Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203624.roa
File:                     AS203624.roa (raw, json)
Hash identifier:          UfdLHtd1YBKPbWUFYfiOZbA+e4jw012uuxwvPudzUbg=
Subject key identifier:   1E:D8:75:7E:55:56:24:46:DE:A9:4E:4B:69:B1:76:60:BD:F5:F8:29
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       08A15CEF054D30E6672866440100105F64748D59
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203624.roa
Signing time:             Tue 10 Jun 2025 14:55:48 +0000
ROA not before:           Tue 10 Jun 2025 14:50:48 +0000
ROA not after:            Tue 09 Jun 2026 14:55:48 +0000
asID:                     203624
IP address blocks:        2a0d:5c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:a1:5c:ef:05:4d:30:e6:67:28:66:44:01:00:10:5f:64:74:8d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 10 14:50:48 2025 GMT
            Not After : Jun  9 14:55:48 2026 GMT
        Subject: CN=1ED8757E55562446DEA94E4B69B17660BDF5F829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:55:ac:b2:c9:47:e0:2b:34:2f:9f:fa:c4:cd:
                    79:24:e8:6b:92:cb:7a:a8:f6:fb:af:07:47:a7:e2:
                    a3:d4:20:27:d6:c7:a8:9e:cd:26:77:a5:e6:03:56:
                    ae:b6:67:56:62:e9:47:47:9a:cd:bb:e5:f6:da:61:
                    95:4b:95:c4:bd:26:15:78:8a:db:f8:3a:35:bf:cb:
                    a3:83:e4:e0:f2:62:69:de:18:8f:4a:9b:f0:d9:34:
                    38:3c:d1:f8:c0:f2:81:27:2f:a1:74:90:73:c5:e7:
                    e6:60:d5:64:20:f0:44:3d:fa:20:92:7d:92:fa:de:
                    4a:e7:d0:04:88:51:de:cb:6c:a1:0f:0c:b8:a1:0f:
                    13:28:c1:70:5d:69:23:b6:0b:6f:23:ca:16:2c:a7:
                    a3:89:3e:0b:b7:40:98:a6:87:ba:81:00:f6:80:bf:
                    14:4c:36:ce:c1:62:4b:71:9f:6f:27:23:b0:a4:a1:
                    6d:ee:4a:dc:26:2b:ac:8b:12:9d:0b:c7:fa:ba:06:
                    d6:43:9a:0a:0d:ce:ad:43:a9:c3:7b:0b:0a:43:42:
                    3f:ef:9c:64:71:53:2c:ff:e7:d1:c0:86:b6:8f:a9:
                    5a:54:5f:82:b8:d6:13:f5:07:55:93:63:47:d6:52:
                    69:9b:58:b6:04:21:d3:6f:ab:e2:f5:3c:be:05:aa:
                    b8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D8:75:7E:55:56:24:46:DE:A9:4E:4B:69:B1:76:60:BD:F5:F8:29
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203624.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:25:a1:7e:a1:23:b9:ca:ba:42:2c:7e:52:f1:9c:10:7f:63:
         97:3e:ab:62:6b:13:94:14:85:d3:83:b0:88:d0:d8:d7:9c:f4:
         10:cc:c9:eb:7d:a2:05:ee:b0:36:b9:73:68:22:8d:72:e8:00:
         0c:b1:72:06:5e:2e:9f:42:aa:c5:e8:97:41:30:94:5c:02:b6:
         8b:25:ff:10:86:d7:3b:0e:15:8a:5a:05:1c:ed:4a:09:c5:2b:
         85:d6:15:73:22:c1:c3:24:9f:76:4f:dc:b2:59:34:85:4f:aa:
         04:14:31:d3:ac:a2:db:60:6f:80:5e:79:60:4d:fa:4e:d8:64:
         93:89:4d:f8:1f:81:9b:d4:83:05:3e:27:22:16:7d:bd:91:ed:
         c1:20:b5:8d:2f:0d:f6:cd:89:38:90:1d:95:25:c6:a5:cd:9e:
         01:a1:ab:6a:51:f2:a4:29:54:85:db:95:9e:5b:7f:3e:fb:76:
         2e:36:12:5e:3e:6e:73:d2:fb:90:cb:79:8d:6b:99:e3:00:44:
         eb:a0:bb:3d:1f:0d:0b:5f:6c:54:c9:77:6c:74:d4:8f:04:a9:
         85:18:74:6d:fb:40:98:b6:a4:33:da:e5:e5:86:7f:05:38:e3:
         1a:ff:6f:f8:50:90:ae:65:04:40:12:68:96:96:71:87:97:b0:
         94:bc:13:13
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUCKFc7wVNMOZnKGZEAQAQX2R0jVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTAxNDUwNDhaFw0yNjA2MDkxNDU1NDhaMDMxMTAvBgNV
BAMTKDFFRDg3NTdFNTU1NjI0NDZERUE5NEU0QjY5QjE3NjYwQkRGNUY4MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOVayyyUfgKzQvn/rEzXkk6GuS
y3qo9vuvB0en4qPUICfWx6iezSZ3peYDVq62Z1Zi6UdHms275fbaYZVLlcS9JhV4
itv4OjW/y6OD5ODyYmneGI9Km/DZNDg80fjA8oEnL6F0kHPF5+Zg1WQg8EQ9+iCS
fZL63krn0ASIUd7LbKEPDLihDxMowXBdaSO2C28jyhYsp6OJPgu3QJimh7qBAPaA
vxRMNs7BYktxn28nI7CkoW3uStwmK6yLEp0Lx/q6BtZDmgoNzq1DqcN7CwpDQj/v
nGRxUyz/59HAhraPqVpUX4K41hP1B1WTY0fWUmmbWLYEIdNvq+L1PL4Fqri7AgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUHth1flVWJEbeqU5LabF2YL31+CkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAzNjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg0F
wDANBgkqhkiG9w0BAQsFAAOCAQEADCWhfqEjucq6Qix+UvGcEH9jlz6rYmsTlBSF
04OwiNDY15z0EMzJ632iBe6wNrlzaCKNcugADLFyBl4un0KqxeiXQTCUXAK2iyX/
EIbXOw4ViloFHO1KCcUrhdYVcyLBwySfdk/cslk0hU+qBBQx06yi22BvgF55YE36
Tthkk4lN+B+Bm9SDBT4nIhZ9vZHtwSC1jS8N9s2JOJAdlSXGpc2eAaGralHypClU
hduVnlt/Pvt2LjYSXj5uc9L7kMt5jWuZ4wBE66C7PR8NC19sVMl3bHTUjwSphRh0
bftAmLakM9rl5YZ/BTjjGv9v+FCQrmUEQBJolpZxh5ewlLwTEw==
-----END CERTIFICATE-----