Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          dIydV0RHLCyifiqfcRne0fO9RIKxNXwgsYnkQv0yz7A=
Subject key identifier:   B9:F7:53:E7:FA:87:FE:2E:84:89:94:2C:B7:79:C3:1E:2C:43:9C:7F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3E8512DB307E780B1D927302617F0790657D2D4B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
Signing time:             Fri 26 Sep 2025 11:01:37 +0000
ROA not before:           Fri 26 Sep 2025 10:56:37 +0000
ROA not after:            Fri 25 Sep 2026 11:01:37 +0000
asID:                     214025
IP address blocks:        179.61.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:85:12:db:30:7e:78:0b:1d:92:73:02:61:7f:07:90:65:7d:2d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 26 10:56:37 2025 GMT
            Not After : Sep 25 11:01:37 2026 GMT
        Subject: CN=B9F753E7FA87FE2E8489942CB779C31E2C439C7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:50:96:5d:80:c4:84:3a:4e:f9:2c:04:35:68:
                    bc:60:1a:00:02:21:d4:61:e1:1d:66:2c:1c:22:83:
                    3a:87:53:b8:01:31:3f:ce:c0:4a:8a:52:69:80:01:
                    c1:2d:3f:bc:fd:fd:8c:08:37:46:d3:3a:9e:ad:13:
                    74:02:40:51:03:41:a7:1c:80:6a:b9:13:83:ef:6c:
                    8d:60:b9:54:73:df:00:7a:6b:37:88:43:8d:ab:2b:
                    f8:9c:dd:c8:b7:6c:c3:f1:8c:5e:a2:55:27:74:f7:
                    bb:f5:1a:a4:86:de:a1:77:7d:5b:f8:25:6b:b4:a0:
                    01:6f:ac:87:17:b4:6a:28:5b:dd:8a:dd:63:ef:ea:
                    38:05:e9:5a:09:65:d6:7d:7c:17:75:9a:19:90:61:
                    4d:76:73:bb:36:79:a3:30:21:6f:31:3b:5f:8c:99:
                    36:27:b6:70:09:2c:46:8f:fb:7c:cb:2a:e2:08:18:
                    7d:42:c0:5e:73:68:21:55:a9:80:49:fe:af:cf:4a:
                    76:52:db:48:e5:1c:b7:e5:22:01:2d:09:ea:24:00:
                    6d:2d:43:fa:8c:d0:30:26:d3:da:89:7b:2d:4e:76:
                    16:88:c1:e8:b4:cc:74:53:f5:10:0d:fc:95:6d:e3:
                    24:c9:cf:0d:23:77:c5:0e:8e:e5:37:68:75:b4:3b:
                    e6:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F7:53:E7:FA:87:FE:2E:84:89:94:2C:B7:79:C3:1E:2C:43:9C:7F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:43:73:ed:fa:2d:e3:18:53:1b:81:71:b0:a7:e0:03:8b:db:
         52:26:6f:68:b2:5e:48:fa:50:9d:c9:a4:34:36:99:eb:8f:05:
         a8:5e:26:42:16:92:19:b4:e6:fb:84:4b:07:94:d6:5d:74:d3:
         dd:68:8c:f9:1c:6a:ee:d6:7e:6e:cf:e7:cd:7e:23:80:40:3b:
         1f:dd:1f:d7:eb:40:9d:d1:90:a4:2f:f5:81:51:ed:e9:be:e3:
         2d:b7:f8:ad:77:1f:0f:2d:06:cd:b5:e7:07:68:28:4e:0f:49:
         9f:4c:4c:b0:c3:92:f6:71:ad:d3:5d:27:09:53:d5:0e:99:8a:
         e6:75:98:19:b8:7f:6d:41:05:95:6a:cc:a6:33:92:93:64:d8:
         d7:5c:4e:aa:12:75:a6:8a:35:4f:da:c9:95:32:5b:22:87:13:
         95:14:de:56:b4:29:76:08:da:1f:26:20:5c:da:de:c5:9a:93:
         8f:b6:a1:b9:e3:46:d4:fd:20:9e:ec:36:ed:92:2a:d2:9f:f8:
         ec:43:82:d9:b6:0b:d6:82:14:d0:2e:45:5a:ea:b8:d4:c0:08:
         93:6c:26:f8:73:a4:dc:61:6d:d6:0c:c7:40:ba:19:81:da:d9:
         f1:30:8d:eb:52:be:43:a2:28:63:ba:7f:29:f5:80:fe:2f:e2:
         07:da:83:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPoUS2zB+eAsdknMCYX8HkGV9LUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MjYxMDU2MzdaFw0yNjA5MjUxMTAxMzdaMDMxMTAvBgNV
BAMTKEI5Rjc1M0U3RkE4N0ZFMkU4NDg5OTQyQ0I3NzlDMzFFMkM0MzlDN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgUJZdgMSEOk75LAQ1aLxgGgAC
IdRh4R1mLBwigzqHU7gBMT/OwEqKUmmAAcEtP7z9/YwIN0bTOp6tE3QCQFEDQacc
gGq5E4PvbI1guVRz3wB6azeIQ42rK/ic3ci3bMPxjF6iVSd097v1GqSG3qF3fVv4
JWu0oAFvrIcXtGooW92K3WPv6jgF6VoJZdZ9fBd1mhmQYU12c7s2eaMwIW8xO1+M
mTYntnAJLEaP+3zLKuIIGH1CwF5zaCFVqYBJ/q/PSnZS20jlHLflIgEtCeokAG0t
Q/qM0DAm09qJey1OdhaIwei0zHRT9RAN/JVt4yTJzw0jd8UOjuU3aHW0O+atAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUufdT5/qH/i6EiZQst3nDHixDnH8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz3y
MA0GCSqGSIb3DQEBCwUAA4IBAQAWQ3Pt+i3jGFMbgXGwp+ADi9tSJm9osl5I+lCd
yaQ0NpnrjwWoXiZCFpIZtOb7hEsHlNZddNPdaIz5HGru1n5uz+fNfiOAQDsf3R/X
60Cd0ZCkL/WBUe3pvuMtt/itdx8PLQbNtecHaChOD0mfTEyww5L2ca3TXScJU9UO
mYrmdZgZuH9tQQWVasymM5KTZNjXXE6qEnWmijVP2smVMlsihxOVFN5WtCl2CNof
JiBc2t7FmpOPtqG540bU/SCe7DbtkirSn/jsQ4LZtgvWghTQLkVa6rjUwAiTbCb4
c6TcYW3WDMdAuhmB2tnxMI3rUr5Doihjun8p9YD+L+IH2oMN
-----END CERTIFICATE-----