Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
File:                     AS202673.roa (raw, json)
Hash identifier:          KTn3lpuPBocz/nKSxK/OK77Bcs6TRsP7dQZs/yCsLbo=
Subject key identifier:   60:ED:F8:77:6E:8E:F4:E9:59:8E:06:9B:73:66:5F:74:62:0D:FE:D2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1A29454EBDDDD1965E63B10498D17CA022803934
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
Signing time:             Mon 27 Oct 2025 20:54:08 +0000
ROA not before:           Mon 27 Oct 2025 20:49:08 +0000
ROA not after:            Mon 26 Oct 2026 20:54:08 +0000
asID:                     202673
IP address blocks:        5.181.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Nov 2025 20:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:29:45:4e:bd:dd:d1:96:5e:63:b1:04:98:d1:7c:a0:22:80:39:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 27 20:49:08 2025 GMT
            Not After : Oct 26 20:54:08 2026 GMT
        Subject: CN=60EDF8776E8EF4E9598E069B73665F74620DFED2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5b:c0:b9:e4:92:27:41:e1:15:82:c1:2b:f3:
                    32:0c:4b:ae:54:33:53:df:f5:82:ba:7e:a0:4d:10:
                    6f:33:19:d3:40:1f:6c:95:7b:c0:6b:3d:eb:d6:5f:
                    de:a2:74:33:f6:b7:67:6e:65:b8:1b:08:5d:c8:a8:
                    42:fd:f9:b9:9d:9a:7a:d5:81:4b:fb:2e:3e:84:f9:
                    ee:84:4d:a0:69:8f:3c:1d:16:38:a9:f9:02:d1:20:
                    da:57:78:0d:1c:6a:fc:c9:2e:71:dc:0b:dd:f0:9b:
                    f0:68:d2:8a:38:ca:d2:31:8f:92:15:df:47:f4:2a:
                    75:28:ac:33:bb:7b:57:69:84:f1:4d:94:5b:55:c4:
                    8c:e3:ca:07:c1:e1:8d:3e:89:e3:1a:e3:6e:46:16:
                    ad:76:ec:ec:59:5e:7d:4b:72:d5:55:5a:f3:b6:5c:
                    e5:80:6f:ac:19:36:3b:fd:13:c6:05:32:74:56:99:
                    e9:c0:88:a1:f8:e9:25:d9:41:dc:be:f9:08:4e:18:
                    3b:03:d9:6d:a7:5e:56:54:da:fb:e0:a4:68:af:2f:
                    f3:29:74:2f:b2:39:0d:e4:34:9a:81:6b:63:39:cc:
                    fd:03:33:f6:a2:5a:d5:45:f9:ab:20:8a:5f:b7:16:
                    ed:30:dc:7e:1b:39:d1:70:8e:29:66:68:6d:77:c9:
                    3d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:ED:F8:77:6E:8E:F4:E9:59:8E:06:9B:73:66:5F:74:62:0D:FE:D2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:05:e9:26:3d:fc:c0:f4:a4:51:9c:af:70:57:45:85:89:77:
         c0:51:91:82:04:04:e4:0a:dc:16:bb:57:82:fe:b4:f3:12:d4:
         22:50:da:bc:17:be:ba:0a:14:1e:63:15:e4:e3:32:51:e6:c2:
         a7:10:a8:e9:82:2a:9b:12:58:1b:1a:37:2e:70:f4:b9:e2:24:
         e5:d3:ec:11:d1:46:92:b8:16:bb:0a:56:c5:48:43:5f:c3:33:
         51:e7:ac:31:f7:78:1b:f2:cb:2b:99:13:c4:cc:aa:7e:3f:6f:
         b1:79:88:ae:f1:e9:64:94:52:0b:bc:46:09:de:8a:7b:1b:a2:
         7f:b1:76:5a:12:c2:26:0d:98:da:5d:38:fd:3e:b0:64:20:af:
         d8:96:ea:28:52:eb:c0:c0:0d:81:90:b3:84:aa:52:9b:73:03:
         46:62:8a:66:ab:e3:9e:f6:69:b1:98:14:ec:87:3d:56:a0:73:
         a0:27:3f:f3:62:57:ad:4e:01:2c:85:87:44:32:44:e2:a4:08:
         f4:8b:b5:a4:fd:af:fb:8c:c3:b5:02:6d:d7:78:5e:69:2d:ee:
         ef:00:23:7a:51:e3:8b:bc:c3:3e:31:b7:52:d2:c4:99:6f:f5:
         c2:1b:9b:3a:a2:8f:52:38:dd:94:a9:1f:ad:24:61:1e:40:f8:
         d6:50:9d:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGilFTr3d0ZZeY7EEmNF8oCKAOTQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMjcyMDQ5MDhaFw0yNjEwMjYyMDU0MDhaMDMxMTAvBgNV
BAMTKDYwRURGODc3NkU4RUY0RTk1OThFMDY5QjczNjY1Rjc0NjIwREZFRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuW8C55JInQeEVgsEr8zIMS65U
M1Pf9YK6fqBNEG8zGdNAH2yVe8BrPevWX96idDP2t2duZbgbCF3IqEL9+bmdmnrV
gUv7Lj6E+e6ETaBpjzwdFjip+QLRINpXeA0cavzJLnHcC93wm/Bo0oo4ytIxj5IV
30f0KnUorDO7e1dphPFNlFtVxIzjygfB4Y0+ieMa425GFq127OxZXn1LctVVWvO2
XOWAb6wZNjv9E8YFMnRWmenAiKH46SXZQdy++QhOGDsD2W2nXlZU2vvgpGivL/Mp
dC+yOQ3kNJqBa2M5zP0DM/aiWtVF+asgil+3Fu0w3H4bOdFwjilmaG13yT2rAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYO34d26O9OlZjgabc2ZfdGIN/tIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWH
MA0GCSqGSIb3DQEBCwUAA4IBAQBSBekmPfzA9KRRnK9wV0WFiXfAUZGCBATkCtwW
u1eC/rTzEtQiUNq8F766ChQeYxXk4zJR5sKnEKjpgiqbElgbGjcucPS54iTl0+wR
0UaSuBa7ClbFSENfwzNR56wx93gb8ssrmRPEzKp+P2+xeYiu8elklFILvEYJ3op7
G6J/sXZaEsImDZjaXTj9PrBkIK/YluooUuvAwA2BkLOEqlKbcwNGYopmq+Oe9mmx
mBTshz1WoHOgJz/zYletTgEshYdEMkTipAj0i7Wk/a/7jMO1Am3XeF5pLe7vACN6
UeOLvMM+MbdS0sSZb/XCG5s6oo9SON2UqR+tJGEeQPjWUJ0Z
-----END CERTIFICATE-----