Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
File:                     AS57814.roa (raw, json)
Hash identifier:          CT59o68Wi2id4Ny5E1beZO8uUY/ON5EvKfcTMEyUXYo=
Subject key identifier:   59:6A:8A:10:EA:9E:F9:2C:F7:DC:3D:20:FF:FE:DA:91:39:A8:FD:CF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       664280D344ED91793692F62EDBB9664792FD0538
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
Signing time:             Thu 16 Apr 2026 10:47:05 +0000
ROA not before:           Thu 16 Apr 2026 10:42:05 +0000
ROA not after:            Thu 15 Apr 2027 10:47:05 +0000
asID:                     57814
IP address blocks:        45.95.20.0/24 maxlen: 24
                          109.106.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:42:80:d3:44:ed:91:79:36:92:f6:2e:db:b9:66:47:92:fd:05:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 16 10:42:05 2026 GMT
            Not After : Apr 15 10:47:05 2027 GMT
        Subject: CN=596A8A10EA9EF92CF7DC3D20FFFEDA9139A8FDCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2d:40:a0:1a:b8:cb:08:8d:01:d7:62:2a:08:
                    6f:74:fd:21:05:e3:3a:6e:1a:fb:11:99:06:ce:c3:
                    47:3e:ca:9c:e9:9c:2c:85:23:c0:fd:2c:5d:1d:35:
                    84:a7:26:cc:b1:13:af:86:76:21:b9:3e:58:74:8f:
                    fc:2e:52:d1:34:a7:70:a9:6e:4b:c6:89:37:df:d8:
                    ef:6d:9b:7d:5b:4e:21:fc:04:60:04:84:04:52:4b:
                    99:b3:81:24:e5:9b:1b:f0:71:fe:37:ab:50:e0:d6:
                    5c:42:35:5f:95:be:36:bd:a5:50:93:63:e6:61:6a:
                    57:6a:e5:00:47:18:c8:cc:14:90:8c:0d:ae:bb:d7:
                    a9:2f:64:d9:12:42:53:65:c6:ce:b9:54:0a:4d:8b:
                    7a:81:6a:c9:ab:40:66:cf:32:80:27:4f:9e:c0:fe:
                    a1:7b:12:75:47:70:3e:15:01:55:9e:1c:ed:d9:3c:
                    0b:da:52:15:ab:ad:63:53:c4:15:50:b0:ff:e5:ec:
                    18:5f:4e:52:80:77:6c:10:08:a7:e8:9c:b6:40:dd:
                    33:24:6a:c7:ce:43:c2:b9:3d:b3:d4:38:a3:0b:ab:
                    19:9d:da:f5:9e:fb:1b:c8:4f:e1:2f:ad:43:dd:7b:
                    45:1f:43:ec:57:7b:e5:03:72:5e:98:56:85:b8:76:
                    fb:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:6A:8A:10:EA:9E:F9:2C:F7:DC:3D:20:FF:FE:DA:91:39:A8:FD:CF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.20.0/24
                  109.106.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:6f:a7:a5:05:1f:54:5b:6d:26:e5:b1:08:17:e7:ff:8e:77:
         6f:78:6b:9a:c1:1f:8a:54:6a:05:c2:15:56:e2:cd:92:d9:ea:
         ec:4f:37:0f:f1:8b:e0:61:25:cd:89:3a:48:f1:99:2c:47:73:
         92:2c:b7:e1:93:4b:5a:e2:31:4c:24:d9:9c:53:79:46:7d:ec:
         64:c0:f8:6a:8b:39:9f:29:9b:e5:61:2c:96:9f:3a:3d:aa:de:
         ca:78:8f:f2:04:1c:61:4c:0e:35:23:56:af:38:31:92:29:31:
         7c:30:18:a2:24:4d:7a:d7:c6:04:af:c9:c0:ba:de:71:14:db:
         bd:ab:74:46:f3:fa:f2:01:6d:8a:6e:89:09:5d:8e:b7:41:18:
         c3:c8:65:b7:a1:81:de:98:52:f5:f0:f7:05:30:86:63:6a:c7:
         5d:c3:34:a3:dc:23:80:1e:e6:13:97:da:00:a0:fd:6c:52:dc:
         46:44:2e:01:5c:52:42:c2:65:e5:ff:4e:86:bf:81:cb:9d:67:
         10:cb:c5:8b:55:11:52:a6:1d:59:a2:66:e9:3e:e2:17:6d:b2:
         d2:fe:ba:26:40:e2:34:f0:65:d8:fe:72:a2:3d:65:f3:8a:af:
         a3:f2:a8:d3:c1:a8:46:a9:46:2f:7d:da:ef:af:66:a8:75:36:
         a7:89:f2:de
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUZkKA00TtkXk2kvYu27lmR5L9BTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTYxMDQyMDVaFw0yNzA0MTUxMDQ3MDVaMDMxMTAvBgNV
BAMTKDU5NkE4QTEwRUE5RUY5MkNGN0RDM0QyMEZGRkVEQTkxMzlBOEZEQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2LUCgGrjLCI0B12IqCG90/SEF
4zpuGvsRmQbOw0c+ypzpnCyFI8D9LF0dNYSnJsyxE6+GdiG5Plh0j/wuUtE0p3Cp
bkvGiTff2O9tm31bTiH8BGAEhARSS5mzgSTlmxvwcf43q1Dg1lxCNV+Vvja9pVCT
Y+Zhaldq5QBHGMjMFJCMDa6716kvZNkSQlNlxs65VApNi3qBasmrQGbPMoAnT57A
/qF7EnVHcD4VAVWeHO3ZPAvaUhWrrWNTxBVQsP/l7BhfTlKAd2wQCKfonLZA3TMk
asfOQ8K5PbPUOKMLqxmd2vWe+xvIT+EvrUPde0UfQ+xXe+UDcl6YVoW4dvvxAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUWWqKEOqe+Sz33D0g//7akTmo/c8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTc4MTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtXxQD
BABtagAwDQYJKoZIhvcNAQELBQADggEBAD5vp6UFH1RbbSblsQgX5/+Od294a5rB
H4pUagXCFVbizZLZ6uxPNw/xi+BhJc2JOkjxmSxHc5Ist+GTS1riMUwk2ZxTeUZ9
7GTA+GqLOZ8pm+VhLJafOj2q3sp4j/IEHGFMDjUjVq84MZIpMXwwGKIkTXrXxgSv
ycC63nEU272rdEbz+vIBbYpuiQldjrdBGMPIZbehgd6YUvXw9wUwhmNqx13DNKPc
I4Ae5hOX2gCg/WxS3EZELgFcUkLCZeX/Toa/gcudZxDLxYtVEVKmHVmiZuk+4hdt
stL+uiZA4jTwZdj+cqI9ZfOKr6PyqNPBqEapRi992u+vZqh1NqeJ8t4=
-----END CERTIFICATE-----