Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa
File:                     AS20141.roa (raw, json)
Hash identifier:          sgJzL1jz/y70XhT8Dw9Xm2LCLB8UmeRWL95XYRJpdcE=
Subject key identifier:   02:F5:91:87:AB:74:4A:AF:D1:6C:69:27:1A:1C:5C:53:F4:1B:BD:02
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       39FE69DFE38C44A3126FBE5A098820F514812468
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa
Signing time:             Tue 17 Mar 2026 18:46:48 +0000
ROA not before:           Tue 17 Mar 2026 18:41:48 +0000
ROA not after:            Tue 16 Mar 2027 18:46:48 +0000
asID:                     20141
IP address blocks:        191.96.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:fe:69:df:e3:8c:44:a3:12:6f:be:5a:09:88:20:f5:14:81:24:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 17 18:41:48 2026 GMT
            Not After : Mar 16 18:46:48 2027 GMT
        Subject: CN=02F59187AB744AAFD16C69271A1C5C53F41BBD02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:96:17:89:c5:23:e3:c6:d5:46:66:14:8d:f9:
                    5f:0a:3b:0c:e2:5a:44:b5:a1:45:b8:e8:70:1c:5f:
                    1a:95:7a:9c:9e:55:74:2b:c0:db:53:01:26:b3:81:
                    24:41:e4:e0:9c:77:ca:ab:58:54:1f:25:88:9a:b1:
                    0b:df:d6:cf:ec:5e:d0:a4:3e:8e:4e:02:9f:d4:b8:
                    30:b6:a7:77:e2:85:d0:2a:2b:94:f1:94:b1:a5:9e:
                    54:40:3d:7f:24:c4:ae:1e:89:6f:37:9c:74:8f:da:
                    0b:66:7e:70:16:26:a9:ac:c6:52:11:3f:0b:7b:f8:
                    64:f9:1a:6b:b5:86:94:ee:98:af:26:b9:02:94:8c:
                    83:8f:32:79:b3:6c:83:4e:89:f6:cb:f8:b1:80:36:
                    d2:a1:10:c2:e5:06:72:43:92:d2:1d:d1:79:f1:4b:
                    18:e3:67:cf:a0:4e:39:e1:12:37:c5:a7:2e:a7:d4:
                    c8:d4:98:84:06:e5:e5:a3:9f:19:df:48:42:ea:ae:
                    a1:36:7a:12:fb:9b:8e:42:37:39:d3:c4:3d:00:ff:
                    9c:a9:96:0a:dc:84:e3:15:d3:5b:98:38:64:aa:e0:
                    18:71:7a:2f:9b:e2:fe:a9:54:ae:32:fc:68:57:47:
                    f0:77:1e:63:ad:09:c5:41:cd:0a:c5:3d:01:38:d9:
                    3e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:F5:91:87:AB:74:4A:AF:D1:6C:69:27:1A:1C:5C:53:F4:1B:BD:02
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:be:71:bf:7f:64:c3:c4:1f:e5:f1:b6:be:1e:a7:b5:57:8b:
         55:84:50:08:1a:cb:7d:a7:ed:39:1b:92:50:9c:1c:54:d9:f7:
         1e:77:03:50:05:b9:7a:6b:93:0c:f9:2b:43:34:58:31:9c:a1:
         9e:f8:4a:e6:51:50:64:98:b1:80:53:06:96:ca:e6:e6:16:59:
         e0:7b:57:45:cc:00:a6:a9:eb:24:99:c4:1b:d9:ba:7f:61:df:
         d5:35:03:68:86:b1:b0:ed:d6:3c:09:6d:88:9f:31:f3:ef:3e:
         b9:20:8a:f5:2a:05:fc:4c:df:8d:2d:ef:9d:f9:d2:d2:93:d2:
         9e:28:ce:af:60:03:ae:2c:40:43:dc:c9:8d:39:03:f2:79:ef:
         3b:b0:fb:bd:41:57:ce:c9:5a:ea:b1:bf:51:a3:f7:16:1f:45:
         cf:58:0a:07:6b:92:d5:90:08:34:ba:ad:24:4e:77:79:67:93:
         70:d6:28:fe:99:51:11:46:bb:39:26:15:92:95:57:d9:5f:8d:
         58:45:29:d6:54:da:e8:d5:f6:34:f8:b9:42:71:d1:fa:93:17:
         d4:b5:cf:0e:a2:73:b2:c3:cf:54:ed:a1:52:3c:27:11:e8:f3:
         bb:88:9e:a1:1e:e9:80:57:a4:0b:1e:dd:e0:25:b1:dd:57:5d:
         16:df:c9:05
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOf5p3+OMRKMSb75aCYgg9RSBJGgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTcxODQxNDhaFw0yNzAzMTYxODQ2NDhaMDMxMTAvBgNV
BAMTKDAyRjU5MTg3QUI3NDRBQUZEMTZDNjkyNzFBMUM1QzUzRjQxQkJEMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYlheJxSPjxtVGZhSN+V8KOwzi
WkS1oUW46HAcXxqVepyeVXQrwNtTASazgSRB5OCcd8qrWFQfJYiasQvf1s/sXtCk
Po5OAp/UuDC2p3fihdAqK5TxlLGlnlRAPX8kxK4eiW83nHSP2gtmfnAWJqmsxlIR
Pwt7+GT5Gmu1hpTumK8muQKUjIOPMnmzbINOifbL+LGANtKhEMLlBnJDktId0Xnx
SxjjZ8+gTjnhEjfFpy6n1MjUmIQG5eWjnxnfSELqrqE2ehL7m45CNznTxD0A/5yp
lgrchOMV01uYOGSq4Bhxei+b4v6pVK4y/GhXR/B3HmOtCcVBzQrFPQE42T6pAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAvWRh6t0Sq/RbGknGhxcU/QbvQIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxNDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YFow
DQYJKoZIhvcNAQELBQADggEBADq+cb9/ZMPEH+Xxtr4ep7VXi1WEUAgay32n7Tkb
klCcHFTZ9x53A1AFuXprkwz5K0M0WDGcoZ74SuZRUGSYsYBTBpbK5uYWWeB7V0XM
AKap6ySZxBvZun9h39U1A2iGsbDt1jwJbYifMfPvPrkgivUqBfxM340t75350tKT
0p4ozq9gA64sQEPcyY05A/J57zuw+71BV87JWuqxv1Gj9xYfRc9YCgdrktWQCDS6
rSROd3lnk3DWKP6ZURFGuzkmFZKVV9lfjVhFKdZU2ujV9jT4uUJx0fqTF9S1zw6i
c7LDz1TtoVI8JxHo87uInqEe6YBXpAse3eAlsd1XXRbfyQU=
-----END CERTIFICATE-----