Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
File:                     AS202662.roa (raw, json)
Hash identifier:          XZLUNBTro28cvMclJveAgmVI0cw1SLDbHi4RUIrA+QY=
Subject key identifier:   6B:C4:8D:4B:26:E1:FC:92:63:F4:30:E5:E6:87:A2:33:27:DE:28:C0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0CB553C2681DE9E11C65CC589815D89B91678D5E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
Signing time:             Mon 08 Jun 2026 06:47:30 +0000
ROA not before:           Mon 08 Jun 2026 06:42:30 +0000
ROA not after:            Mon 07 Jun 2027 06:47:30 +0000
asID:                     202662
IP address blocks:        191.96.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:b5:53:c2:68:1d:e9:e1:1c:65:cc:58:98:15:d8:9b:91:67:8d:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  8 06:42:30 2026 GMT
            Not After : Jun  7 06:47:30 2027 GMT
        Subject: CN=6BC48D4B26E1FC9263F430E5E687A23327DE28C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7b:77:71:14:2f:9b:71:7c:a1:5c:b5:79:6c:
                    2e:ae:56:d5:17:70:8e:15:86:20:79:8f:ee:63:a8:
                    5a:69:e8:14:a6:cb:75:1e:c2:01:5f:90:cb:48:58:
                    d7:4e:c3:dd:13:df:f6:60:b4:3a:8a:b8:97:01:ba:
                    52:90:5f:e3:7a:19:d1:5c:9b:d2:1b:21:e5:fa:99:
                    ca:ba:94:a6:16:51:83:2a:2d:c8:db:c3:85:91:7d:
                    2c:a0:a4:02:3a:b6:b4:00:f2:8f:a0:59:fc:e9:5d:
                    95:53:42:44:b9:da:21:ae:37:8e:65:cb:18:6b:3a:
                    c2:ef:f7:4b:b6:f6:2a:01:ee:1c:bf:70:26:e5:b1:
                    ef:b6:1c:58:bc:d7:d3:99:76:f0:2a:ff:75:64:cf:
                    7e:de:14:31:1a:57:25:e4:f7:a6:ca:98:e7:e3:e3:
                    e4:59:19:44:61:3a:9a:d9:4e:ee:47:d7:41:d8:f8:
                    87:dd:1e:cf:0a:2e:4b:df:91:62:e6:f8:d7:dc:44:
                    f8:5f:e6:23:99:c0:61:5e:3d:2a:b2:b8:5f:75:f4:
                    d0:77:cf:f5:a7:43:ee:de:ab:60:7f:5f:27:93:36:
                    b0:a0:6c:26:59:ef:3a:e9:2e:53:79:1f:96:0c:7c:
                    cd:f4:44:99:f5:97:7e:c7:b1:a1:85:ef:2f:a5:6d:
                    a5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:C4:8D:4B:26:E1:FC:92:63:F4:30:E5:E6:87:A2:33:27:DE:28:C0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:41:60:12:a5:54:84:a2:fb:8b:01:df:84:41:41:c2:a1:47:
         81:83:c9:1e:9c:94:ba:37:d2:bc:f4:66:72:fa:25:21:34:cc:
         4e:9a:53:2e:7a:98:50:4c:b4:4b:b1:21:d4:25:06:1d:ac:24:
         f1:a5:50:b3:63:66:94:60:b5:66:35:7d:9e:c5:f6:89:a7:6d:
         65:29:94:58:e8:df:4a:63:4b:65:f5:ed:79:22:da:8c:4f:2e:
         0b:b1:da:fd:ac:3b:a3:32:bb:5f:20:24:b8:85:31:82:7b:07:
         f1:d5:5d:16:45:29:2b:96:b9:03:90:0d:75:33:04:d2:1d:5d:
         23:3f:d9:6c:0f:cc:a2:e9:59:13:2a:69:24:c8:3d:9d:ac:b8:
         d4:dc:22:ab:3f:26:07:32:42:a9:74:a3:d0:ce:e9:2c:d0:01:
         cb:91:84:68:93:3d:0d:ee:e8:ee:b3:77:6e:cc:ff:48:16:3d:
         ad:d7:a2:4f:6a:a6:4f:96:b9:e2:1d:b9:9b:ed:fc:a5:a2:c1:
         d9:df:37:01:4d:a9:f3:f5:66:e1:34:23:4a:6a:1d:1b:dc:1e:
         8c:03:df:68:6e:4f:5a:8e:9a:84:db:94:42:50:7a:f7:8c:b4:
         04:66:af:63:fb:98:05:94:16:a9:3f:cf:9c:e3:59:62:df:e0:
         a0:b1:f7:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDLVTwmgd6eEcZcxYmBXYm5FnjV4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDgwNjQyMzBaFw0yNzA2MDcwNjQ3MzBaMDMxMTAvBgNV
BAMTKDZCQzQ4RDRCMjZFMUZDOTI2M0Y0MzBFNUU2ODdBMjMzMjdERTI4QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCe3dxFC+bcXyhXLV5bC6uVtUX
cI4VhiB5j+5jqFpp6BSmy3UewgFfkMtIWNdOw90T3/ZgtDqKuJcBulKQX+N6GdFc
m9IbIeX6mcq6lKYWUYMqLcjbw4WRfSygpAI6trQA8o+gWfzpXZVTQkS52iGuN45l
yxhrOsLv90u29ioB7hy/cCblse+2HFi819OZdvAq/3Vkz37eFDEaVyXk96bKmOfj
4+RZGURhOprZTu5H10HY+IfdHs8KLkvfkWLm+NfcRPhf5iOZwGFePSqyuF919NB3
z/WnQ+7eq2B/XyeTNrCgbCZZ7zrpLlN5H5YMfM30RJn1l37HsaGF7y+lbaUlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUa8SNSybh/JJj9DDl5oeiMyfeKMAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Dw
MA0GCSqGSIb3DQEBCwUAA4IBAQACQWASpVSEovuLAd+EQUHCoUeBg8kenJS6N9K8
9GZy+iUhNMxOmlMuephQTLRLsSHUJQYdrCTxpVCzY2aUYLVmNX2exfaJp21lKZRY
6N9KY0tl9e15ItqMTy4Lsdr9rDujMrtfICS4hTGCewfx1V0WRSkrlrkDkA11MwTS
HV0jP9lsD8yi6VkTKmkkyD2drLjU3CKrPyYHMkKpdKPQzuks0AHLkYRokz0N7uju
s3duzP9IFj2t16JPaqZPlrniHbmb7fylosHZ3zcBTanz9WbhNCNKah0b3B6MA99o
bk9ajpqE25RCUHr3jLQEZq9j+5gFlBapP8+c41li3+CgsffH
-----END CERTIFICATE-----