Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
File:                     AS205771.roa (raw, json)
Hash identifier:          BBQbPLvvD9J7qiV2x5zHnNPjl8pwxJNMTmsUcv+26nk=
Subject key identifier:   58:0D:6D:50:E1:AA:31:D3:9F:35:55:C0:21:74:7A:0F:51:63:5F:C7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4F2156117CFFA5223F95E2DDCA7446D77A1A98C7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
Signing time:             Thu 04 Jun 2026 15:47:29 +0000
ROA not before:           Thu 04 Jun 2026 15:42:29 +0000
ROA not after:            Thu 03 Jun 2027 15:47:29 +0000
asID:                     205771
IP address blocks:        191.101.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:21:56:11:7c:ff:a5:22:3f:95:e2:dd:ca:74:46:d7:7a:1a:98:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  4 15:42:29 2026 GMT
            Not After : Jun  3 15:47:29 2027 GMT
        Subject: CN=580D6D50E1AA31D39F3555C021747A0F51635FC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f7:dd:04:0e:3a:39:d0:bf:50:e0:ce:48:de:
                    c7:91:f8:d5:5b:0c:56:10:b7:cc:a1:25:e7:f7:be:
                    3b:f1:7b:ee:8e:af:4e:15:9d:ab:e2:a7:ca:89:cb:
                    34:ee:2d:70:93:3e:da:6e:d5:27:0e:b3:6a:4c:be:
                    d5:7d:66:f6:ff:78:04:3b:8a:34:a2:e8:19:48:9f:
                    7b:1c:8d:95:2a:2d:ff:da:73:95:38:8f:d6:29:dc:
                    8e:03:57:07:6a:47:97:e7:0f:1f:b8:13:bd:84:81:
                    c9:01:e0:70:93:09:c5:70:90:3b:1d:92:db:d4:4d:
                    d4:c7:a3:68:b1:b7:d5:29:ad:82:c8:a9:26:9f:c4:
                    44:b7:8b:a3:b5:6c:df:1a:8d:4b:9d:5f:b9:33:ae:
                    27:d0:95:dc:c9:76:2b:4b:23:78:eb:27:c3:2f:fb:
                    50:0b:67:60:08:80:aa:e2:a4:c8:e7:98:21:c9:db:
                    d4:c2:ba:bc:7c:a0:3c:8d:78:b9:9f:a8:4a:5b:e3:
                    c6:cb:ff:59:ef:a9:be:36:bc:e9:18:9d:17:a9:e1:
                    c6:55:d7:35:29:05:8f:06:58:75:5c:d8:8b:ce:fa:
                    67:d3:58:e1:99:26:51:7a:50:68:04:c0:95:73:38:
                    2d:51:71:a2:44:db:1e:f8:d1:e9:a0:5a:60:91:dd:
                    12:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:0D:6D:50:E1:AA:31:D3:9F:35:55:C0:21:74:7A:0F:51:63:5F:C7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:0b:d7:51:4b:71:ba:9a:4c:65:8e:49:ba:b7:37:7e:60:e3:
         a5:0e:c9:7d:b5:3c:dd:2a:38:68:e1:b8:a0:bc:db:eb:2d:50:
         b7:87:32:ca:1e:68:35:a8:1c:d2:66:7e:a1:5c:24:96:bd:4c:
         4f:df:e6:79:73:77:f6:d9:43:0e:70:be:1a:1b:1f:75:ae:34:
         29:3a:90:85:63:b0:d2:d9:52:fd:3a:3d:3a:80:f0:71:f2:36:
         ea:4e:1b:02:de:44:62:d6:ea:d1:1e:af:6a:cf:93:0e:b4:98:
         1e:88:b3:f6:45:b2:d8:1d:d7:15:72:da:45:1c:78:5f:99:2f:
         48:ba:16:37:52:ca:6a:28:08:f3:71:95:f8:28:e3:fa:fc:c5:
         fc:d5:0e:1a:0f:7b:08:a7:00:35:da:8d:ea:cb:cc:9e:45:23:
         90:20:d9:8e:c2:9d:6a:63:4f:da:ab:c5:f6:a7:83:24:68:8e:
         a8:ac:4b:a7:13:cd:ec:69:ba:fc:b9:37:c9:20:00:30:1e:0f:
         68:62:e0:2a:79:93:1e:4b:eb:72:81:ee:38:3f:86:24:66:35:
         49:de:50:b5:38:78:14:2f:65:60:aa:ee:9b:00:77:57:67:8b:
         ad:7e:3b:c7:49:d4:f2:55:dc:b8:1d:92:e1:9c:4e:3a:a0:7c:
         8f:6d:f3:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTyFWEXz/pSI/leLdynRG13oamMcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDQxNTQyMjlaFw0yNzA2MDMxNTQ3MjlaMDMxMTAvBgNV
BAMTKDU4MEQ2RDUwRTFBQTMxRDM5RjM1NTVDMDIxNzQ3QTBGNTE2MzVGQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx990EDjo50L9Q4M5I3seR+NVb
DFYQt8yhJef3vjvxe+6Or04Vnavip8qJyzTuLXCTPtpu1ScOs2pMvtV9Zvb/eAQ7
ijSi6BlIn3scjZUqLf/ac5U4j9Yp3I4DVwdqR5fnDx+4E72EgckB4HCTCcVwkDsd
ktvUTdTHo2ixt9UprYLIqSafxES3i6O1bN8ajUudX7kzrifQldzJditLI3jrJ8Mv
+1ALZ2AIgKripMjnmCHJ29TCurx8oDyNeLmfqEpb48bL/1nvqb42vOkYnRep4cZV
1zUpBY8GWHVc2IvO+mfTWOGZJlF6UGgEwJVzOC1RcaJE2x740emgWmCR3RK9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWA1tUOGqMdOfNVXAIXR6D1FjX8cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2UY
MA0GCSqGSIb3DQEBCwUAA4IBAQBYC9dRS3G6mkxljkm6tzd+YOOlDsl9tTzdKjho
4bigvNvrLVC3hzLKHmg1qBzSZn6hXCSWvUxP3+Z5c3f22UMOcL4aGx91rjQpOpCF
Y7DS2VL9Oj06gPBx8jbqThsC3kRi1urRHq9qz5MOtJgeiLP2RbLYHdcVctpFHHhf
mS9IuhY3UspqKAjzcZX4KOP6/MX81Q4aD3sIpwA12o3qy8yeRSOQINmOwp1qY0/a
q8X2p4MkaI6orEunE83sabr8uTfJIAAwHg9oYuAqeZMeS+tyge44P4YkZjVJ3lC1
OHgUL2Vgqu6bAHdXZ4utfjvHSdTyVdy4HZLhnE46oHyPbfNo
-----END CERTIFICATE-----