Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS274107.roa
File:                     AS274107.roa (raw, json)
Hash identifier:          FeCZwwa9vIpHi/cjM/UclogchcpDL6DLWg9ophvXaOw=
Subject key identifier:   9E:97:23:07:F0:9E:DC:85:F4:27:09:C5:34:3B:04:6E:F7:ED:F2:D7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6AC5E65172EC83B130F84014C0B42A36CDBC11E0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS274107.roa
Signing time:             Thu 05 Feb 2026 21:54:55 +0000
ROA not before:           Thu 05 Feb 2026 21:49:55 +0000
ROA not after:            Thu 04 Feb 2027 21:54:55 +0000
asID:                     274107
IP address blocks:        179.61.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 01:06:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:c5:e6:51:72:ec:83:b1:30:f8:40:14:c0:b4:2a:36:cd:bc:11:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  5 21:49:55 2026 GMT
            Not After : Feb  4 21:54:55 2027 GMT
        Subject: CN=9E972307F09EDC85F42709C5343B046EF7EDF2D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:63:ce:1c:e9:e1:48:ae:4d:31:26:35:3c:06:
                    f9:0d:8c:2d:32:78:7d:aa:99:c4:a8:bf:8c:83:f5:
                    ee:64:41:12:c8:3c:95:1f:19:39:ce:3b:60:7f:b9:
                    9a:82:dd:4b:a8:d7:db:c3:32:c1:b3:85:c8:73:65:
                    f4:69:e4:32:6c:b8:a2:15:0c:43:5e:d4:e9:db:0c:
                    81:3b:85:07:74:3c:23:7d:44:1c:e8:d3:3e:86:e6:
                    86:62:92:d5:b7:86:21:98:76:10:07:94:0d:ee:67:
                    15:a9:28:25:c6:23:7c:5b:75:53:b8:fe:f0:fe:63:
                    ee:8a:0f:80:47:93:aa:3f:96:85:f4:6a:e8:2a:4a:
                    8d:2f:3e:bb:b5:86:57:90:e0:a0:be:ea:ba:dc:4c:
                    81:58:42:5a:ee:60:9b:6b:77:b1:30:58:13:7c:1f:
                    eb:88:d2:05:67:5d:7d:fd:de:b0:12:87:e2:a9:92:
                    c6:e7:9c:30:ba:f3:dc:33:36:ca:ea:d2:05:02:5e:
                    15:ff:5f:f0:6c:24:83:85:a6:57:12:a5:a8:db:69:
                    71:88:85:1d:89:9b:42:0f:e6:f7:14:64:e4:9e:4c:
                    cb:8b:89:31:8e:0c:d3:fb:6e:58:ba:de:ae:90:80:
                    2b:dd:27:fd:8f:f2:ee:ac:ce:0d:0a:e7:87:bd:b9:
                    bf:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:97:23:07:F0:9E:DC:85:F4:27:09:C5:34:3B:04:6E:F7:ED:F2:D7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS274107.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:0a:57:90:42:70:71:6c:26:33:34:2f:d3:24:1f:ca:ad:b3:
         24:57:ae:6e:77:e1:ee:2b:1f:99:6f:6d:a1:05:0d:04:d9:60:
         1f:2d:b7:dd:3a:fa:88:29:3d:9e:c7:2d:b5:89:ed:84:e9:b9:
         e7:c4:41:94:04:b9:9c:ee:7f:ec:24:f7:11:b1:42:76:32:ec:
         0f:d6:f7:9f:6d:41:50:39:1e:a6:b7:c6:c4:b3:81:38:5a:a2:
         cd:cd:a9:32:bc:37:13:3e:0c:89:7b:d9:6d:96:20:15:ca:71:
         c7:38:0b:44:74:3d:23:16:99:02:31:88:09:67:7e:33:aa:70:
         dd:4f:98:ea:ef:c8:e5:96:e1:f3:f4:cd:c2:fe:0b:6d:a4:9b:
         39:b6:d7:55:2d:6c:49:ea:45:f7:0f:34:12:b3:86:aa:bd:77:
         4d:84:15:93:a5:8d:0c:bc:a8:d0:6c:6c:78:0a:bc:b5:c8:00:
         6c:3e:a3:31:4a:0f:b6:bb:7a:89:42:6d:8d:6f:c8:bf:7d:59:
         79:6f:ff:32:26:2c:d0:a9:a2:ea:8d:98:07:4b:e5:4d:a0:40:
         98:99:ef:71:b2:ca:ab:81:b1:52:95:5e:d3:61:de:2e:5e:5a:
         5d:9b:c2:c1:65:df:71:98:70:4e:ce:7e:5f:f2:32:7d:42:3f:
         7d:38:b0:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUasXmUXLsg7Ew+EAUwLQqNs28EeAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMDUyMTQ5NTVaFw0yNzAyMDQyMTU0NTVaMDMxMTAvBgNV
BAMTKDlFOTcyMzA3RjA5RURDODVGNDI3MDlDNTM0M0IwNDZFRjdFREYyRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTY84c6eFIrk0xJjU8BvkNjC0y
eH2qmcSov4yD9e5kQRLIPJUfGTnOO2B/uZqC3Uuo19vDMsGzhchzZfRp5DJsuKIV
DENe1OnbDIE7hQd0PCN9RBzo0z6G5oZiktW3hiGYdhAHlA3uZxWpKCXGI3xbdVO4
/vD+Y+6KD4BHk6o/loX0augqSo0vPru1hleQ4KC+6rrcTIFYQlruYJtrd7EwWBN8
H+uI0gVnXX393rASh+KpksbnnDC689wzNsrq0gUCXhX/X/BsJIOFplcSpajbaXGI
hR2Jm0IP5vcUZOSeTMuLiTGODNP7bli63q6QgCvdJ/2P8u6szg0K54e9ub9/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnpcjB/Ce3IX0JwnFNDsEbvft8tcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjc0MTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz3l
MA0GCSqGSIb3DQEBCwUAA4IBAQChCleQQnBxbCYzNC/TJB/KrbMkV65ud+HuKx+Z
b22hBQ0E2WAfLbfdOvqIKT2exy21ie2E6bnnxEGUBLmc7n/sJPcRsUJ2MuwP1vef
bUFQOR6mt8bEs4E4WqLNzakyvDcTPgyJe9ltliAVynHHOAtEdD0jFpkCMYgJZ34z
qnDdT5jq78jlluHz9M3C/gttpJs5ttdVLWxJ6kX3DzQSs4aqvXdNhBWTpY0MvKjQ
bGx4Cry1yABsPqMxSg+2u3qJQm2Nb8i/fVl5b/8yJizQqaLqjZgHS+VNoECYme9x
ssqrgbFSlV7TYd4uXlpdm8LBZd9xmHBOzn5f8jJ9Qj99OLAg
-----END CERTIFICATE-----