Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa
File:                     AS15440.roa (raw, json)
Hash identifier:          NDnT3HNGvJvjciAvSueQ8WVEnbqOZoxIzBSeMo/37CQ=
Subject key identifier:   00:34:DB:B9:61:57:83:C7:F0:D7:30:F3:52:33:FD:EF:CA:E1:5E:21
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0134D15468FD9163E2EEF8F775114D4EE93FC281
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa
Signing time:             Wed 06 May 2026 00:03:48 +0000
ROA not before:           Tue 05 May 2026 23:58:48 +0000
ROA not after:            Wed 05 May 2027 00:03:48 +0000
asID:                     15440
IP address blocks:        181.214.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:34:d1:54:68:fd:91:63:e2:ee:f8:f7:75:11:4d:4e:e9:3f:c2:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  5 23:58:48 2026 GMT
            Not After : May  5 00:03:48 2027 GMT
        Subject: CN=0034DBB9615783C7F0D730F35233FDEFCAE15E21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:fc:20:ce:6e:b5:7e:c3:59:cf:1d:22:f7:eb:
                    09:6e:ed:a7:8d:4d:e6:27:a1:e3:aa:81:ec:99:92:
                    cb:5f:45:af:d1:27:df:20:17:b9:27:b6:61:4b:58:
                    8d:97:64:c8:c7:68:9f:3c:da:4d:f3:24:52:33:db:
                    54:1f:0c:28:4f:f6:db:87:f5:c8:72:79:0a:e7:65:
                    93:79:1e:bb:92:e9:3c:8b:a1:b2:0a:41:d9:29:c0:
                    72:1f:1f:13:a3:38:5d:f2:e0:ec:dd:32:f1:44:1c:
                    5e:fb:61:a2:dd:53:ce:7b:97:c8:b7:34:a7:af:d9:
                    1e:be:87:90:42:e3:92:9c:32:77:d2:c4:83:ae:da:
                    a5:cf:21:56:b6:fd:bd:5b:27:54:20:21:fe:b5:83:
                    53:8d:84:3f:b4:a8:1b:cc:54:b3:85:8e:e2:07:99:
                    7a:79:b8:fd:50:b0:fd:a6:11:69:06:c5:3f:7c:26:
                    d5:51:98:b7:dd:7f:69:b2:9e:ab:e0:81:94:df:0e:
                    c7:13:7a:13:09:30:87:e9:b8:7f:fa:30:b4:0e:6d:
                    ee:40:2e:24:65:a9:c1:c8:f4:5a:0f:09:0c:ea:78:
                    93:da:da:be:73:c7:3d:69:da:82:2b:f7:7f:a5:63:
                    42:a7:bc:6a:f6:3e:c1:f8:36:17:fb:1b:10:1b:ec:
                    e5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:34:DB:B9:61:57:83:C7:F0:D7:30:F3:52:33:FD:EF:CA:E1:5E:21
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:ba:e9:66:74:bd:10:a3:ea:8f:ee:87:ec:e8:fc:94:d4:94:
         2d:bb:c5:be:3d:17:d1:fa:c4:74:b4:2a:d2:6e:61:ca:58:30:
         a5:ee:17:1d:0c:fe:16:1f:15:96:76:d7:25:b2:de:bf:a4:6d:
         18:13:af:0c:d6:6e:8e:65:bc:e3:d5:87:6d:57:9c:59:11:18:
         10:6d:68:97:12:29:ec:39:52:c8:3c:e5:a1:b7:51:6b:1b:e9:
         db:3c:9e:3f:51:7d:be:b8:03:c8:0d:61:93:59:fb:70:34:86:
         74:08:ea:a6:89:8a:22:a1:fb:74:3a:58:de:1b:3e:48:ce:e9:
         4a:d3:ec:f0:d6:c1:13:e2:27:74:78:88:d3:a8:4c:12:c5:d5:
         eb:28:4c:2f:33:46:b4:ec:8e:c5:2b:dd:54:1d:b4:45:dc:8d:
         20:81:77:b6:eb:4d:09:86:4d:ad:4c:f1:7e:14:3f:71:fa:5c:
         eb:31:4c:0b:8c:16:7e:1e:15:9b:ac:a9:2b:f1:fd:e9:35:91:
         9c:2b:28:7f:dd:33:8d:4d:7c:c2:ec:98:ca:46:fa:4b:bb:12:
         ef:28:3f:85:d6:a2:39:4e:7b:2f:27:51:4c:ab:a8:26:08:5f:
         6f:f0:60:04:85:75:77:4a:2b:30:a4:b8:87:30:86:27:81:58:
         a8:c4:c5:ea
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUATTRVGj9kWPi7vj3dRFNTuk/woEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDUyMzU4NDhaFw0yNzA1MDUwMDAzNDhaMDMxMTAvBgNV
BAMTKDAwMzREQkI5NjE1NzgzQzdGMEQ3MzBGMzUyMzNGREVGQ0FFMTVFMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi/CDObrV+w1nPHSL36wlu7aeN
TeYnoeOqgeyZkstfRa/RJ98gF7kntmFLWI2XZMjHaJ882k3zJFIz21QfDChP9tuH
9chyeQrnZZN5HruS6TyLobIKQdkpwHIfHxOjOF3y4OzdMvFEHF77YaLdU857l8i3
NKev2R6+h5BC45KcMnfSxIOu2qXPIVa2/b1bJ1QgIf61g1ONhD+0qBvMVLOFjuIH
mXp5uP1QsP2mEWkGxT98JtVRmLfdf2mynqvggZTfDscTehMJMIfpuH/6MLQObe5A
LiRlqcHI9FoPCQzqeJPa2r5zxz1p2oIr93+lY0KnvGr2PsH4Nhf7GxAb7OUzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUADTbuWFXg8fw1zDzUjP978rhXiEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTU0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11pMw
DQYJKoZIhvcNAQELBQADggEBAKq66WZ0vRCj6o/uh+zo/JTUlC27xb49F9H6xHS0
KtJuYcpYMKXuFx0M/hYfFZZ21yWy3r+kbRgTrwzWbo5lvOPVh21XnFkRGBBtaJcS
Kew5Usg85aG3UWsb6ds8nj9Rfb64A8gNYZNZ+3A0hnQI6qaJiiKh+3Q6WN4bPkjO
6UrT7PDWwRPiJ3R4iNOoTBLF1esoTC8zRrTsjsUr3VQdtEXcjSCBd7brTQmGTa1M
8X4UP3H6XOsxTAuMFn4eFZusqSvx/ek1kZwrKH/dM41NfMLsmMpG+ku7Eu8oP4XW
ojlOey8nUUyrqCYIX2/wYASFdXdKKzCkuIcwhieBWKjExeo=
-----END CERTIFICATE-----