Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
File:                     AS43641.roa (raw, json)
Hash identifier:          guzAIse7ySIoT+3erZeDZu4dzB5Oz+GeJFRRnmD7QY8=
Subject key identifier:   A6:0D:D5:3D:99:D1:1D:08:09:5F:AA:29:A4:48:51:C7:BD:BD:B8:92
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       06CAED65732C4F7D3FB47D9D1E37E2EA5A87DCB8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
Signing time:             Thu 21 Aug 2025 10:08:34 +0000
ROA not before:           Thu 21 Aug 2025 10:03:34 +0000
ROA not after:            Thu 20 Aug 2026 10:08:34 +0000
asID:                     43641
IP address blocks:        2.57.20.0/23 maxlen: 24
                          181.215.55.0/24 maxlen: 24
                          181.215.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:ca:ed:65:73:2c:4f:7d:3f:b4:7d:9d:1e:37:e2:ea:5a:87:dc:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 21 10:03:34 2025 GMT
            Not After : Aug 20 10:08:34 2026 GMT
        Subject: CN=A60DD53D99D11D08095FAA29A44851C7BDBDB892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:71:6e:ad:c5:d7:18:0e:b1:a1:7a:7c:9f:65:
                    c8:c3:c6:c1:d6:54:61:41:ae:ab:bd:5b:46:65:66:
                    a5:a3:8f:d1:25:f0:70:ad:8c:66:55:21:89:b7:4e:
                    d8:70:e9:53:b9:b2:6d:9a:08:92:b5:15:ad:e9:c3:
                    80:8d:3c:8f:9a:43:fd:f0:ac:b7:0a:7c:7d:eb:14:
                    96:bc:22:93:d0:63:4b:8c:6d:31:33:d8:9c:62:76:
                    50:b2:fd:50:0c:d9:66:9e:e2:75:c6:18:53:10:f1:
                    3d:dc:6b:d9:68:ed:de:d3:26:37:7d:67:e0:c6:57:
                    87:1b:7e:b0:e0:e9:41:72:de:68:b3:73:39:64:d5:
                    9b:19:4e:d7:ee:62:e6:d4:62:52:a2:3a:79:e2:29:
                    52:ed:c7:22:6e:81:5d:fc:1f:40:27:ed:09:91:a6:
                    5a:be:24:b0:31:99:c8:ee:7b:0d:64:1b:6b:88:36:
                    b7:0a:e3:2b:72:9e:13:4a:7f:2b:f3:8a:cd:64:38:
                    fa:9b:a9:f3:4a:be:3e:5c:97:66:13:16:26:17:f6:
                    83:75:8d:3a:5e:06:df:9e:ec:f2:9c:92:5b:4c:96:
                    19:f8:bd:d8:cf:87:df:49:f8:1e:77:9d:f2:7a:42:
                    f9:d5:52:32:44:e2:b7:86:72:72:9d:92:6f:0a:ff:
                    6d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:0D:D5:3D:99:D1:1D:08:09:5F:AA:29:A4:48:51:C7:BD:BD:B8:92
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.20.0/23
                  181.215.55.0/24
                  181.215.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d7:54:ba:8d:b9:fe:20:6c:68:f4:07:3f:2d:1e:14:ce:4a:
         f0:19:e0:5b:1b:a3:e0:96:11:d7:8b:47:00:19:f0:7f:55:5e:
         82:cd:1a:dc:e5:d4:bb:3f:c3:24:43:4a:a5:3b:06:83:ae:46:
         07:b4:40:5d:27:d4:ef:04:00:5d:51:79:14:63:81:21:88:9c:
         23:df:65:97:c2:34:eb:46:5d:b2:c9:25:9f:6d:e4:95:27:57:
         71:88:ce:76:f1:54:8e:c5:f0:d5:29:3a:dc:e0:86:f3:82:97:
         61:79:3f:e8:b1:cc:d4:52:8b:6b:f9:e0:3e:79:b6:6e:ae:f5:
         ea:fd:23:e6:b5:32:23:71:1a:eb:2b:83:20:29:2e:39:28:2c:
         4b:38:17:fe:4f:d7:20:8d:98:74:2f:be:39:8c:55:fc:8b:4d:
         f9:f2:22:1c:e8:94:c4:6f:8b:bd:f6:4f:58:73:fa:f5:8a:80:
         7b:ac:db:a8:61:74:7f:35:29:ce:5e:ea:3a:c2:93:5b:18:03:
         76:49:f8:50:59:3b:2b:ad:a8:91:cb:10:d9:73:cf:f8:b6:d9:
         48:47:b8:23:15:01:85:aa:12:82:a4:fd:a3:49:48:ce:33:e6:
         cc:d8:78:5c:76:02:81:52:09:27:e4:65:fa:a1:8b:ed:13:a0:
         90:bd:bb:8c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUBsrtZXMsT30/tH2dHjfi6lqH3LgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjExMDAzMzRaFw0yNjA4MjAxMDA4MzRaMDMxMTAvBgNV
BAMTKEE2MERENTNEOTlEMTFEMDgwOTVGQUEyOUE0NDg1MUM3QkRCREI4OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYcW6txdcYDrGhenyfZcjDxsHW
VGFBrqu9W0ZlZqWjj9El8HCtjGZVIYm3Tthw6VO5sm2aCJK1Fa3pw4CNPI+aQ/3w
rLcKfH3rFJa8IpPQY0uMbTEz2JxidlCy/VAM2Wae4nXGGFMQ8T3ca9lo7d7TJjd9
Z+DGV4cbfrDg6UFy3mizczlk1ZsZTtfuYubUYlKiOnniKVLtxyJugV38H0An7QmR
plq+JLAxmcjuew1kG2uINrcK4ytynhNKfyvzis1kOPqbqfNKvj5cl2YTFiYX9oN1
jTpeBt+e7PKckltMlhn4vdjPh99J+B53nfJ6QvnVUjJE4reGcnKdkm8K/22PAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUpg3VPZnRHQgJX6oppEhRx729uJIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAECORQD
BAC11zcDBAC11z4wDQYJKoZIhvcNAQELBQADggEBAAHXVLqNuf4gbGj0Bz8tHhTO
SvAZ4Fsbo+CWEdeLRwAZ8H9VXoLNGtzl1Ls/wyRDSqU7BoOuRge0QF0n1O8EAF1R
eRRjgSGInCPfZZfCNOtGXbLJJZ9t5JUnV3GIznbxVI7F8NUpOtzghvOCl2F5P+ix
zNRSi2v54D55tm6u9er9I+a1MiNxGusrgyApLjkoLEs4F/5P1yCNmHQvvjmMVfyL
TfnyIhzolMRvi732T1hz+vWKgHus26hhdH81Kc5e6jrCk1sYA3ZJ+FBZOyutqJHL
ENlzz/i22UhHuCMVAYWqEoKk/aNJSM4z5szYeFx2AoFSCSfkZfqhi+0ToJC9u4w=
-----END CERTIFICATE-----