Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401824.roa
File:                     AS401824.roa (raw, json)
Hash identifier:          AebA3NF5E+CopHGIpcqxA5soSLpet7QLZG3QOQ+KcB8=
Subject key identifier:   B9:A5:9D:6C:55:9C:E9:31:B1:14:61:FA:A9:6D:4F:04:4D:A1:6C:36
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0E017CEAB42333B06D692F0D85BEA9073A4DD9AF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401824.roa
Signing time:             Sun 17 Aug 2025 14:57:36 +0000
ROA not before:           Sun 17 Aug 2025 14:52:36 +0000
ROA not after:            Sun 16 Aug 2026 14:57:36 +0000
asID:                     401824
IP address blocks:        191.96.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:01:7c:ea:b4:23:33:b0:6d:69:2f:0d:85:be:a9:07:3a:4d:d9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 17 14:52:36 2025 GMT
            Not After : Aug 16 14:57:36 2026 GMT
        Subject: CN=B9A59D6C559CE931B11461FAA96D4F044DA16C36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:57:e8:7b:49:bf:8d:67:dc:45:39:23:7d:6b:
                    44:0c:a5:c8:94:08:42:81:07:7a:f1:58:04:9b:ef:
                    39:68:8e:12:81:72:05:06:41:60:2b:b3:85:e1:79:
                    9c:e2:dd:d6:80:e8:82:b3:eb:a0:20:69:00:00:a8:
                    e1:d7:21:39:61:0e:57:9d:e8:08:81:a4:ab:b2:3e:
                    95:94:80:8d:47:d0:03:1b:b4:6a:a8:24:1c:c1:78:
                    3a:dd:25:98:c3:76:9a:cf:b6:28:59:1d:41:e4:d6:
                    0d:80:9a:c6:f0:dc:cd:fc:a3:b2:c7:6e:07:ad:e9:
                    ed:ed:6d:f5:e3:9e:8c:7b:61:75:0b:bf:c0:20:70:
                    15:2e:92:fc:00:29:e7:7c:55:0e:18:f9:2f:a8:1d:
                    91:d6:76:2c:33:11:8f:b2:9a:49:48:0d:67:ad:b0:
                    67:39:89:26:dc:01:7c:a0:16:f7:06:d1:d3:4c:eb:
                    73:d1:06:80:a7:02:2d:40:ac:7e:e2:af:17:bd:b8:
                    2d:7b:78:62:82:72:76:39:19:ea:53:b1:d5:36:b8:
                    df:72:0d:c3:70:e6:10:0b:52:63:70:f8:1a:cd:70:
                    0b:28:7a:29:c4:2b:dd:7d:49:e5:b6:48:50:5b:24:
                    c6:05:f6:94:af:1f:1a:4b:65:08:6a:c7:2f:de:78:
                    62:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A5:9D:6C:55:9C:E9:31:B1:14:61:FA:A9:6D:4F:04:4D:A1:6C:36
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401824.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:cd:75:4a:4f:e0:7b:1f:4b:48:dd:27:6a:70:dd:a8:ee:e1:
         d9:4c:c6:6b:79:1b:21:c6:e5:ba:38:85:12:ce:eb:0a:a1:c5:
         06:78:38:df:c6:01:df:63:21:44:dc:9c:ce:87:61:7b:11:ba:
         4a:c7:66:a8:0c:1e:ca:ec:26:5f:b8:16:44:39:6f:a2:2d:9e:
         26:24:19:a6:8b:e4:f8:c7:f0:e2:97:a6:66:3d:7d:36:b8:f5:
         b2:f3:fa:e6:62:91:e3:b7:5c:e2:9b:5e:b0:38:96:b2:b9:06:
         ad:a8:2d:89:b5:af:8a:60:33:f6:67:e4:4d:64:52:85:4b:88:
         17:f8:79:e5:9b:8b:1e:15:e3:65:0d:68:73:be:f9:7a:b8:14:
         99:a9:da:fd:65:08:7b:3e:b2:5a:71:53:f0:f3:fb:b2:e1:6c:
         28:a9:fa:cb:22:42:85:7e:50:37:c9:80:14:04:49:d8:b7:23:
         85:bf:20:bc:83:ee:e6:b8:a6:fa:55:07:3c:fb:60:75:cb:cd:
         9b:e6:3d:1f:ea:94:dd:a6:25:26:80:32:37:eb:1e:c5:da:f3:
         f4:e4:e7:13:f1:0c:9a:dd:54:d0:09:45:79:ca:f0:fa:d4:70:
         df:6c:8a:8a:1c:46:ff:d4:05:75:f5:12:29:c7:f9:5f:33:f6:
         7e:4b:89:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDgF86rQjM7BtaS8Nhb6pBzpN2a8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MTcxNDUyMzZaFw0yNjA4MTYxNDU3MzZaMDMxMTAvBgNV
BAMTKEI5QTU5RDZDNTU5Q0U5MzFCMTE0NjFGQUE5NkQ0RjA0NERBMTZDMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDV+h7Sb+NZ9xFOSN9a0QMpciU
CEKBB3rxWASb7zlojhKBcgUGQWArs4XheZzi3daA6IKz66AgaQAAqOHXITlhDled
6AiBpKuyPpWUgI1H0AMbtGqoJBzBeDrdJZjDdprPtihZHUHk1g2Amsbw3M38o7LH
bget6e3tbfXjnox7YXULv8AgcBUukvwAKed8VQ4Y+S+oHZHWdiwzEY+ymklIDWet
sGc5iSbcAXygFvcG0dNM63PRBoCnAi1ArH7irxe9uC17eGKCcnY5GepTsdU2uN9y
DcNw5hALUmNw+BrNcAsoeinEK919SeW2SFBbJMYF9pSvHxpLZQhqxy/eeGKbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuaWdbFWc6TGxFGH6qW1PBE2hbDYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxODI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Dn
MA0GCSqGSIb3DQEBCwUAA4IBAQBDzXVKT+B7H0tI3SdqcN2o7uHZTMZreRshxuW6
OIUSzusKocUGeDjfxgHfYyFE3JzOh2F7EbpKx2aoDB7K7CZfuBZEOW+iLZ4mJBmm
i+T4x/Dil6ZmPX02uPWy8/rmYpHjt1zim16wOJayuQatqC2Jta+KYDP2Z+RNZFKF
S4gX+Hnlm4seFeNlDWhzvvl6uBSZqdr9ZQh7PrJacVPw8/uy4WwoqfrLIkKFflA3
yYAUBEnYtyOFvyC8g+7muKb6VQc8+2B1y82b5j0f6pTdpiUmgDI36x7F2vP05OcT
8Qya3VTQCUV5yvD61HDfbIqKHEb/1AV19RIpx/lfM/Z+S4kJ
-----END CERTIFICATE-----