Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          aAzyPKlmD76NUf27OhsSur+C/Nyry/hYsH3AvWY5QFA=
Subject key identifier:   7D:D7:76:1A:1E:F5:7F:73:6C:12:EA:C8:75:20:B6:AA:87:96:8E:87
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0CD80961477D5D9F5B159BEA577F3DBA652A7C12
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25369.roa
Signing time:             Fri 24 Apr 2026 13:47:06 +0000
ROA not before:           Fri 24 Apr 2026 13:42:06 +0000
ROA not after:            Fri 23 Apr 2027 13:47:06 +0000
asID:                     25369
IP address blocks:        85.209.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:d8:09:61:47:7d:5d:9f:5b:15:9b:ea:57:7f:3d:ba:65:2a:7c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 24 13:42:06 2026 GMT
            Not After : Apr 23 13:47:06 2027 GMT
        Subject: CN=7DD7761A1EF57F736C12EAC87520B6AA87968E87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c6:d6:89:75:dc:9d:29:1c:9f:67:72:0b:77:
                    f4:04:50:23:d0:36:43:27:78:19:a6:2f:64:b5:8d:
                    9c:db:ca:89:0a:fe:8f:4b:16:55:3a:d0:c4:77:cf:
                    25:f1:59:0e:4b:74:d7:3a:be:e8:2c:fa:ae:53:fd:
                    0a:4a:43:2a:6f:42:f3:97:72:57:36:ce:dc:f9:90:
                    b1:37:0e:61:70:24:09:63:66:dd:76:75:75:2a:d4:
                    40:a6:98:c6:a6:5a:e5:4d:9e:55:c6:1b:18:9c:92:
                    60:fc:21:65:99:1f:53:a7:6c:29:13:b5:e3:6f:83:
                    97:14:32:cb:04:72:2d:24:bd:4d:d3:b7:cf:bf:5a:
                    fc:e7:44:7e:a4:20:43:cb:ab:da:a6:41:8a:79:b2:
                    48:b5:87:13:f3:ee:f7:70:8a:ab:ab:63:94:46:c7:
                    d7:61:5f:43:44:6b:f5:16:ee:a4:e0:6c:a9:1d:10:
                    68:55:aa:47:27:36:c6:77:67:a5:e4:a2:da:5e:b6:
                    ee:1b:a1:86:87:1e:fe:11:b7:76:30:47:48:fe:aa:
                    73:22:c6:21:49:bd:58:e7:a7:25:67:b1:8e:a2:6e:
                    31:f9:e1:28:7e:28:19:1f:e4:e4:85:ca:5f:3a:6e:
                    af:1d:39:aa:31:dc:7d:7f:66:a0:a4:24:41:d2:e7:
                    cd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:D7:76:1A:1E:F5:7F:73:6C:12:EA:C8:75:20:B6:AA:87:96:8E:87
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:38:10:86:3f:e3:d1:83:db:83:c6:c3:0a:9f:ef:bd:c2:f9:
         50:41:b4:7a:d0:22:28:13:0d:af:37:2e:31:35:d3:e6:cd:61:
         5c:4c:f1:d2:a7:f4:f8:be:03:41:c7:3d:9b:c5:06:98:fd:9f:
         61:83:78:ae:e0:0d:d8:1e:fb:0f:7f:12:bd:87:fb:56:1c:57:
         68:fa:47:18:c4:ea:6a:46:10:2e:92:74:f1:94:6c:6d:e2:aa:
         b3:ad:5a:86:41:bf:b2:d3:e0:56:2c:82:80:99:5f:41:59:c8:
         97:33:3b:70:43:3e:85:89:10:cf:c8:49:e0:60:ed:ae:5a:8f:
         85:99:26:b4:06:7f:15:3c:28:fb:39:d1:eb:b8:46:53:4e:54:
         85:9f:81:b6:16:d3:45:2e:54:74:38:cf:6b:ae:f3:e7:11:1f:
         d0:5a:12:34:db:b5:81:d3:b6:24:c7:1d:78:b8:5f:71:98:03:
         03:eb:d0:e1:ed:fa:34:2e:f0:a9:3e:4a:63:9b:f2:3f:19:8a:
         25:75:bc:ab:a2:11:62:c6:ca:70:b8:0a:89:d0:bb:f6:24:22:
         79:26:8e:03:9a:c0:ce:f0:0d:a5:a0:69:14:cf:ee:1f:d3:c9:
         72:91:2c:30:0d:2f:5d:c3:7a:13:1f:40:2e:1b:f9:87:b1:8a:
         81:86:84:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDNgJYUd9XZ9bFZvqV389umUqfBIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MjQxMzQyMDZaFw0yNzA0MjMxMzQ3MDZaMDMxMTAvBgNV
BAMTKDdERDc3NjFBMUVGNTdGNzM2QzEyRUFDODc1MjBCNkFBODc5NjhFODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAxtaJddydKRyfZ3ILd/QEUCPQ
NkMneBmmL2S1jZzbyokK/o9LFlU60MR3zyXxWQ5LdNc6vugs+q5T/QpKQypvQvOX
clc2ztz5kLE3DmFwJAljZt12dXUq1ECmmMamWuVNnlXGGxickmD8IWWZH1OnbCkT
teNvg5cUMssEci0kvU3Tt8+/WvznRH6kIEPLq9qmQYp5ski1hxPz7vdwiqurY5RG
x9dhX0NEa/UW7qTgbKkdEGhVqkcnNsZ3Z6Xkotpetu4boYaHHv4Rt3YwR0j+qnMi
xiFJvVjnpyVnsY6ibjH54Sh+KBkf5OSFyl86bq8dOaox3H1/ZqCkJEHS582PAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUfdd2Gh71f3NsEurIdSC2qoeWjocwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0bEw
DQYJKoZIhvcNAQELBQADggEBAHU4EIY/49GD24PGwwqf773C+VBBtHrQIigTDa83
LjE10+bNYVxM8dKn9Pi+A0HHPZvFBpj9n2GDeK7gDdge+w9/Er2H+1YcV2j6RxjE
6mpGEC6SdPGUbG3iqrOtWoZBv7LT4FYsgoCZX0FZyJczO3BDPoWJEM/ISeBg7a5a
j4WZJrQGfxU8KPs50eu4RlNOVIWfgbYW00UuVHQ4z2uu8+cRH9BaEjTbtYHTtiTH
HXi4X3GYAwPr0OHt+jQu8Kk+SmOb8j8ZiiV1vKuiEWLGynC4ConQu/YkInkmjgOa
wM7wDaWgaRTP7h/TyXKRLDANL13DehMfQC4b+YexioGGhEA=
-----END CERTIFICATE-----