Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41171.roa
File:                     AS41171.roa (raw, json)
Hash identifier:          Sx9oNEp35DQPE/JaHZe8gL/TIjb56q0+20qwG7hzcoc=
Subject key identifier:   89:43:33:07:D7:72:97:5E:82:A6:77:1E:8B:94:80:5F:E6:D9:40:52
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0C4192D4A67BC0558FA75E5C195960CC9F9E9875
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41171.roa
Signing time:             Mon 08 Jun 2026 12:25:21 +0000
ROA not before:           Mon 08 Jun 2026 12:20:21 +0000
ROA not after:            Mon 07 Jun 2027 12:25:21 +0000
asID:                     41171
IP address blocks:        179.61.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:41:92:d4:a6:7b:c0:55:8f:a7:5e:5c:19:59:60:cc:9f:9e:98:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  8 12:20:21 2026 GMT
            Not After : Jun  7 12:25:21 2027 GMT
        Subject: CN=89433307D772975E82A6771E8B94805FE6D94052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:39:9e:b5:62:d8:43:c4:a6:2e:ae:92:5a:7b:
                    89:25:e0:30:32:aa:2c:21:21:d2:7e:1c:a1:00:77:
                    57:99:c8:34:f7:03:d8:cc:58:b7:0e:a5:bd:d6:d9:
                    2b:3e:0c:a1:d9:70:4f:28:61:22:00:28:0f:a0:ce:
                    8a:4f:40:28:b5:ac:3e:a3:16:16:6e:dc:df:45:27:
                    aa:64:c0:4f:a3:06:15:40:4e:bb:99:f8:66:d1:4c:
                    31:9a:af:47:aa:08:46:7e:35:2a:03:db:55:a1:a5:
                    29:f5:57:0d:3c:c4:75:be:5e:7d:2f:64:a3:e6:ae:
                    43:cb:d9:b8:d5:bb:ab:8e:de:10:94:cd:3f:50:97:
                    8b:53:02:ac:20:d2:30:54:96:01:77:60:70:9e:e1:
                    f0:01:25:44:1b:04:22:9a:79:bc:ad:e7:45:9e:42:
                    cd:e3:c1:fe:ef:a4:3f:87:93:63:ec:a8:92:33:44:
                    89:20:e1:9f:36:f1:1b:08:96:26:91:83:e0:90:f4:
                    c5:67:03:cb:8c:bf:b5:f9:94:de:81:58:08:50:3d:
                    74:f7:3c:ec:e2:c2:b0:84:84:64:b1:19:51:ff:fe:
                    89:1d:71:fd:61:35:93:21:86:fd:fc:f9:9e:0d:b9:
                    7e:49:da:af:13:e2:2b:d5:b0:81:42:57:a5:d5:16:
                    8d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:43:33:07:D7:72:97:5E:82:A6:77:1E:8B:94:80:5F:E6:D9:40:52
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41171.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:5e:e8:78:3e:7d:a8:7c:5a:23:82:37:d5:91:fc:9c:db:8e:
         ec:86:8b:63:e7:42:57:7c:f6:46:53:16:e3:74:7d:f1:9c:64:
         9a:79:6d:b6:bb:52:a5:06:9e:c4:0a:f6:07:9c:de:5a:0d:61:
         77:d3:4d:90:a6:96:e3:5e:0d:cc:28:c1:ea:fe:9a:29:a6:91:
         59:6b:3e:43:b8:f3:e9:b5:0f:d5:92:b8:7c:62:82:75:f8:5f:
         cb:a5:b4:56:26:65:3b:1f:90:0a:f6:8e:f4:02:e3:b0:a6:7e:
         f2:6e:7f:4a:ae:83:99:59:7b:9f:2f:40:4d:91:3b:ac:f6:3e:
         5b:cd:55:f8:57:dd:65:f2:dd:7a:ac:34:17:97:7b:6a:0e:fb:
         cb:71:0f:ff:56:2b:82:57:05:55:05:48:f7:94:30:9f:48:c6:
         f5:16:f5:c7:e5:be:0b:02:82:ba:ed:49:50:11:54:39:63:ab:
         a5:be:83:17:a6:53:5d:89:7b:53:a6:59:30:a7:78:6a:f2:2b:
         67:a4:d2:c9:59:0f:26:44:f5:e4:6b:06:15:39:50:5f:a6:ad:
         e0:eb:26:35:d8:96:33:a5:8c:b0:3a:bb:6b:28:f0:4a:7e:98:
         53:bc:65:0e:c3:8e:2e:b3:1e:cf:3a:a9:ab:25:58:f2:40:5b:
         c1:c5:31:bb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDEGS1KZ7wFWPp15cGVlgzJ+emHUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDgxMjIwMjFaFw0yNzA2MDcxMjI1MjFaMDMxMTAvBgNV
BAMTKDg5NDMzMzA3RDc3Mjk3NUU4MkE2NzcxRThCOTQ4MDVGRTZEOTQwNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsOZ61YthDxKYurpJae4kl4DAy
qiwhIdJ+HKEAd1eZyDT3A9jMWLcOpb3W2Ss+DKHZcE8oYSIAKA+gzopPQCi1rD6j
FhZu3N9FJ6pkwE+jBhVATruZ+GbRTDGar0eqCEZ+NSoD21WhpSn1Vw08xHW+Xn0v
ZKPmrkPL2bjVu6uO3hCUzT9Ql4tTAqwg0jBUlgF3YHCe4fABJUQbBCKaebyt50We
Qs3jwf7vpD+Hk2PsqJIzRIkg4Z828RsIliaRg+CQ9MVnA8uMv7X5lN6BWAhQPXT3
POziwrCEhGSxGVH//okdcf1hNZMhhv38+Z4NuX5J2q8T4ivVsIFCV6XVFo27AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUiUMzB9dyl16Cpncei5SAX+bZQFIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDExNzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACzPcsw
DQYJKoZIhvcNAQELBQADggEBAAJe6Hg+fah8WiOCN9WR/JzbjuyGi2PnQld89kZT
FuN0ffGcZJp5bba7UqUGnsQK9gec3loNYXfTTZCmluNeDcwower+mimmkVlrPkO4
8+m1D9WSuHxignX4X8ultFYmZTsfkAr2jvQC47CmfvJuf0qug5lZe58vQE2RO6z2
PlvNVfhX3WXy3XqsNBeXe2oO+8txD/9WK4JXBVUFSPeUMJ9IxvUW9cflvgsCgrrt
SVARVDljq6W+gxemU12Je1OmWTCneGryK2ek0slZDyZE9eRrBhU5UF+mreDrJjXY
ljOljLA6u2so8Ep+mFO8ZQ7Dji6zHs86qaslWPJAW8HFMbs=
-----END CERTIFICATE-----