Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202656.roa
File:                     AS202656.roa (raw, json)
Hash identifier:          MZR2VHdyU/ID2LbJNKwKVlZo3/CuBlTz7k8OTB26g2g=
Subject key identifier:   02:06:5F:DD:7B:FF:FA:72:15:72:A2:3B:B5:31:25:0C:0D:03:79:94
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6DBBAD4BAB42E0B273E67E472A8BB951B7FA1FC9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202656.roa
Signing time:             Tue 17 Feb 2026 00:55:38 +0000
ROA not before:           Tue 17 Feb 2026 00:50:38 +0000
ROA not after:            Tue 16 Feb 2027 00:55:38 +0000
asID:                     202656
IP address blocks:        179.61.248.0/24 maxlen: 24
                          194.110.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:bb:ad:4b:ab:42:e0:b2:73:e6:7e:47:2a:8b:b9:51:b7:fa:1f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 17 00:50:38 2026 GMT
            Not After : Feb 16 00:55:38 2027 GMT
        Subject: CN=02065FDD7BFFFA721572A23BB531250C0D037994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:87:7d:24:ef:46:e8:71:2e:6e:16:e7:ef:f2:
                    36:8b:e7:23:02:14:20:9e:4c:75:68:d8:91:c5:59:
                    ba:0b:09:89:14:78:6e:77:45:c0:60:d9:23:81:28:
                    65:78:60:0e:6b:8c:a2:df:19:12:df:97:cd:52:56:
                    db:6d:50:3e:f0:6c:68:49:4e:c2:5f:5e:2a:f9:5c:
                    d7:cb:2e:99:88:b8:c1:f0:e5:70:34:b5:40:63:ce:
                    6f:d5:53:95:0a:13:b2:d9:83:db:99:e8:7c:76:0f:
                    96:a6:e7:2e:d7:4b:9b:eb:31:20:51:88:95:fd:df:
                    b8:94:e4:b6:c4:aa:fc:c7:55:7a:0c:30:01:b1:68:
                    b7:ea:ac:bc:c5:88:5f:4e:8a:d6:23:99:2d:6f:12:
                    94:a1:c3:f3:85:f8:fd:d1:78:03:94:06:77:af:23:
                    4c:14:06:ee:48:ec:8f:ae:0c:c0:2d:19:7f:6b:f6:
                    aa:05:cc:ef:2f:c7:bf:6c:fc:86:15:b1:e9:44:78:
                    92:73:12:a2:99:0a:64:42:96:37:45:46:a7:61:ba:
                    ba:57:5f:1f:2b:50:77:83:96:3c:18:10:6a:8b:05:
                    75:bc:4a:f1:14:3e:bd:a0:fd:19:51:aa:c8:bc:98:
                    14:6d:e5:ba:e3:ab:e8:90:4b:fd:75:95:73:98:16:
                    58:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:06:5F:DD:7B:FF:FA:72:15:72:A2:3B:B5:31:25:0C:0D:03:79:94
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.248.0/24
                  194.110.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:28:e8:5b:5a:dd:ce:e1:f3:f3:6a:df:b4:fe:21:a0:09:3e:
         98:2c:e9:a8:63:e1:a5:2e:16:a4:f8:18:5c:49:f9:51:7d:1c:
         30:f6:91:2d:5d:83:71:90:95:74:17:2c:f2:41:29:32:dd:49:
         66:3e:74:84:34:19:d9:aa:62:9b:61:9d:46:a6:2c:ff:48:97:
         dd:2f:2b:b8:72:72:65:a8:dc:47:08:0b:b0:6d:d6:43:8f:1c:
         67:1f:91:31:84:99:f9:a6:ac:82:97:84:c1:46:d8:46:3e:b0:
         9b:2b:44:d2:9a:43:38:ae:8a:fc:b8:fd:a5:a5:cd:d2:4e:f1:
         ac:2c:fd:2a:e6:7e:a6:c7:f4:34:55:a7:cd:87:5b:d2:e7:c6:
         f4:64:40:45:13:a1:c6:3e:e7:f3:0c:35:5b:d1:7c:03:ab:6a:
         b9:6a:24:dd:68:f1:7d:61:e2:5b:ce:d2:e8:9a:71:e1:81:50:
         01:fe:d2:46:e2:1f:0f:b9:13:92:0a:d6:99:55:d9:3c:58:ac:
         8e:aa:5b:9b:b2:22:88:3b:e1:64:cd:1d:bc:aa:41:22:d9:2e:
         08:d5:9c:a5:18:3a:0f:67:77:63:13:a4:5c:9a:e8:d7:f9:cb:
         e3:1c:f3:e8:d8:fc:a9:df:52:86:90:40:bf:1f:1e:90:f8:f7:
         b8:ff:73:c7
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbbutS6tC4LJz5n5HKou5Ubf6H8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTcwMDUwMzhaFw0yNzAyMTYwMDU1MzhaMDMxMTAvBgNV
BAMTKDAyMDY1RkREN0JGRkZBNzIxNTcyQTIzQkI1MzEyNTBDMEQwMzc5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwh30k70bocS5uFufv8jaL5yMC
FCCeTHVo2JHFWboLCYkUeG53RcBg2SOBKGV4YA5rjKLfGRLfl81SVtttUD7wbGhJ
TsJfXir5XNfLLpmIuMHw5XA0tUBjzm/VU5UKE7LZg9uZ6Hx2D5am5y7XS5vrMSBR
iJX937iU5LbEqvzHVXoMMAGxaLfqrLzFiF9OitYjmS1vEpShw/OF+P3ReAOUBnev
I0wUBu5I7I+uDMAtGX9r9qoFzO8vx79s/IYVselEeJJzEqKZCmRCljdFRqdhurpX
Xx8rUHeDljwYEGqLBXW8SvEUPr2g/RlRqsi8mBRt5brjq+iQS/11lXOYFlhzAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAgZf3Xv/+nIVcqI7tTElDA0DeZQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz34
AwQAwm4OMA0GCSqGSIb3DQEBCwUAA4IBAQCqKOhbWt3O4fPzat+0/iGgCT6YLOmo
Y+GlLhak+BhcSflRfRww9pEtXYNxkJV0FyzyQSky3UlmPnSENBnZqmKbYZ1Gpiz/
SJfdLyu4cnJlqNxHCAuwbdZDjxxnH5ExhJn5pqyCl4TBRthGPrCbK0TSmkM4ror8
uP2lpc3STvGsLP0q5n6mx/Q0VafNh1vS58b0ZEBFE6HGPufzDDVb0XwDq2q5aiTd
aPF9YeJbztLomnHhgVAB/tJG4h8PuROSCtaZVdk8WKyOqlubsiKIO+FkzR28qkEi
2S4I1ZylGDoPZ3djE6RcmujX+cvjHPPo2Pyp31KGkEC/Hx6Q+Pe4/3PH
-----END CERTIFICATE-----