Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41171.roa
File:                     AS41171.roa (raw, json)
Hash identifier:          +oYCbAO9DhMo4JkHEVLWg/Jf6WKW+7Qbh0GADQfe+sI=
Subject key identifier:   D4:3D:7F:D6:44:E5:FD:1D:1E:AA:72:CC:CD:9B:9C:B4:44:80:4B:E4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       641EDC36E2AEBE7FB6D2C259193CBC29DBC1160A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41171.roa
Signing time:             Wed 11 Jun 2025 07:26:04 +0000
ROA not before:           Wed 11 Jun 2025 07:21:04 +0000
ROA not after:            Wed 10 Jun 2026 07:26:04 +0000
asID:                     41171
IP address blocks:        2a0c:fa43::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:1e:dc:36:e2:ae:be:7f:b6:d2:c2:59:19:3c:bc:29:db:c1:16:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 07:21:04 2025 GMT
            Not After : Jun 10 07:26:04 2026 GMT
        Subject: CN=D43D7FD644E5FD1D1EAA72CCCD9B9CB444804BE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3f:50:9f:ef:1c:8e:bf:fb:02:67:ac:6e:8b:
                    b6:2d:03:1b:49:b0:70:a0:9e:d3:4b:dc:e5:27:1f:
                    f2:22:e0:9e:de:d6:cd:25:c9:ab:41:5c:5b:0e:7d:
                    fa:0f:09:49:29:9e:7e:3b:9d:20:57:ba:fe:cb:38:
                    09:c7:96:7a:a7:5e:b7:9f:ae:05:c9:10:d9:a8:aa:
                    31:90:bf:d3:79:bc:db:c7:df:39:71:59:6f:5a:7f:
                    09:b7:39:1e:81:eb:10:cd:4d:98:7a:dd:bb:69:8c:
                    61:4a:e5:f9:e9:52:7e:53:1c:4c:c1:97:a3:04:1f:
                    fc:11:00:d4:fd:02:5a:73:f0:eb:31:d1:57:67:86:
                    db:e6:23:c9:b3:1e:b5:e7:60:78:c3:c8:48:79:9a:
                    bd:35:02:24:76:d2:22:03:32:32:86:f4:ef:20:0c:
                    38:7a:03:96:a5:9b:0c:8f:68:75:b7:72:0e:51:c4:
                    81:57:28:b9:1e:98:9f:83:7b:1f:57:82:23:45:60:
                    b1:6a:d5:7a:bd:36:3e:e5:36:61:bd:cd:be:d3:2a:
                    8e:f2:54:44:34:b8:e0:bd:bf:45:a9:0d:17:22:d4:
                    dd:36:90:32:3e:d1:9d:6f:ea:be:e5:d3:08:a6:17:
                    f5:e4:25:ca:94:0e:89:69:50:7e:97:45:32:ee:16:
                    70:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:3D:7F:D6:44:E5:FD:1D:1E:AA:72:CC:CD:9B:9C:B4:44:80:4B:E4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41171.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:fa43::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:9d:0e:bf:66:fc:3a:e6:f2:50:3b:12:69:dc:83:6d:0a:0e:
         e7:69:1f:95:58:16:75:98:e5:fa:2b:68:a6:f6:fe:49:fa:71:
         33:a6:82:31:30:e2:89:30:89:be:65:d3:68:e6:7c:a0:94:3f:
         31:40:98:b7:02:e7:d4:3a:f6:37:b4:0d:35:e7:98:01:13:97:
         32:4b:15:4a:cc:ce:46:1f:f6:e0:15:97:32:25:85:17:59:e3:
         4b:10:ad:c2:7d:a4:58:99:8b:db:ac:d0:e8:42:7d:57:25:ea:
         62:e6:42:92:8c:87:3b:b7:52:95:6c:4f:2b:e1:b4:48:26:00:
         0d:e9:d3:c9:15:15:f4:c9:e5:cc:73:8f:fd:b5:38:15:09:fb:
         83:60:a0:e1:15:c0:ba:1b:68:a8:7a:2b:85:26:04:f7:dd:38:
         31:f0:f1:1e:01:49:7a:65:f5:3e:26:e6:13:fb:73:23:6a:8b:
         a7:2d:8f:ad:d1:dd:5d:fa:86:7e:33:be:63:b4:9e:39:28:63:
         32:a9:11:f9:7d:fe:56:79:aa:ad:95:42:ee:6a:f5:be:ba:98:
         68:34:b9:89:13:56:35:33:ff:16:64:cf:ed:a2:c7:93:97:b4:
         61:9e:cf:74:ac:5b:66:9e:d8:fa:ee:89:fc:c9:51:1b:31:21:
         2e:8b:df:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZB7cNuKuvn+20sJZGTy8KdvBFgowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTEwNzIxMDRaFw0yNjA2MTAwNzI2MDRaMDMxMTAvBgNV
BAMTKEQ0M0Q3RkQ2NDRFNUZEMUQxRUFBNzJDQ0NEOUI5Q0I0NDQ4MDRCRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJP1Cf7xyOv/sCZ6xui7YtAxtJ
sHCgntNL3OUnH/Ii4J7e1s0lyatBXFsOffoPCUkpnn47nSBXuv7LOAnHlnqnXref
rgXJENmoqjGQv9N5vNvH3zlxWW9afwm3OR6B6xDNTZh63btpjGFK5fnpUn5THEzB
l6MEH/wRANT9Alpz8Osx0VdnhtvmI8mzHrXnYHjDyEh5mr01AiR20iIDMjKG9O8g
DDh6A5almwyPaHW3cg5RxIFXKLkemJ+Dex9XgiNFYLFq1Xq9Nj7lNmG9zb7TKo7y
VEQ0uOC9v0WpDRci1N02kDI+0Z1v6r7l0wimF/XkJcqUDolpUH6XRTLuFnCtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1D1/1kTl/R0eqnLMzZuctESAS+QwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDExNzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqDPpD
MA0GCSqGSIb3DQEBCwUAA4IBAQADnQ6/Zvw65vJQOxJp3INtCg7naR+VWBZ1mOX6
K2im9v5J+nEzpoIxMOKJMIm+ZdNo5nyglD8xQJi3AufUOvY3tA0155gBE5cySxVK
zM5GH/bgFZcyJYUXWeNLEK3CfaRYmYvbrNDoQn1XJepi5kKSjIc7t1KVbE8r4bRI
JgAN6dPJFRX0yeXMc4/9tTgVCfuDYKDhFcC6G2ioeiuFJgT33Tgx8PEeAUl6ZfU+
JuYT+3MjaounLY+t0d1d+oZ+M75jtJ45KGMyqRH5ff5WeaqtlULuavW+uphoNLmJ
E1Y1M/8WZM/toseTl7Rhns90rFtmntj67on8yVEbMSEui9+b
-----END CERTIFICATE-----