Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa
File:                     AS265919.roa (raw, json)
Hash identifier:          sae1/IR4fI5OdLTfdBKOupevUyPV08pKGqOZ71tqtZw=
Subject key identifier:   60:DD:77:C7:64:03:9E:07:AB:B7:9A:56:EF:CF:F6:34:24:9D:1B:A2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2FD8F4C2188DF5F365D9FCA3C8E983227909C391
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa
Signing time:             Fri 06 Mar 2026 15:46:45 +0000
ROA not before:           Fri 06 Mar 2026 15:41:45 +0000
ROA not after:            Fri 05 Mar 2027 15:46:45 +0000
asID:                     265919
IP address blocks:        191.96.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:d8:f4:c2:18:8d:f5:f3:65:d9:fc:a3:c8:e9:83:22:79:09:c3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  6 15:41:45 2026 GMT
            Not After : Mar  5 15:46:45 2027 GMT
        Subject: CN=60DD77C764039E07ABB79A56EFCFF634249D1BA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:57:16:58:f7:cc:f7:9a:35:8a:58:69:f8:1a:
                    5a:a5:ef:fc:a1:46:08:ee:4e:5f:68:45:5b:4f:bc:
                    89:cb:8a:cf:14:91:b6:ce:1f:bc:4f:e1:f3:21:14:
                    22:8f:d8:54:ab:54:c6:34:40:d4:54:a6:6f:31:73:
                    83:a6:1a:ae:e7:6b:b7:8e:31:9d:33:7d:6f:66:a7:
                    0b:73:8f:9c:89:b6:c9:4a:75:14:e8:98:47:c9:7e:
                    38:d7:98:e3:be:bc:17:8d:59:94:41:12:85:52:29:
                    fc:0a:36:1e:aa:0f:c0:46:b9:c1:45:c8:fc:59:b6:
                    69:55:d1:6a:a0:96:a5:ff:3a:9a:46:fc:60:c9:fa:
                    b0:11:b0:d2:e6:00:dc:81:06:ab:6f:a8:ce:db:ea:
                    db:d8:89:3b:1e:f3:ca:ea:dd:94:7b:87:d3:3a:ef:
                    af:8e:ee:14:1c:23:f5:91:82:9e:46:c8:16:66:6b:
                    93:5b:59:9c:df:bd:00:cc:36:cc:bc:c6:ad:52:36:
                    fe:93:fe:9a:e1:f4:f3:1b:9c:37:df:a9:57:49:d9:
                    50:1f:5e:f1:0b:e5:a9:66:18:26:8f:63:1d:67:89:
                    fc:ca:4e:d6:f6:23:66:93:e0:7e:53:45:ea:70:db:
                    23:13:9d:56:ca:28:bc:fb:11:b1:71:3b:76:b2:be:
                    6b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DD:77:C7:64:03:9E:07:AB:B7:9A:56:EF:CF:F6:34:24:9D:1B:A2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:0a:89:c6:c5:3d:79:16:d2:92:16:eb:84:cb:16:b3:b1:63:
         13:cf:74:79:e0:23:f6:da:e8:44:38:ae:04:1c:45:53:23:25:
         eb:fa:a2:df:ac:c9:4f:69:47:ac:d8:71:6e:74:d5:85:e9:8e:
         e0:24:2a:82:df:d6:33:ae:fc:2a:0f:c9:e9:f7:7a:b4:7e:b6:
         33:50:0e:5e:c9:5a:94:62:12:48:52:f8:30:23:48:ae:b8:81:
         95:e5:7a:5b:03:85:ba:88:62:d1:f2:32:74:98:7e:aa:9a:c6:
         30:33:6d:dd:01:b5:6b:f3:10:41:47:aa:81:7e:5f:e4:9e:b7:
         bd:87:67:ba:5a:36:4b:ce:1c:d4:72:f3:ff:c6:af:3e:0e:62:
         af:20:6f:a6:26:1c:e2:3d:40:d8:7f:58:b4:0b:a6:c6:1b:14:
         e6:74:cb:c5:cb:16:3d:a0:4e:9d:31:97:e0:b4:f6:ac:ec:eb:
         d5:34:28:60:c9:5b:94:2c:b3:db:5b:de:d1:24:b3:ec:e8:57:
         ce:e9:5d:1a:86:ad:c1:36:5f:d0:44:b8:93:c1:65:f8:5b:00:
         16:a6:7f:3e:08:9f:8b:d8:3a:59:73:03:27:df:2a:d9:89:1a:
         86:c6:59:a9:ab:fe:da:de:43:ea:dd:41:f4:f1:7a:be:02:aa:
         8e:bb:7b:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUL9j0whiN9fNl2fyjyOmDInkJw5EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMDYxNTQxNDVaFw0yNzAzMDUxNTQ2NDVaMDMxMTAvBgNV
BAMTKDYwREQ3N0M3NjQwMzlFMDdBQkI3OUE1NkVGQ0ZGNjM0MjQ5RDFCQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTVxZY98z3mjWKWGn4Glql7/yh
RgjuTl9oRVtPvInLis8UkbbOH7xP4fMhFCKP2FSrVMY0QNRUpm8xc4OmGq7na7eO
MZ0zfW9mpwtzj5yJtslKdRTomEfJfjjXmOO+vBeNWZRBEoVSKfwKNh6qD8BGucFF
yPxZtmlV0WqglqX/OppG/GDJ+rARsNLmANyBBqtvqM7b6tvYiTse88rq3ZR7h9M6
76+O7hQcI/WRgp5GyBZma5NbWZzfvQDMNsy8xq1SNv6T/prh9PMbnDffqVdJ2VAf
XvEL5almGCaPYx1nifzKTtb2I2aT4H5TRepw2yMTnVbKKLz7EbFxO3ayvmstAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYN13x2QDngert5pW78/2NCSdG6IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY1OTE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2BR
MA0GCSqGSIb3DQEBCwUAA4IBAQCHConGxT15FtKSFuuEyxazsWMTz3R54CP22uhE
OK4EHEVTIyXr+qLfrMlPaUes2HFudNWF6Y7gJCqC39YzrvwqD8np93q0frYzUA5e
yVqUYhJIUvgwI0iuuIGV5XpbA4W6iGLR8jJ0mH6qmsYwM23dAbVr8xBBR6qBfl/k
nre9h2e6WjZLzhzUcvP/xq8+DmKvIG+mJhziPUDYf1i0C6bGGxTmdMvFyxY9oE6d
MZfgtPas7OvVNChgyVuULLPbW97RJLPs6FfO6V0ahq3BNl/QRLiTwWX4WwAWpn8+
CJ+L2DpZcwMn3yrZiRqGxlmpq/7a3kPq3UH08Xq+AqqOu3tq
-----END CERTIFICATE-----