Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa
File:                     AS32159.roa (raw, json)
Hash identifier:          rdy127Q9WtcoRkNgFyk+UmcU9aBpdqi/HHyIRlrhTFs=
Subject key identifier:   30:FA:A8:C8:7D:91:B8:A5:B4:D7:51:17:8E:2E:A0:A0:E4:D1:E6:A3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5B7AFC16489CC8A61CA73F70CED79AAC6751CDF6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa
Signing time:             Fri 12 Jun 2026 00:04:19 +0000
ROA not before:           Thu 11 Jun 2026 23:59:19 +0000
ROA not after:            Fri 11 Jun 2027 00:04:19 +0000
asID:                     32159
IP address blocks:        181.214.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:7a:fc:16:48:9c:c8:a6:1c:a7:3f:70:ce:d7:9a:ac:67:51:cd:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 23:59:19 2026 GMT
            Not After : Jun 11 00:04:19 2027 GMT
        Subject: CN=30FAA8C87D91B8A5B4D751178E2EA0A0E4D1E6A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ef:24:b8:93:5e:d7:b0:d7:c1:83:94:0a:cd:
                    b2:29:86:30:9f:5e:e2:b9:cb:97:6f:e8:e8:f6:eb:
                    bb:83:33:25:20:e8:16:d2:1e:28:b0:4d:3c:29:32:
                    75:26:39:f1:15:64:8f:15:16:24:e7:c3:d9:a9:62:
                    5d:7c:f5:aa:0c:eb:2b:2b:4c:7a:05:84:94:ef:0c:
                    ad:0c:4e:80:92:28:58:cb:ed:29:95:3f:00:66:e9:
                    99:4f:7d:b6:fc:91:db:44:ce:73:99:38:f5:ca:7d:
                    37:fb:5f:a4:f6:16:47:d9:1c:80:a6:d1:11:d3:76:
                    27:e6:8f:58:a8:f2:4b:c5:52:ee:69:dc:22:8f:fc:
                    eb:bb:de:2c:a0:d9:27:8e:c6:a1:b5:fe:72:07:03:
                    b8:c7:09:77:58:0f:ba:d6:25:75:3b:24:88:12:a1:
                    f5:f2:14:b2:35:ae:fb:e8:33:ad:33:68:94:66:43:
                    06:0b:ce:0a:2d:66:e2:56:64:e5:e8:d8:8e:0a:90:
                    19:94:86:68:7e:3a:27:66:1b:6f:69:eb:57:83:8a:
                    01:36:81:8a:3b:be:ef:ad:0b:0d:b0:a0:68:1b:2b:
                    b2:93:9d:9d:32:fa:11:2e:62:09:a4:16:71:13:2c:
                    37:c3:1a:11:5b:c7:ae:b9:06:9a:44:75:aa:47:15:
                    94:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:FA:A8:C8:7D:91:B8:A5:B4:D7:51:17:8E:2E:A0:A0:E4:D1:E6:A3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:1e:23:25:09:c7:a0:5a:4e:ca:92:79:8e:db:36:16:82:0d:
         54:78:a1:f3:7c:eb:2f:51:df:e2:cc:7b:dd:6c:64:ca:3d:a8:
         e6:65:2f:d6:12:fc:cb:a7:af:23:8c:65:0e:96:bd:fe:a5:b5:
         fe:86:39:bf:55:44:45:d6:b7:7a:60:37:c8:63:cf:ae:97:e2:
         9e:3d:d6:4d:bc:59:99:72:b4:7b:24:06:e6:45:75:c9:8e:b6:
         08:bb:2b:61:4c:32:d8:3a:82:5f:a0:02:05:75:bb:82:e0:68:
         7c:5c:3d:e3:0b:01:2a:90:8a:6f:ff:a2:de:22:99:f6:4c:83:
         76:63:1e:3a:b1:4f:10:d9:30:1b:03:7b:13:1a:f9:81:63:c8:
         db:3a:75:d3:42:c7:5c:85:78:f6:02:13:d7:f6:d4:6b:b4:57:
         f9:03:3c:4f:2e:11:c8:85:16:43:82:45:76:c9:d2:ac:6e:6e:
         0a:f6:29:4a:db:e8:1f:71:4f:81:e9:2e:99:b8:c2:6d:05:15:
         ac:13:9c:6c:a5:64:41:5c:da:a6:bb:2e:a0:d1:03:6c:c2:6c:
         c3:3c:c5:33:b0:46:21:39:78:4d:6d:7b:3b:49:ac:80:be:71:
         20:6c:90:b4:31:0b:f4:25:d2:8d:cd:36:a4:ba:c7:ae:29:0c:
         19:1e:a8:4b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUW3r8FkicyKYcpz9wztearGdRzfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTEyMzU5MTlaFw0yNzA2MTEwMDA0MTlaMDMxMTAvBgNV
BAMTKDMwRkFBOEM4N0Q5MUI4QTVCNEQ3NTExNzhFMkVBMEEwRTREMUU2QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu7yS4k17XsNfBg5QKzbIphjCf
XuK5y5dv6Oj267uDMyUg6BbSHiiwTTwpMnUmOfEVZI8VFiTnw9mpYl189aoM6ysr
THoFhJTvDK0MToCSKFjL7SmVPwBm6ZlPfbb8kdtEznOZOPXKfTf7X6T2FkfZHICm
0RHTdifmj1io8kvFUu5p3CKP/Ou73iyg2SeOxqG1/nIHA7jHCXdYD7rWJXU7JIgS
ofXyFLI1rvvoM60zaJRmQwYLzgotZuJWZOXo2I4KkBmUhmh+OidmG29p61eDigE2
gYo7vu+tCw2woGgbK7KTnZ0y+hEuYgmkFnETLDfDGhFbx665BppEdapHFZQBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUMPqoyH2RuKW011EXji6goOTR5qMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzIxNTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11rYw
DQYJKoZIhvcNAQELBQADggEBAI8eIyUJx6BaTsqSeY7bNhaCDVR4ofN86y9R3+LM
e91sZMo9qOZlL9YS/MunryOMZQ6Wvf6ltf6GOb9VREXWt3pgN8hjz66X4p491k28
WZlytHskBuZFdcmOtgi7K2FMMtg6gl+gAgV1u4LgaHxcPeMLASqQim//ot4imfZM
g3ZjHjqxTxDZMBsDexMa+YFjyNs6ddNCx1yFePYCE9f21Gu0V/kDPE8uEciFFkOC
RXbJ0qxubgr2KUrb6B9xT4HpLpm4wm0FFawTnGylZEFc2qa7LqDRA2zCbMM8xTOw
RiE5eE1teztJrIC+cSBskLQxC/Ql0o3NNqS6x64pDBkeqEs=
-----END CERTIFICATE-----