Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa
File:                     AS397630.roa (raw, json)
Hash identifier:          58j9ULwd+Xs59Rk7/tu9PM/I0JGswhE7TlO51LzLIHI=
Subject key identifier:   5E:2A:63:A4:8F:2F:34:A5:9E:24:05:B9:2B:97:28:10:65:79:BE:F7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3869DFAB4C62D92EFFDFAE0F6841F525398A42D6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa
Signing time:             Fri 10 Oct 2025 12:26:54 +0000
ROA not before:           Fri 10 Oct 2025 12:21:54 +0000
ROA not after:            Fri 09 Oct 2026 12:26:54 +0000
asID:                     397630
IP address blocks:        181.215.250.0/24 maxlen: 24
                          191.101.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:69:df:ab:4c:62:d9:2e:ff:df:ae:0f:68:41:f5:25:39:8a:42:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 10 12:21:54 2025 GMT
            Not After : Oct  9 12:26:54 2026 GMT
        Subject: CN=5E2A63A48F2F34A59E2405B92B9728106579BEF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c6:71:50:42:43:da:08:67:22:61:26:82:8b:
                    28:44:0e:fa:26:83:d6:18:28:50:bc:3b:47:37:ae:
                    05:61:06:c0:1d:4f:f1:dc:6a:0c:fb:12:da:c5:23:
                    1a:e6:5a:e5:a3:50:87:14:d1:73:fd:37:46:27:fe:
                    68:b5:c9:db:35:7a:b8:46:20:54:d0:0d:25:55:fa:
                    30:9e:c6:4a:8e:12:8a:6f:ef:93:b5:15:95:85:f7:
                    a8:6d:df:2c:7a:08:a6:4f:8b:c4:24:a3:ed:4d:52:
                    0c:d8:87:e8:2b:35:94:20:ef:55:ff:3f:ea:4f:b1:
                    f4:1c:e0:5f:7a:44:93:1c:4d:96:24:ca:12:a9:8c:
                    81:0a:80:43:d0:c7:b6:51:88:64:53:76:98:07:4b:
                    f9:6a:5c:56:4e:f4:5a:3d:ef:bc:d9:69:77:25:21:
                    0d:d6:40:a1:fc:f1:c9:c4:f8:08:18:21:36:9d:11:
                    85:54:09:71:97:d5:1b:29:3a:c8:35:5a:c2:86:79:
                    6b:06:dc:52:a8:cf:cf:34:4e:9b:1b:4f:7d:71:2e:
                    6a:94:90:77:f2:a3:12:b2:4f:25:c3:5a:68:23:84:
                    be:13:70:06:c6:c2:03:3b:2d:46:49:51:8e:1e:3e:
                    b4:60:af:c1:2c:45:8f:fd:33:a4:42:79:b8:a0:ed:
                    a3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2A:63:A4:8F:2F:34:A5:9E:24:05:B9:2B:97:28:10:65:79:BE:F7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.250.0/24
                  191.101.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:c5:09:b9:7e:00:ee:f5:f6:b6:a8:9a:ce:78:9f:4c:ea:bd:
         24:a1:0e:7e:58:8c:de:72:b8:b9:b1:c9:08:98:b9:c0:58:e6:
         4b:4d:71:eb:4b:76:46:0e:f7:ef:50:7f:da:5f:02:a8:86:d7:
         19:6c:ed:48:9b:28:5c:1b:1c:27:67:b6:b0:59:29:b1:10:68:
         9c:94:38:13:10:fc:d9:59:2f:1c:0e:3f:b0:51:cb:9e:fc:09:
         a0:25:09:eb:a5:43:80:0f:32:30:6e:f3:05:86:b9:5e:0e:03:
         64:ce:87:08:f6:73:15:f5:21:a0:d4:cc:52:ed:d5:67:3b:16:
         0e:29:56:14:bc:08:8e:e7:fd:3d:0f:f7:fe:8f:aa:07:11:78:
         0c:6c:a6:f3:91:aa:92:ec:68:78:90:8a:44:96:0d:79:57:6b:
         91:6c:7a:19:38:ed:02:34:26:74:97:e6:e8:b7:23:38:90:7e:
         f3:7f:04:bf:87:98:2a:57:31:d4:45:b2:aa:47:2c:1a:fa:7e:
         58:ed:f6:1c:c8:68:ab:f1:a5:45:19:6b:5a:04:a8:a6:2a:8b:
         86:5c:4e:6e:05:2e:53:c2:ee:40:e4:cd:b5:e1:e9:a3:85:b5:
         aa:26:06:92:19:3c:18:d2:9f:c9:bc:dc:94:a5:a2:c1:46:a5:
         cb:fb:48:5c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUOGnfq0xi2S7/364PaEH1JTmKQtYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMTAxMjIxNTRaFw0yNjEwMDkxMjI2NTRaMDMxMTAvBgNV
BAMTKDVFMkE2M0E0OEYyRjM0QTU5RTI0MDVCOTJCOTcyODEwNjU3OUJFRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBxnFQQkPaCGciYSaCiyhEDvom
g9YYKFC8O0c3rgVhBsAdT/Hcagz7EtrFIxrmWuWjUIcU0XP9N0Yn/mi1yds1erhG
IFTQDSVV+jCexkqOEopv75O1FZWF96ht3yx6CKZPi8Qko+1NUgzYh+grNZQg71X/
P+pPsfQc4F96RJMcTZYkyhKpjIEKgEPQx7ZRiGRTdpgHS/lqXFZO9Fo977zZaXcl
IQ3WQKH88cnE+AgYITadEYVUCXGX1RspOsg1WsKGeWsG3FKoz880TpsbT31xLmqU
kHfyoxKyTyXDWmgjhL4TcAbGwgM7LUZJUY4ePrRgr8EsRY/9M6RCebig7aN3AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUXipjpI8vNKWeJAW5K5coEGV5vvcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk3NjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdf6
AwQAv2XaMA0GCSqGSIb3DQEBCwUAA4IBAQCHxQm5fgDu9fa2qJrOeJ9M6r0koQ5+
WIzecri5sckImLnAWOZLTXHrS3ZGDvfvUH/aXwKohtcZbO1ImyhcGxwnZ7awWSmx
EGiclDgTEPzZWS8cDj+wUcue/AmgJQnrpUOADzIwbvMFhrleDgNkzocI9nMV9SGg
1MxS7dVnOxYOKVYUvAiO5/09D/f+j6oHEXgMbKbzkaqS7Gh4kIpElg15V2uRbHoZ
OO0CNCZ0l+botyM4kH7zfwS/h5gqVzHURbKqRywa+n5Y7fYcyGir8aVFGWtaBKim
KouGXE5uBS5Twu5A5M214emjhbWqJgaSGTwY0p/JvNyUpaLBRqXL+0hc
-----END CERTIFICATE-----