Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203061.roa
File:                     AS203061.roa (raw, json)
Hash identifier:          /CgPy51+S7+tpSfWN/xCDuHRvfs5Dd7TP/x68wEwvvs=
Subject key identifier:   CC:EE:50:F8:25:21:43:BA:B1:7C:23:D5:76:9E:DB:4C:37:B0:D9:70
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5819B7CE493EB79291F6CF0DFDFA36B96F6D365E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203061.roa
Signing time:             Thu 12 Jun 2025 14:16:23 +0000
ROA not before:           Thu 12 Jun 2025 14:11:23 +0000
ROA not after:            Thu 11 Jun 2026 14:16:23 +0000
asID:                     203061
IP address blocks:        2a0a:a600::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:19:b7:ce:49:3e:b7:92:91:f6:cf:0d:fd:fa:36:b9:6f:6d:36:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:11:23 2025 GMT
            Not After : Jun 11 14:16:23 2026 GMT
        Subject: CN=CCEE50F8252143BAB17C23D5769EDB4C37B0D970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ce:fc:44:33:de:c9:67:29:ba:3d:9f:d8:9e:
                    e6:51:75:f3:fb:64:0b:15:1a:ba:e6:5e:34:5f:2f:
                    3a:98:bd:9e:13:1c:74:d0:cb:4e:2d:09:f1:fc:71:
                    19:57:4e:9c:de:25:ba:cf:ba:1d:81:29:65:dd:77:
                    09:b8:f8:ed:a9:f8:07:55:36:5c:73:bd:ab:9f:d0:
                    5e:a2:c1:60:dc:ea:a8:fe:32:83:7f:d7:39:e4:86:
                    30:01:1d:04:57:88:dd:3f:ef:9f:78:b6:bc:1f:9d:
                    91:8e:70:18:ce:43:fd:cc:1c:43:5d:c0:cd:ff:f6:
                    ea:49:3e:8b:63:97:b1:8c:27:05:b2:14:80:07:38:
                    f8:76:81:8b:cf:bd:78:07:43:b4:33:6f:f4:c3:84:
                    96:33:2f:57:71:ba:ba:b9:ec:c2:74:00:9e:27:18:
                    c5:84:6e:23:d0:10:20:a7:1a:80:21:64:bc:e5:3e:
                    29:5c:3f:fa:25:98:01:2e:2a:33:b7:f0:46:fb:1f:
                    56:f6:0e:7f:82:04:7d:de:d3:e5:f8:55:d1:22:c7:
                    ad:11:f2:ec:75:a6:e4:4e:7e:4b:8f:0b:5e:b3:37:
                    f9:38:9b:c9:30:1b:57:c4:85:e8:ed:0b:46:97:e1:
                    12:d0:64:6a:50:bd:b5:99:a7:62:62:3f:1e:20:3b:
                    66:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EE:50:F8:25:21:43:BA:B1:7C:23:D5:76:9E:DB:4C:37:B0:D9:70
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203061.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:a600::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:c8:73:e4:84:32:f4:95:38:c2:4d:85:98:ab:ed:e6:d6:bc:
         4f:31:90:ab:3d:18:d0:9f:62:ac:ff:92:0e:d8:95:3d:3e:ed:
         c1:bd:62:34:26:f5:cf:1e:05:fc:8d:bf:58:62:b3:3e:eb:77:
         c7:d6:dd:ac:96:a4:c2:c9:39:04:07:31:48:97:ba:19:b0:ad:
         5e:32:29:83:a2:c7:54:26:cd:df:49:51:ff:5e:3e:e5:90:d9:
         16:b1:32:f6:ba:b2:f1:db:92:5f:37:82:6c:99:46:4b:b0:d4:
         7c:83:b9:e5:71:88:c6:7e:f2:bd:7a:c7:a8:72:2f:07:04:ca:
         d4:a8:09:e2:44:43:be:3c:3c:b4:dc:a7:fe:33:0e:d7:0c:df:
         09:e9:89:03:ab:08:5d:85:ad:a1:36:14:a2:4e:53:31:23:5b:
         57:d3:00:df:48:5f:f4:78:92:05:b6:aa:dd:5c:1e:44:dc:31:
         ae:af:02:e2:73:57:87:62:31:2f:1a:5b:85:e5:b0:a3:bb:eb:
         24:5f:11:cc:ca:ed:06:3b:05:98:8f:90:eb:2c:3b:56:14:ed:
         34:a9:02:cf:02:3d:ac:13:a5:5b:23:cf:7c:b4:d4:be:c8:0b:
         69:6d:fb:68:64:b7:cf:b2:97:f8:92:f8:0a:13:3f:54:3e:93:
         93:28:52:91
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUWBm3zkk+t5KR9s8N/fo2uW9tNl4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDExMjNaFw0yNjA2MTExNDE2MjNaMDMxMTAvBgNV
BAMTKENDRUU1MEY4MjUyMTQzQkFCMTdDMjNENTc2OUVEQjRDMzdCMEQ5NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4zvxEM97JZym6PZ/YnuZRdfP7
ZAsVGrrmXjRfLzqYvZ4THHTQy04tCfH8cRlXTpzeJbrPuh2BKWXddwm4+O2p+AdV
Nlxzvauf0F6iwWDc6qj+MoN/1znkhjABHQRXiN0/7594trwfnZGOcBjOQ/3MHENd
wM3/9upJPotjl7GMJwWyFIAHOPh2gYvPvXgHQ7Qzb/TDhJYzL1dxurq57MJ0AJ4n
GMWEbiPQECCnGoAhZLzlPilcP/olmAEuKjO38Eb7H1b2Dn+CBH3e0+X4VdEix60R
8ux1puROfkuPC16zN/k4m8kwG1fEhejtC0aX4RLQZGpQvbWZp2JiPx4gO2azAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUzO5Q+CUhQ7qxfCPVdp7bTDew2XAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAzMDYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqm
ADANBgkqhkiG9w0BAQsFAAOCAQEAk8hz5IQy9JU4wk2FmKvt5ta8TzGQqz0Y0J9i
rP+SDtiVPT7twb1iNCb1zx4F/I2/WGKzPut3x9bdrJakwsk5BAcxSJe6GbCtXjIp
g6LHVCbN30lR/14+5ZDZFrEy9rqy8duSXzeCbJlGS7DUfIO55XGIxn7yvXrHqHIv
BwTK1KgJ4kRDvjw8tNyn/jMO1wzfCemJA6sIXYWtoTYUok5TMSNbV9MA30hf9HiS
Bbaq3VweRNwxrq8C4nNXh2IxLxpbheWwo7vrJF8RzMrtBjsFmI+Q6yw7VhTtNKkC
zwI9rBOlWyPPfLTUvsgLaW37aGS3z7KX+JL4ChM/VD6TkyhSkQ==
-----END CERTIFICATE-----