Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
File:                     AS43641.roa (raw, json)
Hash identifier:          0qJBBKf11ucKVVNcmQ5uodX5dLpkqHtTxclrHfr3TBI=
Subject key identifier:   8B:7A:69:DF:2F:4B:6B:E5:32:2A:E4:CE:0E:4F:5B:03:78:BD:D3:12
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0DCA5DDFFCCB38C342CDD478CC32DE21C0CB61AA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
Signing time:             Tue 10 Feb 2026 10:44:32 +0000
ROA not before:           Tue 10 Feb 2026 10:39:32 +0000
ROA not after:            Tue 09 Feb 2027 10:44:32 +0000
asID:                     43641
IP address blocks:        179.61.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:ca:5d:df:fc:cb:38:c3:42:cd:d4:78:cc:32:de:21:c0:cb:61:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 10 10:39:32 2026 GMT
            Not After : Feb  9 10:44:32 2027 GMT
        Subject: CN=8B7A69DF2F4B6BE5322AE4CE0E4F5B0378BDD312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2f:b2:93:85:08:7f:7c:2b:85:01:77:ac:9c:
                    df:ff:39:9b:de:1e:39:2b:62:e4:bd:6c:0d:64:9a:
                    4e:f0:5b:38:58:aa:ae:b4:f5:6b:2b:2d:2b:3a:ef:
                    32:d0:f6:5a:41:f8:27:12:58:70:1b:0a:9d:cd:fa:
                    ce:3a:cf:a3:fe:c3:f6:6f:2c:86:68:dc:01:c7:0a:
                    18:85:23:97:06:9f:2e:a9:b4:c7:27:0e:c0:58:4c:
                    3e:3f:2f:fd:ee:9e:e7:e0:cd:da:cd:e8:cc:1f:9a:
                    1a:fc:3d:d8:e6:67:62:59:6a:52:e5:12:dd:ed:16:
                    60:f4:b9:6a:35:eb:67:ef:00:e2:f8:9b:93:24:f4:
                    e3:1c:4c:70:2c:bb:ee:6e:8b:31:c9:54:63:92:f4:
                    83:72:8a:75:30:d9:0b:70:11:a9:fe:b8:6b:d6:c2:
                    62:87:8a:e2:63:dd:2e:d8:33:5d:1e:f7:3e:27:2c:
                    b8:ad:97:2d:21:51:95:e0:c3:0e:87:49:99:50:c5:
                    d0:32:69:4f:6b:8d:3a:86:09:39:c2:50:47:dd:1b:
                    42:34:bd:59:31:c7:2d:00:61:ca:b9:2a:ca:32:75:
                    e7:3b:06:31:b3:bf:38:ef:9b:bf:58:1a:b2:3f:3e:
                    40:e3:af:56:78:d5:aa:d3:93:08:c0:f5:1c:b2:c5:
                    f5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:7A:69:DF:2F:4B:6B:E5:32:2A:E4:CE:0E:4F:5B:03:78:BD:D3:12
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:49:fa:5f:ae:fc:7d:a4:bb:fb:11:73:09:fc:51:66:98:0a:
         58:15:1a:35:86:85:8c:d0:53:4d:11:0b:15:08:d6:15:02:ed:
         79:97:1b:ed:fc:37:32:5c:8e:75:d5:4c:6a:99:b5:89:22:57:
         65:fe:11:e2:c2:3f:a0:cf:43:05:0b:5e:6a:1c:9e:c2:76:1c:
         d3:68:80:b9:72:83:bc:c1:e1:44:be:ec:a7:e6:1c:31:c6:e6:
         66:d3:ac:4b:a2:60:75:36:3f:58:66:c3:83:07:20:66:43:3b:
         42:f1:b1:20:0f:26:37:84:d3:6e:18:4a:36:cc:32:35:56:2e:
         7f:01:a5:ac:64:26:ec:aa:c0:fd:b4:ab:0d:b6:29:d5:73:02:
         77:e4:41:2a:3a:36:1a:34:c7:5b:11:20:74:36:0c:21:57:5c:
         0a:25:51:58:90:d3:29:9d:e6:f5:2f:34:be:aa:8f:59:f9:bb:
         78:40:20:18:ca:31:ab:61:62:f8:54:eb:99:d0:91:87:35:f4:
         05:9c:b3:a7:9d:a0:26:01:96:d6:0d:b6:6f:91:50:5d:1a:39:
         f7:49:5b:b8:91:d7:d9:b0:97:43:06:74:18:61:6b:e6:f0:ab:
         17:f2:cb:b2:d1:2b:93:e3:42:7d:f9:96:d6:b1:97:86:b5:08:
         73:7f:4d:70
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDcpd3/zLOMNCzdR4zDLeIcDLYaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTAxMDM5MzJaFw0yNzAyMDkxMDQ0MzJaMDMxMTAvBgNV
BAMTKDhCN0E2OURGMkY0QjZCRTUzMjJBRTRDRTBFNEY1QjAzNzhCREQzMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBL7KThQh/fCuFAXesnN//OZve
HjkrYuS9bA1kmk7wWzhYqq609WsrLSs67zLQ9lpB+CcSWHAbCp3N+s46z6P+w/Zv
LIZo3AHHChiFI5cGny6ptMcnDsBYTD4/L/3unufgzdrN6Mwfmhr8PdjmZ2JZalLl
Et3tFmD0uWo162fvAOL4m5Mk9OMcTHAsu+5uizHJVGOS9INyinUw2QtwEan+uGvW
wmKHiuJj3S7YM10e9z4nLLitly0hUZXgww6HSZlQxdAyaU9rjTqGCTnCUEfdG0I0
vVkxxy0AYcq5Ksoydec7BjGzvzjvm79YGrI/PkDjr1Z41arTkwjA9RyyxfVtAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUi3pp3y9La+UyKuTODk9bA3i90xIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACzPZAw
DQYJKoZIhvcNAQELBQADggEBACxJ+l+u/H2ku/sRcwn8UWaYClgVGjWGhYzQU00R
CxUI1hUC7XmXG+38NzJcjnXVTGqZtYkiV2X+EeLCP6DPQwULXmocnsJ2HNNogLly
g7zB4US+7KfmHDHG5mbTrEuiYHU2P1hmw4MHIGZDO0LxsSAPJjeE024YSjbMMjVW
Ln8BpaxkJuyqwP20qw22KdVzAnfkQSo6Nho0x1sRIHQ2DCFXXAolUViQ0ymd5vUv
NL6qj1n5u3hAIBjKMathYvhU65nQkYc19AWcs6edoCYBltYNtm+RUF0aOfdJW7iR
19mwl0MGdBhha+bwqxfyy7LRK5PjQn35ltaxl4a1CHN/TXA=
-----END CERTIFICATE-----