Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
File:                     AS43641.roa (raw, json)
Hash identifier:          lyQJ7FJ/SFmmu3CkUiEOn4sDeL2t9G8e3TofSvqKlu8=
Subject key identifier:   FE:F5:93:E3:7C:AC:59:CA:05:1C:FC:1D:64:0B:F6:30:E3:F5:8C:71
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4B58BD72868492C419F50B4106D24F9A44A9D32A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
Signing time:             Tue 07 Oct 2025 15:44:38 +0000
ROA not before:           Tue 07 Oct 2025 15:39:38 +0000
ROA not after:            Tue 06 Oct 2026 15:44:38 +0000
asID:                     43641
IP address blocks:        2.57.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:58:bd:72:86:84:92:c4:19:f5:0b:41:06:d2:4f:9a:44:a9:d3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  7 15:39:38 2025 GMT
            Not After : Oct  6 15:44:38 2026 GMT
        Subject: CN=FEF593E37CAC59CA051CFC1D640BF630E3F58C71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5f:73:23:b9:f6:bf:dc:45:aa:9a:84:d8:57:
                    7c:fc:d9:c9:69:73:23:29:6f:20:04:fb:2f:0d:7a:
                    d4:e5:7a:42:b8:10:d3:28:45:ca:e0:94:13:f1:4a:
                    de:e0:95:5b:f9:62:6e:41:fc:b8:5a:6e:d9:2f:ae:
                    0d:ea:fe:21:07:43:f0:11:cf:65:7f:f3:cc:d0:7f:
                    e1:66:1e:c9:ed:84:2f:4e:2e:6a:92:03:91:bf:5e:
                    b9:17:b8:04:00:bf:ee:8f:1c:b3:d9:4d:76:8f:59:
                    88:b3:a5:ee:91:ce:1d:7e:c2:65:4f:16:02:6f:9b:
                    e5:30:24:fc:99:a5:40:e8:1f:00:bd:0d:96:a5:e7:
                    42:f2:2b:9f:a8:71:25:bd:6b:44:c5:aa:f3:75:7e:
                    a4:b9:8e:d6:64:e3:0d:d5:36:b4:b6:22:0b:3c:6d:
                    77:db:83:e5:a6:47:0f:d1:6e:99:cf:5c:34:a9:2c:
                    b9:a5:dc:21:a1:93:d2:c8:a6:cc:4b:44:ff:9a:cf:
                    8b:9f:37:d4:86:c0:56:db:43:43:f3:87:6d:59:e4:
                    44:ab:dc:50:25:ea:c8:59:c8:16:65:a6:59:7e:5a:
                    3b:2c:af:2e:95:f2:d5:e9:f9:e2:0b:86:7f:e3:93:
                    61:48:b6:05:58:34:29:ee:e7:3c:d0:ea:ff:70:b3:
                    ad:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F5:93:E3:7C:AC:59:CA:05:1C:FC:1D:64:0B:F6:30:E3:F5:8C:71
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:ef:c9:d5:d9:3e:54:83:3f:a8:d8:0b:c1:09:60:77:89:98:
         f3:d6:ad:27:f4:cb:ea:ed:07:5d:91:f2:f0:87:b7:34:d4:e3:
         6e:74:f1:35:10:27:38:71:f4:2c:67:11:d5:cf:68:0b:fd:cb:
         fa:44:12:4e:03:3d:dd:cc:68:a9:85:3f:7d:ce:73:78:cc:72:
         7c:ea:6e:f4:d3:db:5c:e2:04:11:09:33:51:f0:eb:b1:a8:55:
         59:57:d4:56:cb:12:3f:95:28:6b:8c:1a:f2:48:c4:51:a3:3b:
         76:b4:63:4a:51:35:ba:7b:5d:79:67:44:aa:d8:24:04:1c:2d:
         ee:0d:3e:ae:9b:1d:8d:73:6f:49:2e:bc:66:c4:8b:66:b8:89:
         03:39:75:01:5e:a5:ac:de:f7:a3:79:68:11:0f:a6:4d:8c:22:
         3d:aa:63:a5:fd:e7:5c:5c:df:74:4f:d1:ef:dd:cc:ad:11:7b:
         1a:63:6b:f7:e8:80:34:bc:7c:f3:7f:4d:65:38:70:2a:32:d1:
         24:0a:80:18:7b:22:36:60:6e:fe:4c:4c:b9:9c:a0:2c:cb:6e:
         0e:15:14:af:79:fa:ba:1b:c4:7b:3a:4e:42:e1:61:06:12:75:
         52:32:ff:47:bb:75:6d:40:2c:e2:1e:d6:60:05:38:11:bc:65:
         9c:7b:19:fa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUS1i9coaEksQZ9QtBBtJPmkSp0yowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMDcxNTM5MzhaFw0yNjEwMDYxNTQ0MzhaMDMxMTAvBgNV
BAMTKEZFRjU5M0UzN0NBQzU5Q0EwNTFDRkMxRDY0MEJGNjMwRTNGNThDNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1X3Mjufa/3EWqmoTYV3z82clp
cyMpbyAE+y8NetTlekK4ENMoRcrglBPxSt7glVv5Ym5B/Lhabtkvrg3q/iEHQ/AR
z2V/88zQf+FmHsnthC9OLmqSA5G/XrkXuAQAv+6PHLPZTXaPWYizpe6Rzh1+wmVP
FgJvm+UwJPyZpUDoHwC9DZal50LyK5+ocSW9a0TFqvN1fqS5jtZk4w3VNrS2Igs8
bXfbg+WmRw/RbpnPXDSpLLml3CGhk9LIpsxLRP+az4ufN9SGwFbbQ0Pzh21Z5ESr
3FAl6shZyBZlpll+Wjssry6V8tXp+eILhn/jk2FItgVYNCnu5zzQ6v9ws63bAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU/vWT43ysWcoFHPwdZAv2MOP1jHEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAECORQw
DQYJKoZIhvcNAQELBQADggEBAFvvydXZPlSDP6jYC8EJYHeJmPPWrSf0y+rtB12R
8vCHtzTU42508TUQJzhx9CxnEdXPaAv9y/pEEk4DPd3MaKmFP33Oc3jMcnzqbvTT
21ziBBEJM1Hw67GoVVlX1FbLEj+VKGuMGvJIxFGjO3a0Y0pRNbp7XXlnRKrYJAQc
Le4NPq6bHY1zb0kuvGbEi2a4iQM5dQFepaze96N5aBEPpk2MIj2qY6X951xc33RP
0e/dzK0Rexpja/fogDS8fPN/TWU4cCoy0SQKgBh7IjZgbv5MTLmcoCzLbg4VFK95
+robxHs6TkLhYQYSdVIy/0e7dW1ALOIe1mAFOBG8ZZx7Gfo=
-----END CERTIFICATE-----