Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
File:                     AS43641.roa (raw, json)
Hash identifier:          sWkTMVK7DeMJ/Oqf37IhuSD+FPg/29ks2RDl1FMqY3Y=
Subject key identifier:   A7:F1:0C:0C:E7:60:D3:32:1C:89:54:71:DA:EE:DB:5D:72:40:64:D8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       174DA122FF8515B43EEC206B84E66C77A7A90C10
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
Signing time:             Tue 04 Nov 2025 04:46:16 +0000
ROA not before:           Tue 04 Nov 2025 04:41:16 +0000
ROA not after:            Tue 03 Nov 2026 04:46:16 +0000
asID:                     43641
IP address blocks:        2.57.20.0/23 maxlen: 24
                          179.61.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4d:a1:22:ff:85:15:b4:3e:ec:20:6b:84:e6:6c:77:a7:a9:0c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  4 04:41:16 2025 GMT
            Not After : Nov  3 04:46:16 2026 GMT
        Subject: CN=A7F10C0CE760D3321C895471DAEEDB5D724064D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:16:c3:d5:0f:30:11:36:dc:b9:b4:8d:f4:d3:
                    cc:12:5a:f5:79:42:4c:66:ee:e8:d5:b7:4f:58:ef:
                    0f:d4:28:a5:2d:d7:73:50:22:90:8c:12:ae:18:45:
                    33:a8:9c:49:8a:0b:17:94:b9:1a:07:36:b2:38:bd:
                    7e:43:f1:e9:37:7f:31:70:e8:04:5e:bd:65:be:af:
                    65:85:19:a6:40:54:a6:ec:f1:f8:cf:d3:bb:32:33:
                    50:88:65:f1:f8:ae:70:70:2f:0c:e3:bf:bc:5a:71:
                    4d:62:a9:61:a0:5c:44:c0:bf:0e:8d:23:b7:95:44:
                    49:66:2d:29:f6:79:ae:eb:f7:6e:d3:b8:20:e0:fb:
                    d2:5c:13:a5:be:d5:b6:0d:9b:39:27:ad:38:50:03:
                    d3:77:84:23:ee:d4:a5:7b:e5:9a:3e:6e:ba:44:a4:
                    01:71:68:e2:e5:ff:26:08:09:92:f5:5c:1c:e7:60:
                    63:e0:9b:5a:a0:86:66:6a:dd:c2:c7:a3:a6:b2:31:
                    d3:ab:1d:99:03:d3:a3:9f:2e:8d:43:6c:af:86:e1:
                    94:f6:97:d1:d5:17:49:ee:96:6f:0a:59:0f:bf:b8:
                    8e:1c:05:85:3d:61:c4:66:f3:ee:97:93:57:9a:c9:
                    f0:7c:84:d5:e6:c8:f2:5f:44:ab:96:5e:8e:94:35:
                    2e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F1:0C:0C:E7:60:D3:32:1C:89:54:71:DA:EE:DB:5D:72:40:64:D8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.20.0/23
                  179.61.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:2c:3c:c5:73:94:02:3a:0c:32:90:d3:a1:22:d2:90:8d:2a:
         09:10:b0:7b:1e:48:24:21:3d:7a:24:4c:da:98:e8:80:c7:e5:
         39:e6:c8:30:dc:ee:95:11:93:82:bf:fc:c3:ab:0b:b5:f7:be:
         48:7d:18:86:19:6d:d0:33:3c:76:5b:fa:c1:ed:f9:83:b0:5e:
         82:ee:d7:50:98:26:97:84:ed:83:d4:71:26:dc:af:2c:52:36:
         47:8e:36:e9:2c:cc:06:48:b9:f4:02:3e:43:37:f4:f6:91:2d:
         a8:a6:ea:ed:94:0f:dd:52:6f:4a:99:73:51:45:d1:30:5e:ca:
         e1:d9:10:18:08:9d:c1:ef:91:90:fa:c8:57:e9:b8:61:6e:50:
         7b:6b:e5:aa:0b:28:ef:c8:1e:c2:ec:b0:c9:3e:fb:8e:47:00:
         9e:d7:db:47:9f:5c:2b:c1:b1:6f:7d:c1:9c:32:44:c9:34:25:
         9d:4c:e7:20:22:e8:e2:10:a3:43:b8:16:c1:5a:26:30:77:72:
         bf:8d:cd:8b:ae:9d:3e:44:82:99:9b:7a:a0:06:ab:00:83:3c:
         00:0b:31:a4:97:90:12:7a:2e:88:99:ac:87:a0:bc:da:77:cc:
         0b:74:7a:e6:ee:4b:bf:0b:86:f5:67:fa:ee:25:d9:2d:f0:b3:
         58:53:4c:9b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUF02hIv+FFbQ+7CBrhOZsd6epDBAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTExMDQwNDQxMTZaFw0yNjExMDMwNDQ2MTZaMDMxMTAvBgNV
BAMTKEE3RjEwQzBDRTc2MEQzMzIxQzg5NTQ3MURBRUVEQjVENzI0MDY0RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdFsPVDzARNty5tI3008wSWvV5
Qkxm7ujVt09Y7w/UKKUt13NQIpCMEq4YRTOonEmKCxeUuRoHNrI4vX5D8ek3fzFw
6ARevWW+r2WFGaZAVKbs8fjP07syM1CIZfH4rnBwLwzjv7xacU1iqWGgXETAvw6N
I7eVRElmLSn2ea7r927TuCDg+9JcE6W+1bYNmzknrThQA9N3hCPu1KV75Zo+brpE
pAFxaOLl/yYICZL1XBznYGPgm1qghmZq3cLHo6ayMdOrHZkD06OfLo1DbK+G4ZT2
l9HVF0nulm8KWQ+/uI4cBYU9YcRm8+6Xk1eayfB8hNXmyPJfRKuWXo6UNS5JAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUp/EMDOdg0zIciVRx2u7bXXJAZNgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAECORQD
BACzPZAwDQYJKoZIhvcNAQELBQADggEBAIIsPMVzlAI6DDKQ06Ei0pCNKgkQsHse
SCQhPXokTNqY6IDH5TnmyDDc7pURk4K//MOrC7X3vkh9GIYZbdAzPHZb+sHt+YOw
XoLu11CYJpeE7YPUcSbcryxSNkeONukszAZIufQCPkM39PaRLaim6u2UD91Sb0qZ
c1FF0TBeyuHZEBgIncHvkZD6yFfpuGFuUHtr5aoLKO/IHsLssMk++45HAJ7X20ef
XCvBsW99wZwyRMk0JZ1M5yAi6OIQo0O4FsFaJjB3cr+NzYuunT5EgpmbeqAGqwCD
PAALMaSXkBJ6LoiZrIegvNp3zAt0eubuS78LhvVn+u4l2S3ws1hTTJs=
-----END CERTIFICATE-----