Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS154410.roa
File:                     AS154410.roa (raw, json)
Hash identifier:          ASfm/nhgh81is+gYslsJYuGwHFK996qaCEvgJN6xIhI=
Subject key identifier:   73:B9:BF:EA:B3:8B:8C:77:1C:56:6C:24:89:E8:9A:5A:97:8B:82:4F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3DF097F7D2EADE6956F464DA48814CE5BB2BA4EB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS154410.roa
Signing time:             Fri 01 May 2026 06:08:26 +0000
ROA not before:           Fri 01 May 2026 06:03:26 +0000
ROA not after:            Fri 30 Apr 2027 06:08:26 +0000
asID:                     154410
IP address blocks:        191.101.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:f0:97:f7:d2:ea:de:69:56:f4:64:da:48:81:4c:e5:bb:2b:a4:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  1 06:03:26 2026 GMT
            Not After : Apr 30 06:08:26 2027 GMT
        Subject: CN=73B9BFEAB38B8C771C566C2489E89A5A978B824F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bf:32:fd:ad:c2:b1:a5:4b:3b:60:27:65:d1:
                    2e:b8:ac:e2:58:bb:e3:f9:94:ef:f0:6d:0f:ae:53:
                    12:89:c1:57:11:3b:de:b2:46:80:dc:23:6d:a0:7c:
                    32:e8:44:c9:c0:77:0d:5f:b3:42:98:99:a8:d4:2e:
                    47:4d:c9:5a:33:5c:ec:f3:c1:15:5f:8d:34:2c:83:
                    dd:5e:30:1c:de:12:5f:63:cd:42:b7:31:23:9e:7f:
                    dc:03:45:6e:3e:b0:7e:08:2e:95:2c:b4:41:34:ba:
                    56:1f:f8:33:fa:f5:76:54:b7:0e:8a:a4:46:ee:f3:
                    62:5b:4b:b8:6d:8e:28:45:33:34:e6:8b:49:79:f9:
                    19:08:3a:34:c2:a5:0e:ad:18:c8:19:54:30:79:50:
                    ce:14:25:5e:4f:25:70:d1:70:5a:22:b8:12:27:8c:
                    e4:72:37:22:f2:16:60:6f:01:ec:18:df:dd:97:cb:
                    e8:bc:73:ba:92:3f:de:e9:a3:7d:95:08:ea:01:c9:
                    44:49:39:4b:a4:cf:8d:ca:5a:0e:74:4e:58:8e:34:
                    91:67:f4:c1:b4:46:5e:a5:d9:bb:f0:3f:9e:03:89:
                    7c:ea:dc:cd:d2:21:2d:78:eb:6a:8a:28:75:2b:a4:
                    e5:06:44:b6:0f:58:dc:27:d9:35:9a:56:f5:27:2b:
                    eb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B9:BF:EA:B3:8B:8C:77:1C:56:6C:24:89:E8:9A:5A:97:8B:82:4F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS154410.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:74:b3:79:5f:93:7e:aa:8c:74:90:23:7a:c6:42:af:4b:1d:
         2c:51:2f:ae:66:b5:bf:91:81:a0:7d:15:11:6f:8a:41:7d:7b:
         63:82:0c:2d:75:2c:e3:ed:80:a9:a8:55:12:52:0a:14:94:5e:
         75:4b:a2:00:c5:d3:3b:95:b8:a0:16:3b:a1:83:78:cd:6a:16:
         b5:60:d2:cb:09:1e:e2:2b:13:19:d8:b3:2e:43:6b:39:87:ca:
         15:29:26:c1:70:5f:07:42:41:5f:45:f0:0b:06:10:06:47:bf:
         f6:4d:f8:80:bb:42:7d:9d:e6:91:ec:5f:a9:3b:a8:61:f0:59:
         60:59:20:5c:a8:ff:ff:a0:ce:4f:ae:0c:cb:2a:fc:c9:53:08:
         6e:90:84:14:98:15:92:ac:96:a7:4b:7a:65:47:c9:e9:19:e3:
         75:dd:f0:86:f7:ad:0c:04:d9:d2:db:1d:ff:dc:78:06:53:b3:
         57:ec:79:71:37:01:1b:0c:81:81:fd:a5:34:6a:97:24:14:53:
         78:c1:58:58:96:86:7a:9a:bc:a9:c7:b6:b4:44:e3:b4:26:3f:
         c5:25:b2:5b:51:88:58:33:3d:9b:1d:4f:99:15:8b:d8:58:19:
         f7:de:e1:dd:1a:d8:73:eb:ad:77:c3:c8:70:66:ef:f6:be:47:
         23:9a:71:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPfCX99Lq3mlW9GTaSIFM5bsrpOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDEwNjAzMjZaFw0yNzA0MzAwNjA4MjZaMDMxMTAvBgNV
BAMTKDczQjlCRkVBQjM4QjhDNzcxQzU2NkMyNDg5RTg5QTVBOTc4QjgyNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMvzL9rcKxpUs7YCdl0S64rOJY
u+P5lO/wbQ+uUxKJwVcRO96yRoDcI22gfDLoRMnAdw1fs0KYmajULkdNyVozXOzz
wRVfjTQsg91eMBzeEl9jzUK3MSOef9wDRW4+sH4ILpUstEE0ulYf+DP69XZUtw6K
pEbu82JbS7htjihFMzTmi0l5+RkIOjTCpQ6tGMgZVDB5UM4UJV5PJXDRcFoiuBIn
jORyNyLyFmBvAewY392Xy+i8c7qSP97po32VCOoByURJOUukz43KWg50TliONJFn
9MG0Rl6l2bvwP54DiXzq3M3SIS1462qKKHUrpOUGRLYPWNwn2TWaVvUnK+uxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUc7m/6rOLjHccVmwkieiaWpeLgk8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTU0NDEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Xb
MA0GCSqGSIb3DQEBCwUAA4IBAQAndLN5X5N+qox0kCN6xkKvSx0sUS+uZrW/kYGg
fRURb4pBfXtjggwtdSzj7YCpqFUSUgoUlF51S6IAxdM7lbigFjuhg3jNaha1YNLL
CR7iKxMZ2LMuQ2s5h8oVKSbBcF8HQkFfRfALBhAGR7/2TfiAu0J9neaR7F+pO6hh
8FlgWSBcqP//oM5PrgzLKvzJUwhukIQUmBWSrJanS3plR8npGeN13fCG960MBNnS
2x3/3HgGU7NX7HlxNwEbDIGB/aU0apckFFN4wVhYloZ6mrypx7a0ROO0Jj/FJbJb
UYhYMz2bHU+ZFYvYWBn33uHdGthz6613w8hwZu/2vkcjmnEt
-----END CERTIFICATE-----