Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397086.roa
File:                     AS397086.roa (raw, json)
Hash identifier:          fXehvwliSVhC2+4/qtWBK4DvWehN66L6hGal/KvWyRI=
Subject key identifier:   AD:E6:1A:E0:E6:57:3F:89:04:86:78:29:8D:87:D2:05:EC:12:A8:2B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       74B113510989EB4C730C575F195ED5A010BCB911
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397086.roa
Signing time:             Thu 23 Oct 2025 15:55:09 +0000
ROA not before:           Thu 23 Oct 2025 15:50:09 +0000
ROA not after:            Thu 22 Oct 2026 15:55:09 +0000
asID:                     397086
IP address blocks:        181.41.218.0/24 maxlen: 24
                          191.96.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 06:14:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:b1:13:51:09:89:eb:4c:73:0c:57:5f:19:5e:d5:a0:10:bc:b9:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 23 15:50:09 2025 GMT
            Not After : Oct 22 15:55:09 2026 GMT
        Subject: CN=ADE61AE0E6573F89048678298D87D205EC12A82B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c9:e5:6c:9c:bc:3b:56:9d:36:6c:19:a0:aa:
                    bc:e6:0b:75:d2:c1:75:4d:6b:e9:7f:4b:b7:cb:c2:
                    20:6c:c9:92:3e:56:76:4f:10:95:34:8d:cd:ea:b2:
                    f1:9e:52:12:e2:0f:79:a8:37:17:2c:6f:fa:fb:4b:
                    d2:89:0e:81:5f:4d:5b:1e:84:65:d7:c4:01:13:ab:
                    33:c7:a8:2d:f0:4c:0f:46:70:96:a2:db:af:00:db:
                    82:c6:1b:df:99:8d:81:fd:6f:c5:07:9c:2f:f8:e7:
                    cd:8e:af:06:29:22:aa:08:b2:f1:9a:2e:85:12:c3:
                    41:c9:e1:47:c9:b4:f8:5b:ff:21:60:11:d2:05:9c:
                    34:0c:5d:10:32:ad:ec:5c:db:fe:c4:52:e5:66:48:
                    11:60:ab:c8:fe:b5:50:bc:77:d0:c6:26:5f:61:0e:
                    4e:d1:6a:4a:1b:11:20:da:ea:ff:5d:00:d9:f2:bc:
                    5c:81:4c:9d:63:39:4f:30:b8:51:9e:69:45:02:fa:
                    09:e4:4c:45:08:57:c2:71:e9:36:14:d6:2f:1a:5f:
                    7e:17:12:87:fa:1d:b6:d3:4d:f8:7f:94:58:c4:9f:
                    83:1a:5b:11:19:74:c9:a1:3b:d2:72:42:62:76:1e:
                    e7:02:9f:db:fd:df:4b:c7:61:a4:be:25:62:21:06:
                    bf:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E6:1A:E0:E6:57:3F:89:04:86:78:29:8D:87:D2:05:EC:12:A8:2B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397086.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.218.0/24
                  191.96.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:95:82:7b:42:26:a9:f7:52:f7:2c:7b:01:94:79:1c:66:7f:
         75:a6:ee:57:b4:71:e6:3d:c1:24:3a:9b:1b:75:3e:17:03:c9:
         35:62:07:3b:d7:39:54:54:a6:a0:c2:73:f2:41:42:97:06:70:
         73:bf:48:cd:3f:fe:11:17:53:81:d7:8e:01:ea:2c:5e:f2:fb:
         8d:82:f5:da:38:cd:b8:61:f6:c4:6c:1b:b6:e5:cc:6d:31:76:
         e0:e6:7a:da:98:c1:7b:3b:73:a3:ce:12:25:8f:93:de:c2:06:
         7a:f7:fe:3a:5e:09:82:4a:9a:f6:71:d1:a8:52:f2:d4:eb:ff:
         86:c8:3a:b2:90:b6:6e:17:bd:4e:36:d7:08:7f:86:a3:6f:69:
         a1:47:b4:75:6d:30:01:fb:08:86:8a:98:06:3d:20:0d:66:c4:
         28:4e:d0:33:f8:a1:40:a3:42:9a:a1:3c:13:49:39:0d:1f:7f:
         bf:2a:ab:23:6b:83:bc:3a:eb:f9:32:a5:31:58:6e:0f:02:8d:
         55:89:f1:f0:8d:1b:4a:a7:f8:89:fd:cd:fc:ba:e1:3c:e4:24:
         7d:09:23:69:fb:82:63:15:f5:cd:67:d1:75:c1:26:7d:58:28:
         04:59:50:01:60:43:24:32:d8:dd:4c:1f:ea:56:3e:ed:9f:d3:
         a5:1a:f3:77
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdLETUQmJ60xzDFdfGV7VoBC8uREwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMjMxNTUwMDlaFw0yNjEwMjIxNTU1MDlaMDMxMTAvBgNV
BAMTKEFERTYxQUUwRTY1NzNGODkwNDg2NzgyOThEODdEMjA1RUMxMkE4MkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyyeVsnLw7Vp02bBmgqrzmC3XS
wXVNa+l/S7fLwiBsyZI+VnZPEJU0jc3qsvGeUhLiD3moNxcsb/r7S9KJDoFfTVse
hGXXxAETqzPHqC3wTA9GcJai268A24LGG9+ZjYH9b8UHnC/4582OrwYpIqoIsvGa
LoUSw0HJ4UfJtPhb/yFgEdIFnDQMXRAyrexc2/7EUuVmSBFgq8j+tVC8d9DGJl9h
Dk7RakobESDa6v9dANnyvFyBTJ1jOU8wuFGeaUUC+gnkTEUIV8Jx6TYU1i8aX34X
Eof6HbbTTfh/lFjEn4MaWxEZdMmhO9JyQmJ2HucCn9v930vHYaS+JWIhBr+5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUreYa4OZXP4kEhngpjYfSBewSqCswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk3MDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtSna
AwQAv2CuMA0GCSqGSIb3DQEBCwUAA4IBAQBSlYJ7Qiap91L3LHsBlHkcZn91pu5X
tHHmPcEkOpsbdT4XA8k1Ygc71zlUVKagwnPyQUKXBnBzv0jNP/4RF1OB144B6ixe
8vuNgvXaOM24YfbEbBu25cxtMXbg5nramMF7O3OjzhIlj5PewgZ69/46XgmCSpr2
cdGoUvLU6/+GyDqykLZuF71ONtcIf4ajb2mhR7R1bTAB+wiGipgGPSANZsQoTtAz
+KFAo0KaoTwTSTkNH3+/Kqsja4O8Ouv5MqUxWG4PAo1VifHwjRtKp/iJ/c38uuE8
5CR9CSNp+4JjFfXNZ9F1wSZ9WCgEWVABYEMkMtjdTB/qVj7tn9OlGvN3
-----END CERTIFICATE-----