Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401103.roa
File:                     AS401103.roa (raw, json)
Hash identifier:          SKjvWuBG4rNOAT+pL+qOndI+6rEZawbCVCHDTFEVTjA=
Subject key identifier:   03:4E:08:93:54:24:DB:06:61:D7:A9:1D:AC:BF:C1:E3:55:D4:0B:07
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       56F8E0FB8D97646DE795F0883512FDD6D2C130BE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401103.roa
Signing time:             Sat 16 Aug 2025 22:54:13 +0000
ROA not before:           Sat 16 Aug 2025 22:49:13 +0000
ROA not after:            Sat 15 Aug 2026 22:54:13 +0000
asID:                     401103
IP address blocks:        179.61.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:f8:e0:fb:8d:97:64:6d:e7:95:f0:88:35:12:fd:d6:d2:c1:30:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 16 22:49:13 2025 GMT
            Not After : Aug 15 22:54:13 2026 GMT
        Subject: CN=034E08935424DB0661D7A91DACBFC1E355D40B07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fc:1c:c9:4c:1d:e6:26:98:d1:9b:4e:19:4b:
                    08:11:63:1c:c7:cd:23:f7:52:1d:ec:54:25:87:f4:
                    11:55:8f:ed:ab:bd:7e:77:43:51:5e:b3:da:47:7a:
                    18:08:72:85:d5:23:4a:dc:f0:e9:30:71:15:81:84:
                    78:3e:4b:88:8f:48:96:89:55:b1:a8:5f:cd:b1:84:
                    e5:f7:ef:6e:da:38:c9:8e:84:7c:dc:ed:d1:d4:0f:
                    d7:a5:11:fc:f3:f9:28:15:c7:f7:43:99:3e:12:dd:
                    df:4a:78:ad:79:a5:df:28:cf:4b:ca:6a:df:bb:ee:
                    0b:d5:6f:32:ac:4a:30:d5:21:cc:72:cf:12:e6:6e:
                    c2:38:a7:be:74:8a:44:b8:3a:43:4c:5d:4c:e5:35:
                    e3:ad:e3:28:e4:eb:59:4f:98:69:91:fd:66:69:43:
                    be:f5:31:75:f8:57:05:f6:9f:ce:01:31:dc:79:fe:
                    32:35:1b:ac:7f:40:f6:44:75:44:90:93:20:b9:ea:
                    39:2a:c8:94:bf:1c:ff:f4:80:bd:13:12:e6:e6:0d:
                    d8:2e:01:c5:49:32:f6:3f:52:d7:9f:d9:65:a3:1d:
                    69:8e:4c:46:95:0c:e4:71:17:fd:19:e0:1d:91:ca:
                    2f:38:88:33:d5:19:9e:39:45:96:ef:1a:94:2b:42:
                    58:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4E:08:93:54:24:DB:06:61:D7:A9:1D:AC:BF:C1:E3:55:D4:0B:07
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401103.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:4d:c7:6c:c3:15:f9:7e:c2:74:bf:47:ea:ef:6c:a3:01:f5:
         38:e8:70:40:a7:eb:a4:d7:e6:3b:a4:13:bc:cb:be:fc:44:b4:
         2e:45:a7:fa:5a:4e:12:fd:85:83:5c:43:81:7e:34:40:e8:3f:
         35:9b:54:55:47:80:8c:57:c0:76:56:52:21:7d:f9:d7:b0:23:
         e0:0a:62:7b:29:ef:74:32:c7:cb:4b:42:b9:90:ca:f1:37:11:
         a8:ef:af:44:98:35:52:a9:c0:27:2e:9a:4b:3f:ed:7a:41:a8:
         38:7d:32:d1:ed:ea:aa:0c:8c:67:dd:32:f1:38:46:ee:9d:52:
         eb:89:a6:36:b1:b3:b7:6c:6d:96:ef:90:c5:97:18:97:c9:d8:
         42:c8:a6:1b:4d:cd:e3:63:fb:1a:8c:aa:61:e9:b8:20:03:39:
         c8:e1:bc:fb:28:5c:6f:6b:21:14:2b:d2:db:ea:11:0f:01:0b:
         fa:f7:7f:6f:da:c9:36:eb:44:84:00:b6:74:e7:41:6e:68:7a:
         89:81:02:90:3b:46:2a:52:3d:27:81:85:de:7a:d7:52:aa:b5:
         29:d4:e4:75:47:53:66:db:f8:ef:ce:0b:06:60:bf:2d:f2:19:
         61:af:78:41:96:77:92:9f:f5:fe:97:68:12:6b:05:61:7e:d4:
         8e:fe:c1:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVvjg+42XZG3nlfCINRL91tLBML4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MTYyMjQ5MTNaFw0yNjA4MTUyMjU0MTNaMDMxMTAvBgNV
BAMTKDAzNEUwODkzNTQyNERCMDY2MUQ3QTkxREFDQkZDMUUzNTVENDBCMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy/BzJTB3mJpjRm04ZSwgRYxzH
zSP3Uh3sVCWH9BFVj+2rvX53Q1Fes9pHehgIcoXVI0rc8OkwcRWBhHg+S4iPSJaJ
VbGoX82xhOX3727aOMmOhHzc7dHUD9elEfzz+SgVx/dDmT4S3d9KeK15pd8oz0vK
at+77gvVbzKsSjDVIcxyzxLmbsI4p750ikS4OkNMXUzlNeOt4yjk61lPmGmR/WZp
Q771MXX4VwX2n84BMdx5/jI1G6x/QPZEdUSQkyC56jkqyJS/HP/0gL0TEubmDdgu
AcVJMvY/Utef2WWjHWmOTEaVDORxF/0Z4B2Ryi84iDPVGZ45RZbvGpQrQlglAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUA04Ik1Qk2wZh16kdrL/B41XUCwcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxMTAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz27
MA0GCSqGSIb3DQEBCwUAA4IBAQBRTcdswxX5fsJ0v0fq72yjAfU46HBAp+uk1+Y7
pBO8y778RLQuRaf6Wk4S/YWDXEOBfjRA6D81m1RVR4CMV8B2VlIhffnXsCPgCmJ7
Ke90MsfLS0K5kMrxNxGo769EmDVSqcAnLppLP+16Qag4fTLR7eqqDIxn3TLxOEbu
nVLriaY2sbO3bG2W75DFlxiXydhCyKYbTc3jY/sajKph6bggAznI4bz7KFxvayEU
K9Lb6hEPAQv6939v2sk260SEALZ050FuaHqJgQKQO0YqUj0ngYXeetdSqrUp1OR1
R1Nm2/jvzgsGYL8t8hlhr3hBlneSn/X+l2gSawVhftSO/sHx
-----END CERTIFICATE-----