Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          +P1OBQwnW0TRuwmw33+1Cj48xKJftSYwvAGLfj0CjLQ=
Subject key identifier:   84:3A:B3:B6:54:11:5E:8C:84:0D:5D:DF:E8:3F:35:29:1B:ED:1E:80
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1C804A752F6553D87EAF0EA3B126F3CDD264AB15
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS23470.roa
Signing time:             Fri 31 Oct 2025 18:56:56 +0000
ROA not before:           Fri 31 Oct 2025 18:51:56 +0000
ROA not after:            Fri 30 Oct 2026 18:56:56 +0000
asID:                     23470
IP address blocks:        191.101.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 06:14:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:80:4a:75:2f:65:53:d8:7e:af:0e:a3:b1:26:f3:cd:d2:64:ab:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 31 18:51:56 2025 GMT
            Not After : Oct 30 18:56:56 2026 GMT
        Subject: CN=843AB3B654115E8C840D5DDFE83F35291BED1E80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6d:f3:7a:b5:6c:0a:14:74:02:4a:be:66:e3:
                    bf:a5:2f:25:a6:1f:0d:d8:ac:f9:78:61:c0:44:e1:
                    83:e5:0c:ff:96:a1:54:bd:fc:32:f8:24:a6:c8:27:
                    35:f1:b6:51:0a:3b:39:13:cd:2d:3a:fb:dd:45:68:
                    e5:f8:98:d9:57:56:70:8e:fb:46:06:b9:7d:4d:b0:
                    40:93:1d:a6:bf:ff:71:06:11:b3:b3:19:f4:89:fb:
                    b2:b7:40:53:39:58:75:bf:a4:88:b5:14:fb:d5:3c:
                    21:d4:b4:74:10:37:3c:13:39:1f:58:7c:66:5e:53:
                    7d:b5:90:84:dc:5d:00:6d:fb:e5:37:8b:37:9c:14:
                    ee:ef:fa:2c:9e:9f:14:f9:e2:7f:b9:1b:c2:c1:89:
                    51:4d:fd:86:0f:53:15:e8:cd:f6:6e:5a:48:bb:1d:
                    f0:fe:04:f5:ab:45:54:24:90:c6:8c:1b:bd:fe:81:
                    0f:8d:ac:4d:79:79:b1:42:1a:74:91:fc:60:27:95:
                    e2:69:f1:61:23:2c:99:df:8b:51:22:be:e0:1a:b6:
                    53:dd:f3:77:81:e0:2b:18:e1:d3:04:19:bc:60:d9:
                    df:22:f5:a8:da:bc:ac:54:b8:b4:7d:f5:8b:d4:e0:
                    98:e6:05:04:bf:f9:7a:de:2b:92:7a:98:18:5f:a3:
                    56:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3A:B3:B6:54:11:5E:8C:84:0D:5D:DF:E8:3F:35:29:1B:ED:1E:80
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:2c:fe:df:9d:f3:dd:b2:c1:09:80:41:e8:90:57:30:67:f7:
         4a:5d:2e:e2:3c:db:f8:6c:a0:2e:15:e0:dc:4d:a9:c0:ec:c3:
         23:f3:f9:06:a7:2a:2e:94:13:65:8a:49:d8:1f:ec:dd:75:e6:
         9c:4e:c1:d6:aa:df:fa:1c:99:67:64:29:f8:27:bf:2b:c6:00:
         4b:61:ae:ea:9e:60:ac:b2:27:99:c6:0f:13:d2:4d:31:ef:e8:
         4c:6c:eb:6e:76:69:f2:73:9f:25:e5:5e:4c:bb:79:de:f0:a9:
         ae:fc:ff:98:ad:ee:b6:80:0f:a5:2c:61:95:d5:a2:d3:e2:2e:
         0c:91:eb:fa:25:8b:19:a7:6b:37:a7:56:3c:83:8a:b6:01:14:
         49:e7:c9:1f:c0:3f:c1:ce:87:a4:31:d6:da:e1:96:d7:28:1b:
         4d:eb:e8:1c:7c:3e:f6:0a:d7:d3:89:29:90:a8:e4:2a:e8:49:
         55:5b:81:67:cd:4c:33:4e:b1:d6:e1:b3:d0:aa:38:cc:e0:ec:
         09:dd:df:51:ae:6c:90:9d:75:f3:15:17:d9:2c:67:3d:c8:85:
         d8:5a:af:8a:50:1e:15:aa:8e:cc:8b:98:b9:84:28:ce:4f:d7:
         ef:fe:76:e6:ac:08:ad:8b:00:c8:de:25:1c:6b:dd:58:f1:55:
         26:df:96:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHIBKdS9lU9h+rw6jsSbzzdJkqxUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMzExODUxNTZaFw0yNjEwMzAxODU2NTZaMDMxMTAvBgNV
BAMTKDg0M0FCM0I2NTQxMTVFOEM4NDBENURERkU4M0YzNTI5MUJFRDFFODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDObfN6tWwKFHQCSr5m47+lLyWm
Hw3YrPl4YcBE4YPlDP+WoVS9/DL4JKbIJzXxtlEKOzkTzS06+91FaOX4mNlXVnCO
+0YGuX1NsECTHaa//3EGEbOzGfSJ+7K3QFM5WHW/pIi1FPvVPCHUtHQQNzwTOR9Y
fGZeU321kITcXQBt++U3izecFO7v+iyenxT54n+5G8LBiVFN/YYPUxXozfZuWki7
HfD+BPWrRVQkkMaMG73+gQ+NrE15ebFCGnSR/GAnleJp8WEjLJnfi1EivuAatlPd
83eB4CsY4dMEGbxg2d8i9ajavKxUuLR99YvU4JjmBQS/+XreK5J6mBhfo1YdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUhDqztlQRXoyEDV3f6D81KRvtHoAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/Zfsw
DQYJKoZIhvcNAQELBQADggEBAKMs/t+d892ywQmAQeiQVzBn90pdLuI82/hsoC4V
4NxNqcDswyPz+QanKi6UE2WKSdgf7N115pxOwdaq3/ocmWdkKfgnvyvGAEthruqe
YKyyJ5nGDxPSTTHv6Exs6252afJznyXlXky7ed7wqa78/5it7raAD6UsYZXVotPi
LgyR6/olixmnazenVjyDirYBFEnnyR/AP8HOh6Qx1trhltcoG03r6Bx8PvYK19OJ
KZCo5CroSVVbgWfNTDNOsdbhs9CqOMzg7And31GubJCddfMVF9ksZz3Ihdhar4pQ
HhWqjsyLmLmEKM5P1+/+duasCK2LAMjeJRxr3VjxVSbflhc=
-----END CERTIFICATE-----