:40:e6:1a:03:76:df:
                    51:da:3d:37:c6:8e:8c:ce:26:9c:a2:fb:55:6b:f5:
                    01:0c:76:41:c8:5f:9c:06:26:1e:ca:92:c6:6d:b8:
                    12:fd:e9:41:37:f3:0e:ac:e5:51:d0:45:9f:99:55:
                    51:60:c1:b7:ba:04:90:e7:29:01:8a:5f:55:97:25:
                    8b:11:df:96:c2:ec:82:e6:5e:39:1c:22:6a:69:67:
                    da:2d:f6:81:6c:79:e3:cf:d2:fb:0f:d6:98:8f:51:
                    00:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:90:04:9A:93:15:8C:18:B0:2F:7D:D7:E8:7C:14:F0:33:F2:9B:DA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201891.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:be01::/32
                  2a0a:ce02::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:02:01:d1:83:4c:c3:a0:77:83:eb:07:66:a3:88:ae:4d:be:
         e0:0c:ea:ca:95:2e:d7:a3:ec:c1:85:0b:ef:63:4d:89:e3:88:
         3a:d3:60:10:ab:5e:4e:38:aa:05:ad:d5:6f:76:45:a5:82:a0:
         eb:af:89:8b:72:52:50:02:f0:c4:3d:86:c7:41:81:a4:07:92:
         c3:48:16:12:89:bb:44:13:cd:0b:04:40:f6:57:bd:26:35:6a:
         99:f3:07:4c:7d:93:6e:e1:f2:ee:ae:55:29:a2:94:c7:bb:3a:
         7e:4c:13:5b:c5:b7:a3:46:a1:1b:51:cf:2f:23:94:8a:8a:2e:
         04:9b:6e:0d:29:34:dd:7e:9a:0e:c0:34:50:5e:4e:a3:08:f6:
         8f:10:f6:99:cd:7a:a2:86:a0:b9:84:47:c8:c7:df:b9:76:5f:
         21:d7:23:9b:26:04:7f:1c:6d:4a:a5:7a:11:d7:39:4e:4e:7f:
         93:06:b0:d2:9f:10:91:c5:a5:24:80:fb:e0:e2:c7:26:f6:b0:
         95:70:99:80:7a:1d:94:b8:1a:9a:11:49:e5:13:18:1a:e0:43:
         c3:36:e5:48:53:89:c5:a1:c6:5a:f6:f9:f0:15:16:b9:16:a5:
         88:cb:4c:8d:55:7f:94:80:ab:0e:cd:3f:dc:8a:53:04:52:89:
         53:22:32:0f
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUKhmDRPsHriCIZt8hl9ovdZ7/0c8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTQxNzEwMjVaFw0yNzA0MTMxNzE1MjVaMDMxMTAvBgNV
BAMTKDFGOTAwNDlBOTMxNThDMThCMDJGN0REN0U4N0MxNEYwMzNGMjlCREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDobkjPKfedVSHT1G+SA2muGMQI
nMWpn9f6lKWNBE7dOQqqNxhqlRd97OK2mNJFvjTe/dLTdapwUDFEmwHRL7wMHcIl
a7XqQIckjK7Pnvbl+rMkQ9k9L8NRdyS4H3hry1kD3vXPbg2XdjM+LjEwjPPlO3Fq
W50MgHZcllRyZnNvoPKs1U6OlkWW10ktmRgpR35cpKpTwkB93qJwKtV8h0DmGgN2
31HaPTfGjozOJpyi+1Vr9QEMdkHIX5wGJh7KksZtuBL96UE38w6s5VHQRZ+ZVVFg
wbe6BJDnKQGKX1WXJYsR35bC7ILmXjkcImppZ9ot9oFseePP0vsP1piPUQA/AgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUH5AEmpMVjBiwL33X6HwU8DPym9owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxODkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgq+
AQMFACoKzgIwDQYJKoZIhvcNAQELBQADggEBAIICAdGDTMOgd4PrB2ajiK5NvuAM
6sqVLtej7MGFC+9jTYnjiDrTYBCrXk44qgWt1W92RaWCoOuviYtyUlAC8MQ9hsdB
gaQHksNIFhKJu0QTzQsEQPZXvSY1apnzB0x9k27h8u6uVSmilMe7On5ME1vFt6NG
oRtRzy8jlIqKLgSbbg0pNN1+mg7ANFBeTqMI9o8Q9pnNeqKGoLmER8jH37l2XyHX
I5smBH8cbUqlehHXOU5Of5MGsNKfEJHFpSSA++Dixyb2sJVwmYB6HZS4GpoRSeUT
GBrgQ8M25UhTicWhxlr2+fAVFrkWpYjLTI1Vf5SAqw7NP9yKUwRSiVMiMg8=
-----END CERTIFICATE-----