Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa
File:                     AS43350.roa (raw, json)
Hash identifier:          kS3EpUqYQyd1mrM5W9NE6KXjVEeFuOVn/QC9vfrOFqo=
Subject key identifier:   12:68:58:2F:98:D2:83:38:24:7B:9B:81:B0:9E:06:FE:91:A2:1A:CC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       375265425035440300860967EE88D1B6882FC291
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa
Signing time:             Thu 19 Mar 2026 13:06:08 +0000
ROA not before:           Thu 19 Mar 2026 13:01:08 +0000
ROA not after:            Thu 18 Mar 2027 13:06:08 +0000
asID:                     43350
IP address blocks:        179.61.242.0/24 maxlen: 24
                          181.41.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:52:65:42:50:35:44:03:00:86:09:67:ee:88:d1:b6:88:2f:c2:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 19 13:01:08 2026 GMT
            Not After : Mar 18 13:06:08 2027 GMT
        Subject: CN=1268582F98D28338247B9B81B09E06FE91A21ACC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:98:ad:eb:e2:15:ea:e5:f9:8d:5a:62:be:1e:
                    b0:4a:8a:17:8d:7f:79:50:e5:b4:ce:81:bd:cc:eb:
                    d6:0a:cf:ac:4b:12:89:79:be:12:dc:ae:82:a1:89:
                    b1:24:f5:eb:52:69:57:fb:0e:5b:b0:1c:fd:f9:88:
                    4c:c8:37:ba:97:4a:f4:8f:b8:6a:ca:bb:2a:1f:c7:
                    09:6d:b8:27:44:fc:1d:d2:f9:b9:80:9a:9a:86:6c:
                    4c:9b:df:80:75:72:0c:bd:8b:9f:3f:dc:3c:01:6d:
                    2d:d9:e4:71:f8:eb:65:c4:b3:e6:9b:04:d7:29:bd:
                    29:9f:9b:bb:18:92:f0:51:a1:1e:d9:c7:f0:a3:f4:
                    95:03:c2:ad:7c:2d:d0:07:27:f9:54:46:bf:10:0e:
                    bd:ac:f5:9c:3b:36:3f:df:02:fa:2c:a7:6b:cf:a9:
                    53:be:b6:7b:36:43:ec:46:a1:97:26:a2:90:5e:4c:
                    0c:18:e4:ff:38:4a:39:b0:c1:9f:3e:70:21:53:77:
                    d5:72:8c:88:51:3c:19:1f:ef:fa:1f:3a:64:e5:35:
                    7c:f3:80:b6:4c:45:d4:e1:b2:30:dc:94:f0:38:a3:
                    47:a1:e2:86:0a:fb:7c:24:b8:42:49:95:e6:a9:e3:
                    bb:c4:03:0c:a0:27:f6:c6:ef:4f:1d:59:50:23:cd:
                    d5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:68:58:2F:98:D2:83:38:24:7B:9B:81:B0:9E:06:FE:91:A2:1A:CC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.242.0/24
                  181.41.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:e1:af:df:13:8f:cf:42:e1:71:90:ec:63:d3:4b:73:ad:5b:
         ca:e1:e9:f6:f8:76:21:32:f5:85:38:75:3c:fb:fc:c1:f4:d6:
         f9:fb:c5:09:f2:9f:d3:b8:3d:52:cc:09:e7:71:18:91:2d:7e:
         ca:4d:44:57:fa:fe:cf:97:4c:c1:a5:81:81:0e:ed:12:c0:7a:
         fb:f9:5c:61:10:fe:3a:4d:59:e0:18:19:f5:ed:b3:5e:98:cd:
         28:d7:39:19:4d:af:6c:72:6d:5d:b1:97:8f:ec:49:c5:8f:8c:
         a3:0e:f3:be:98:09:37:27:99:80:36:38:0f:da:23:22:b9:e8:
         52:87:52:57:4c:6d:38:32:0f:2b:c5:5c:2d:65:c8:4a:db:d7:
         ae:0f:a6:95:4f:4f:3a:d2:74:3c:3f:61:86:73:e3:e4:f8:fb:
         2e:7e:05:48:d9:e9:ef:87:26:f0:a8:c5:13:49:27:c7:be:e8:
         4b:03:af:87:93:2f:55:c9:4a:50:61:da:08:18:86:05:14:eb:
         b6:e0:a8:b0:5b:ad:64:3a:aa:71:a1:c4:3c:5c:42:01:26:14:
         78:24:33:b2:d9:e3:01:65:d3:e5:8c:c0:46:2a:27:08:bc:34:
         10:eb:ee:9e:d6:4b:20:70:9f:7f:62:ed:e2:32:59:5c:22:93:
         9e:f0:f9:54
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUN1JlQlA1RAMAhgln7ojRtogvwpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTkxMzAxMDhaFw0yNzAzMTgxMzA2MDhaMDMxMTAvBgNV
BAMTKDEyNjg1ODJGOThEMjgzMzgyNDdCOUI4MUIwOUUwNkZFOTFBMjFBQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxmK3r4hXq5fmNWmK+HrBKiheN
f3lQ5bTOgb3M69YKz6xLEol5vhLcroKhibEk9etSaVf7DluwHP35iEzIN7qXSvSP
uGrKuyofxwltuCdE/B3S+bmAmpqGbEyb34B1cgy9i58/3DwBbS3Z5HH462XEs+ab
BNcpvSmfm7sYkvBRoR7Zx/Cj9JUDwq18LdAHJ/lURr8QDr2s9Zw7Nj/fAvosp2vP
qVO+tns2Q+xGoZcmopBeTAwY5P84SjmwwZ8+cCFTd9VyjIhRPBkf7/ofOmTlNXzz
gLZMRdThsjDclPA4o0eh4oYK+3wkuEJJleap47vEAwygJ/bG708dWVAjzdWNAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUEmhYL5jSgzgke5uBsJ4G/pGiGswwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDMzNTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACzPfID
BAC1KcIwDQYJKoZIhvcNAQELBQADggEBAFPhr98Tj89C4XGQ7GPTS3OtW8rh6fb4
diEy9YU4dTz7/MH01vn7xQnyn9O4PVLMCedxGJEtfspNRFf6/s+XTMGlgYEO7RLA
evv5XGEQ/jpNWeAYGfXts16YzSjXORlNr2xybV2xl4/sScWPjKMO876YCTcnmYA2
OA/aIyK56FKHUldMbTgyDyvFXC1lyErb164PppVPTzrSdDw/YYZz4+T4+y5+BUjZ
6e+HJvCoxRNJJ8e+6EsDr4eTL1XJSlBh2ggYhgUU67bgqLBbrWQ6qnGhxDxcQgEm
FHgkM7LZ4wFl0+WMwEYqJwi8NBDr7p7WSyBwn39i7eIyWVwik57w+VQ=
-----END CERTIFICATE-----