Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS55201.roa
File:                     AS55201.roa (raw, json)
Hash identifier:          IAqgpchN62JSZ5+tcGjzTSgwVENKFWf+BiG4egUOyqQ=
Subject key identifier:   96:C1:56:A9:75:80:13:FD:FA:AC:60:9E:D4:CA:2F:B8:CC:C7:3E:5E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       40CE638F43D991DA3BF2DAC425A5B15E22192CB4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS55201.roa
Signing time:             Wed 18 Feb 2026 19:55:38 +0000
ROA not before:           Wed 18 Feb 2026 19:50:38 +0000
ROA not after:            Wed 17 Feb 2027 19:55:38 +0000
asID:                     55201
IP address blocks:        181.215.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:ce:63:8f:43:d9:91:da:3b:f2:da:c4:25:a5:b1:5e:22:19:2c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 18 19:50:38 2026 GMT
            Not After : Feb 17 19:55:38 2027 GMT
        Subject: CN=96C156A9758013FDFAAC609ED4CA2FB8CCC73E5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:66:02:68:03:ba:2a:c4:74:36:21:43:5f:d3:
                    3a:35:b0:7c:ef:a8:9c:ff:bb:f9:62:b3:50:51:11:
                    cd:41:99:a3:2a:6c:87:37:55:2c:8f:41:c7:02:8c:
                    12:bd:1d:27:ae:79:11:b9:bb:eb:39:53:d5:3a:87:
                    7e:62:ac:ff:0d:e5:ac:ed:97:aa:a7:f1:aa:d0:dc:
                    fb:62:ab:ea:78:70:72:9a:87:a7:a4:dc:48:d9:b2:
                    f8:df:3b:a8:35:84:f4:14:85:19:a5:37:50:83:0e:
                    f4:72:4c:4f:2c:17:22:98:1a:69:aa:1b:e8:0b:04:
                    8c:85:22:65:74:f0:7d:cb:dc:c9:45:74:82:3f:ff:
                    c9:79:55:4b:7b:71:a5:e5:17:dd:35:8d:ef:ae:9e:
                    8f:02:1d:14:17:94:36:97:bd:36:d4:e5:b5:81:8f:
                    f9:be:25:f9:37:6b:9d:6e:85:3b:ab:01:40:42:d3:
                    de:ad:26:b1:7c:9d:42:69:4b:77:a6:45:91:af:55:
                    b2:1c:dd:52:1d:55:16:76:cd:f8:9a:53:b7:ca:a8:
                    90:4e:12:82:04:fc:de:f8:17:6e:6e:91:d0:b5:b9:
                    da:b0:9d:f0:e9:6b:ff:8f:09:cf:e6:8c:d2:ed:b0:
                    ce:aa:af:8a:72:47:48:30:4d:ce:81:c5:2c:bf:c3:
                    43:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:C1:56:A9:75:80:13:FD:FA:AC:60:9E:D4:CA:2F:B8:CC:C7:3E:5E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS55201.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:f5:d3:68:04:22:bf:0e:a3:61:41:29:68:ce:42:54:ea:bc:
         1c:86:17:6f:dc:9e:55:45:e5:48:6d:85:11:92:d2:99:14:4f:
         3d:2b:ab:51:db:cc:75:8a:63:67:38:e8:ff:88:56:09:ff:a5:
         6d:81:63:72:ae:30:23:5f:1b:4c:2b:f9:a8:64:38:d6:6f:09:
         d6:ed:46:ae:3e:ab:68:48:37:c9:84:c8:f6:30:92:c8:ed:04:
         30:8d:51:62:d4:30:a7:99:26:96:b4:5c:e5:bc:7c:b0:3b:08:
         62:77:f0:0c:3d:b9:8a:de:32:ba:c7:00:82:fe:e6:9e:e5:a3:
         2e:45:ba:91:3f:03:e9:39:6d:e7:f3:27:02:7f:f6:94:7d:bd:
         b0:cc:f4:bc:2f:1e:8b:b3:5b:6e:68:01:97:ed:45:53:20:c7:
         8f:48:23:c2:e5:25:c1:01:a7:7b:f5:ab:aa:46:92:8d:5d:4a:
         92:50:26:71:b2:d2:6d:d4:a1:88:26:54:a3:7a:28:62:61:fb:
         08:f0:bc:99:b8:50:b6:8f:4f:b5:86:70:65:89:4c:f2:9d:ce:
         59:6d:37:8d:e7:df:c9:b5:50:d3:a5:fd:70:97:51:43:f7:a5:
         43:6c:ec:d5:12:34:e6:7b:79:aa:cd:cb:ad:66:b2:85:ca:10:
         66:cd:a9:cb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQM5jj0PZkdo78trEJaWxXiIZLLQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTgxOTUwMzhaFw0yNzAyMTcxOTU1MzhaMDMxMTAvBgNV
BAMTKDk2QzE1NkE5NzU4MDEzRkRGQUFDNjA5RUQ0Q0EyRkI4Q0NDNzNFNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbZgJoA7oqxHQ2IUNf0zo1sHzv
qJz/u/lis1BREc1BmaMqbIc3VSyPQccCjBK9HSeueRG5u+s5U9U6h35irP8N5azt
l6qn8arQ3Ptiq+p4cHKah6ek3EjZsvjfO6g1hPQUhRmlN1CDDvRyTE8sFyKYGmmq
G+gLBIyFImV08H3L3MlFdII//8l5VUt7caXlF901je+uno8CHRQXlDaXvTbU5bWB
j/m+Jfk3a51uhTurAUBC096tJrF8nUJpS3emRZGvVbIc3VIdVRZ2zfiaU7fKqJBO
EoIE/N74F25ukdC1udqwnfDpa/+PCc/mjNLtsM6qr4pyR0gwTc6BxSy/w0P7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUlsFWqXWAE/36rGCe1MovuMzHPl4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTUyMDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC118ww
DQYJKoZIhvcNAQELBQADggEBAF3102gEIr8Oo2FBKWjOQlTqvByGF2/cnlVF5Uht
hRGS0pkUTz0rq1HbzHWKY2c46P+IVgn/pW2BY3KuMCNfG0wr+ahkONZvCdbtRq4+
q2hIN8mEyPYwksjtBDCNUWLUMKeZJpa0XOW8fLA7CGJ38Aw9uYreMrrHAIL+5p7l
oy5FupE/A+k5befzJwJ/9pR9vbDM9LwvHouzW25oAZftRVMgx49II8LlJcEBp3v1
q6pGko1dSpJQJnGy0m3UoYgmVKN6KGJh+wjwvJm4ULaPT7WGcGWJTPKdzlltN43n
38m1UNOl/XCXUUP3pUNs7NUSNOZ7earNy61msoXKEGbNqcs=
-----END CERTIFICATE-----