Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401881.roa
File:                     AS401881.roa (raw, json)
Hash identifier:          sa9ala+jx0IclC7vyNogYeawC5V9EGDjct2acjUBt7c=
Subject key identifier:   D9:0B:F0:79:D6:A6:B8:70:54:85:E3:A1:64:45:25:9E:29:5C:AD:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       34E9D518731E56FE2B3F6E9A03A55559C2593ECC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401881.roa
Signing time:             Fri 05 Jun 2026 14:00:45 +0000
ROA not before:           Fri 05 Jun 2026 13:55:45 +0000
ROA not after:            Fri 04 Jun 2027 14:00:45 +0000
asID:                     401881
IP address blocks:        179.61.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:e9:d5:18:73:1e:56:fe:2b:3f:6e:9a:03:a5:55:59:c2:59:3e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  5 13:55:45 2026 GMT
            Not After : Jun  4 14:00:45 2027 GMT
        Subject: CN=D90BF079D6A6B8705485E3A16445259E295CAD2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:db:2c:fb:7c:21:14:d3:3e:8f:f0:cc:97:4e:
                    9e:c6:7f:6b:d4:14:5c:31:cb:89:47:54:f5:8c:73:
                    ee:48:6e:1f:3d:99:b9:b1:63:00:95:ec:34:e4:f9:
                    8c:b8:84:d8:95:12:aa:ff:17:58:f8:2a:c4:78:b3:
                    bb:2e:a8:07:86:6d:be:52:96:4d:1f:9e:22:da:3d:
                    fb:f8:5a:66:3b:66:96:bc:46:59:29:0d:52:c3:5a:
                    d3:20:1f:50:b3:b6:ef:14:0b:33:be:23:ed:1e:ae:
                    b5:86:2a:34:8d:ed:cf:ec:d5:12:e7:e8:d3:91:9a:
                    a2:57:f9:22:d1:3a:b8:a7:60:47:63:af:79:5b:32:
                    af:20:22:a7:f3:d1:3b:e3:43:ce:29:f9:db:ef:e4:
                    6d:a4:79:76:ab:9e:5d:f4:9e:54:d7:e6:8d:80:c8:
                    19:b4:4a:fc:b1:e0:c2:45:49:89:8b:f3:ee:b8:27:
                    28:66:7f:5e:f8:dd:d2:da:3e:2d:6f:4f:d9:a0:f2:
                    89:54:49:50:6d:24:4a:96:17:70:71:52:ee:dc:1c:
                    f2:cc:4a:42:8d:88:f9:7e:44:49:f3:a3:0a:d9:d4:
                    a9:03:7c:e4:0c:7a:68:0e:67:1c:c1:30:fb:1e:2c:
                    b0:81:75:07:09:7e:0d:f7:bf:74:4f:2e:cb:3b:3e:
                    e1:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:0B:F0:79:D6:A6:B8:70:54:85:E3:A1:64:45:25:9E:29:5C:AD:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401881.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:b7:00:72:d0:11:23:b8:4e:16:50:2b:74:d8:3e:2f:5b:95:
         d4:a6:ef:95:d3:02:bd:71:cf:b0:84:4a:cb:08:51:01:b8:c4:
         e9:1e:cc:11:98:67:26:24:19:18:69:a7:f0:66:f5:09:6a:d3:
         9e:1a:78:cc:44:c0:ff:e2:87:8d:50:da:06:ba:cf:ff:a7:53:
         67:3c:47:bb:c1:29:10:a9:a5:c6:e8:6c:78:41:f7:c4:fb:68:
         a2:1f:cf:ce:21:2c:ec:ef:15:6e:50:a5:e5:39:9e:32:07:5e:
         51:79:84:a3:4e:24:24:10:45:cc:88:65:0b:b1:9e:14:36:f7:
         01:7e:13:67:4b:e3:ef:b8:00:fe:fc:00:52:a5:a8:38:12:f3:
         68:7f:f9:de:56:04:46:a4:7f:69:d8:10:67:f1:0a:43:d1:03:
         de:71:73:fc:62:12:45:b0:02:dd:7c:71:8f:6a:a8:f9:73:4c:
         f5:ff:6a:4d:4d:98:16:ab:d4:49:0b:23:0b:29:91:88:bd:92:
         5b:2e:76:8d:e3:de:92:68:aa:64:c4:59:f8:53:16:e0:ea:cb:
         55:41:f6:88:ab:cc:be:00:83:8f:a2:e3:8f:35:ac:42:ed:98:
         cb:66:45:19:62:90:c2:4b:35:dd:33:7e:4b:9c:02:f2:40:4c:
         e0:d2:e6:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNOnVGHMeVv4rP26aA6VVWcJZPswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDUxMzU1NDVaFw0yNzA2MDQxNDAwNDVaMDMxMTAvBgNV
BAMTKEQ5MEJGMDc5RDZBNkI4NzA1NDg1RTNBMTY0NDUyNTlFMjk1Q0FEMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu2yz7fCEU0z6P8MyXTp7Gf2vU
FFwxy4lHVPWMc+5Ibh89mbmxYwCV7DTk+Yy4hNiVEqr/F1j4KsR4s7suqAeGbb5S
lk0fniLaPfv4WmY7Zpa8RlkpDVLDWtMgH1Cztu8UCzO+I+0errWGKjSN7c/s1RLn
6NORmqJX+SLROrinYEdjr3lbMq8gIqfz0TvjQ84p+dvv5G2keXarnl30nlTX5o2A
yBm0Svyx4MJFSYmL8+64Jyhmf1743dLaPi1vT9mg8olUSVBtJEqWF3BxUu7cHPLM
SkKNiPl+REnzowrZ1KkDfOQMemgOZxzBMPseLLCBdQcJfg33v3RPLss7PuEFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2QvwedamuHBUheOhZEUlnilcrS8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxODgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz3u
MA0GCSqGSIb3DQEBCwUAA4IBAQActwBy0BEjuE4WUCt02D4vW5XUpu+V0wK9cc+w
hErLCFEBuMTpHswRmGcmJBkYaafwZvUJatOeGnjMRMD/4oeNUNoGus//p1NnPEe7
wSkQqaXG6Gx4QffE+2iiH8/OISzs7xVuUKXlOZ4yB15ReYSjTiQkEEXMiGULsZ4U
NvcBfhNnS+PvuAD+/ABSpag4EvNof/neVgRGpH9p2BBn8QpD0QPecXP8YhJFsALd
fHGPaqj5c0z1/2pNTZgWq9RJCyMLKZGIvZJbLnaN496SaKpkxFn4Uxbg6stVQfaI
q8y+AIOPouOPNaxC7ZjLZkUZYpDCSzXdM35LnALyQEzg0uZB
-----END CERTIFICATE-----