Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
File:                     AS204914.roa (raw, json)
Hash identifier:          lGugELjKyAl7r7aWZci8D7agl9kEvb56WVQlQqj9Igw=
Subject key identifier:   3F:A1:09:27:B4:47:DC:23:43:09:2A:F7:FA:91:FB:B7:94:5F:21:97
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7DA42FA4D15B7D28B7202DADC6207199E18153A3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
Signing time:             Sun 12 Apr 2026 12:47:05 +0000
ROA not before:           Sun 12 Apr 2026 12:42:05 +0000
ROA not after:            Sun 11 Apr 2027 12:47:05 +0000
asID:                     204914
IP address blocks:        2.57.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:a4:2f:a4:d1:5b:7d:28:b7:20:2d:ad:c6:20:71:99:e1:81:53:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 12 12:42:05 2026 GMT
            Not After : Apr 11 12:47:05 2027 GMT
        Subject: CN=3FA10927B447DC2343092AF7FA91FBB7945F2197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d0:07:f8:35:85:6e:fe:94:81:49:6b:6f:6a:
                    47:f2:e5:10:62:53:36:30:b2:da:b8:1e:b3:4e:d2:
                    4e:3e:85:d9:04:8d:85:87:2d:f7:ae:f8:a1:b5:b1:
                    5b:14:af:b6:e6:52:67:bb:b2:32:36:6b:b2:2c:2c:
                    91:a5:cd:e5:0d:76:4e:74:c0:bd:22:6f:f4:83:70:
                    ef:e7:e6:51:54:49:1e:78:7b:d5:4a:67:7f:f7:d7:
                    6c:cd:e7:af:bf:bd:2e:8c:a8:e6:51:d9:1e:2c:5c:
                    51:47:1b:ce:7f:54:a0:94:bb:02:13:96:94:04:d5:
                    5d:a8:d3:01:6a:6c:34:e9:55:7c:a8:1b:a4:d3:d6:
                    83:07:1a:ea:69:21:78:5b:e9:fd:9c:4f:4d:ee:5a:
                    c2:2b:4a:85:1e:b8:60:ef:19:e6:5b:70:75:98:bb:
                    4b:9e:27:2f:d6:18:57:e7:12:38:fb:71:9e:5d:9d:
                    c3:3a:f9:ff:1e:86:05:27:7b:25:0e:ee:05:2b:e5:
                    6d:39:26:b4:8a:bd:11:e9:97:48:29:41:ef:9f:97:
                    92:17:7a:b1:92:4a:be:08:05:07:8a:15:cc:6c:c1:
                    8a:8e:cf:7e:94:98:1d:af:f2:7a:42:2b:ac:a2:e5:
                    97:cf:d9:6a:b3:d0:4d:85:6e:5f:5e:41:d6:ce:d6:
                    58:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A1:09:27:B4:47:DC:23:43:09:2A:F7:FA:91:FB:B7:94:5F:21:97
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:cd:a5:2e:b6:c0:3e:6d:6c:89:8b:6e:af:f2:96:99:a0:ec:
         f1:de:9f:20:d9:ce:9b:48:75:d9:ae:a7:6e:99:76:40:43:e7:
         6d:3c:6b:1c:82:30:27:e0:7e:17:cf:54:c5:49:4e:8c:b7:93:
         2a:4f:bd:30:19:e5:92:c4:40:30:5a:f3:72:f3:df:e8:41:3e:
         63:c6:27:38:19:f6:16:ad:34:a4:b9:3f:76:11:1b:16:b8:3e:
         8f:c7:af:16:9e:27:12:2b:d8:9a:ec:3a:1d:30:d0:12:dc:04:
         cf:dd:34:55:c5:30:f6:62:b1:c2:eb:ba:5d:78:72:35:04:24:
         c1:02:65:aa:5e:d8:d5:92:8e:49:69:bf:f4:1e:b3:18:d3:37:
         0c:4e:9d:7f:17:be:42:22:56:67:99:bd:aa:97:a4:dd:20:96:
         8f:55:c6:7a:69:3f:49:37:26:2c:76:75:bb:7a:86:d0:f6:d2:
         13:74:60:d4:68:68:cb:0b:7c:68:ea:8c:84:f4:ad:3e:60:ff:
         06:a2:68:e3:db:e5:ac:4e:f4:38:de:38:4d:c0:80:81:f4:c4:
         35:5a:c3:f7:ea:21:34:cf:a4:31:66:b6:e2:68:ad:45:d4:a3:
         90:f5:93:d1:f0:55:39:41:56:8b:76:26:84:32:c2:29:8b:b4:
         cb:1a:72:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfaQvpNFbfSi3IC2txiBxmeGBU6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTIxMjQyMDVaFw0yNzA0MTExMjQ3MDVaMDMxMTAvBgNV
BAMTKDNGQTEwOTI3QjQ0N0RDMjM0MzA5MkFGN0ZBOTFGQkI3OTQ1RjIxOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB0Af4NYVu/pSBSWtvakfy5RBi
UzYwstq4HrNO0k4+hdkEjYWHLfeu+KG1sVsUr7bmUme7sjI2a7IsLJGlzeUNdk50
wL0ib/SDcO/n5lFUSR54e9VKZ3/312zN56+/vS6MqOZR2R4sXFFHG85/VKCUuwIT
lpQE1V2o0wFqbDTpVXyoG6TT1oMHGuppIXhb6f2cT03uWsIrSoUeuGDvGeZbcHWY
u0ueJy/WGFfnEjj7cZ5dncM6+f8ehgUneyUO7gUr5W05JrSKvRHpl0gpQe+fl5IX
erGSSr4IBQeKFcxswYqOz36UmB2v8npCK6yi5ZfP2Wqz0E2Fbl9eQdbO1lgPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUP6EJJ7RH3CNDCSr3+pH7t5RfIZcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0OTE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkT
MA0GCSqGSIb3DQEBCwUAA4IBAQCezaUutsA+bWyJi26v8paZoOzx3p8g2c6bSHXZ
rqdumXZAQ+dtPGscgjAn4H4Xz1TFSU6Mt5MqT70wGeWSxEAwWvNy89/oQT5jxic4
GfYWrTSkuT92ERsWuD6Px68WnicSK9ia7DodMNAS3ATP3TRVxTD2YrHC67pdeHI1
BCTBAmWqXtjVko5Jab/0HrMY0zcMTp1/F75CIlZnmb2ql6TdIJaPVcZ6aT9JNyYs
dnW7eobQ9tITdGDUaGjLC3xo6oyE9K0+YP8Gomjj2+WsTvQ43jhNwICB9MQ1WsP3
6iE0z6QxZrbiaK1F1KOQ9ZPR8FU5QVaLdiaEMsIpi7TLGnKG
-----END CERTIFICATE-----