Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60117.roa
File:                     AS60117.roa (raw, json)
Hash identifier:          wZLN/2qJiBks7kQyzSc4on5Fn2A+Rr/QFmUmDnIYl5I=
Subject key identifier:   31:4C:5C:47:C9:09:67:1F:F2:7B:12:CE:87:7E:85:3B:64:D0:02:7B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       77EC6B5BAFFEC6A6CA858D3169BE5C86B0A12403
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60117.roa
Signing time:             Tue 12 Aug 2025 13:05:06 +0000
ROA not before:           Tue 12 Aug 2025 13:00:06 +0000
ROA not after:            Tue 11 Aug 2026 13:05:06 +0000
asID:                     60117
IP address blocks:        167.148.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ec:6b:5b:af:fe:c6:a6:ca:85:8d:31:69:be:5c:86:b0:a1:24:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 12 13:00:06 2025 GMT
            Not After : Aug 11 13:05:06 2026 GMT
        Subject: CN=314C5C47C909671FF27B12CE877E853B64D0027B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f7:ee:13:18:55:0e:ae:c3:16:0d:2d:ca:b5:
                    65:ba:e2:95:87:66:2f:24:f5:f6:64:7b:6b:56:3b:
                    36:50:00:ca:c3:5e:0b:dc:95:d2:e6:f0:c4:7a:e0:
                    b4:e3:32:51:62:95:2b:fb:3e:5b:6a:8f:93:35:7c:
                    58:b2:0a:8f:aa:c9:44:08:e8:e2:22:a9:09:f9:99:
                    33:73:a7:fd:4e:6f:d9:96:9f:84:39:da:9e:29:48:
                    73:70:b2:5c:fd:17:70:4f:a2:65:74:2f:eb:6c:d7:
                    dc:bc:6d:62:a5:5d:e6:72:96:b8:c2:d8:50:f8:94:
                    f8:5c:d4:c9:73:73:3c:75:6c:d9:34:53:5a:ea:b0:
                    5b:d6:71:a0:5a:3f:90:7f:03:5f:8b:e3:c8:07:7a:
                    88:04:22:24:5f:27:d2:dd:28:69:fe:b0:23:9d:bf:
                    b3:a7:5c:a8:4e:d5:d3:16:62:da:e8:63:57:15:54:
                    f3:aa:71:6c:1d:b6:6d:ad:da:05:42:37:05:77:43:
                    db:17:83:4b:ec:5e:73:a0:4c:71:cf:e4:92:8b:8d:
                    52:d1:2f:bc:db:95:6b:b9:be:4d:b2:2c:d3:2a:9d:
                    e0:a4:10:3b:40:b2:e5:ff:75:a3:7a:4e:97:35:c3:
                    4d:5b:9a:b5:ed:17:c0:31:cd:14:70:3b:ad:b4:d6:
                    1e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4C:5C:47:C9:09:67:1F:F2:7B:12:CE:87:7E:85:3B:64:D0:02:7B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60117.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:d4:ca:13:3d:63:f0:71:c8:6f:d1:98:65:9e:ad:f0:d6:3d:
         aa:01:59:eb:c5:e4:2a:e4:fc:a0:0c:24:8e:4e:6e:ab:b8:08:
         17:e1:96:65:8e:fb:df:c8:5a:2e:44:6d:b0:ac:7f:00:b7:6c:
         d1:96:76:d8:bc:ae:ff:ae:5c:4f:1b:9b:1a:6a:22:2b:33:f6:
         66:62:60:b1:91:2d:82:e3:53:02:56:17:17:5b:26:b5:2b:ae:
         12:ad:4e:93:67:5f:57:22:ce:70:73:92:d1:8c:dd:8d:25:bc:
         fa:08:ca:50:31:85:30:bb:76:b3:3d:31:78:bb:e3:43:81:1d:
         64:3c:22:0f:b9:33:27:2d:44:07:e4:1d:2c:cc:2f:bd:4d:06:
         dd:fe:66:6e:33:69:a9:88:17:4d:f0:3c:53:b2:fb:f7:14:6c:
         18:ad:11:ca:a6:4b:08:fa:ea:37:68:c1:b4:9f:fc:0d:09:8e:
         2c:38:8a:b2:08:d3:16:40:39:6a:6e:cb:5d:e2:71:0b:a9:17:
         0c:8e:16:1e:59:17:52:1a:c1:55:fa:62:aa:8d:1e:2d:3f:ea:
         e6:c2:2d:ba:69:a3:44:84:ad:ee:1a:a3:7b:ae:78:17:44:24:
         3a:ed:cb:73:eb:8f:3c:55:21:5f:ef:c8:d4:76:23:a6:3e:3f:
         be:dd:b7:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUd+xrW6/+xqbKhY0xab5chrChJAMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTIxMzAwMDZaFw0yNjA4MTExMzA1MDZaMDMxMTAvBgNV
BAMTKDMxNEM1QzQ3QzkwOTY3MUZGMjdCMTJDRTg3N0U4NTNCNjREMDAyN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh9+4TGFUOrsMWDS3KtWW64pWH
Zi8k9fZke2tWOzZQAMrDXgvcldLm8MR64LTjMlFilSv7Pltqj5M1fFiyCo+qyUQI
6OIiqQn5mTNzp/1Ob9mWn4Q52p4pSHNwslz9F3BPomV0L+ts19y8bWKlXeZylrjC
2FD4lPhc1Mlzczx1bNk0U1rqsFvWcaBaP5B/A1+L48gHeogEIiRfJ9LdKGn+sCOd
v7OnXKhO1dMWYtroY1cVVPOqcWwdtm2t2gVCNwV3Q9sXg0vsXnOgTHHP5JKLjVLR
L7zblWu5vk2yLNMqneCkEDtAsuX/daN6Tpc1w01bmrXtF8AxzRRwO6201h6bAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUMUxcR8kJZx/yexLOh36FO2TQAnswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjAxMTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACnlHMw
DQYJKoZIhvcNAQELBQADggEBABPUyhM9Y/BxyG/RmGWerfDWPaoBWevF5Crk/KAM
JI5Obqu4CBfhlmWO+9/IWi5EbbCsfwC3bNGWdti8rv+uXE8bmxpqIisz9mZiYLGR
LYLjUwJWFxdbJrUrrhKtTpNnX1ciznBzktGM3Y0lvPoIylAxhTC7drM9MXi740OB
HWQ8Ig+5MyctRAfkHSzML71NBt3+Zm4zaamIF03wPFOy+/cUbBitEcqmSwj66jdo
wbSf/A0Jjiw4irII0xZAOWpuy13icQupFwyOFh5ZF1IawVX6YqqNHi0/6ubCLbpp
o0SEre4ao3uueBdEJDrty3PrjzxVIV/vyNR2I6Y+P77dtzo=
-----END CERTIFICATE-----