Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS201541.roa
File:                     AS201541.roa (raw, json)
Hash identifier:          BkCPycWcDxdkNOZr8tRoFaK86WH73pJrUO3R16XDpiw=
Subject key identifier:   77:6D:80:AD:89:F2:64:FF:63:F6:3B:C9:8E:11:C1:53:20:73:25:6A
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       04DE3C5AAAC8AD928C7245F35CE11A82533101B7
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS201541.roa
Signing time:             Thu 30 Apr 2026 02:16:55 +0000
ROA not before:           Thu 30 Apr 2026 02:11:55 +0000
ROA not after:            Thu 29 Apr 2027 02:16:55 +0000
asID:                     201541
IP address blocks:        2a14:7585:d000::/40 maxlen: 48
                          2a14:7587:d000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:de:3c:5a:aa:c8:ad:92:8c:72:45:f3:5c:e1:1a:82:53:31:01:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 30 02:11:55 2026 GMT
            Not After : Apr 29 02:16:55 2027 GMT
        Subject: CN=776D80AD89F264FF63F63BC98E11C1532073256A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bf:22:9f:be:7f:45:21:38:8b:38:10:a9:ff:
                    bd:76:ba:7a:dd:6b:80:e2:da:f3:03:0e:7d:3d:3c:
                    16:ea:34:f3:e0:ac:87:07:e2:d1:a7:56:05:77:ee:
                    eb:0f:bd:a2:70:83:f3:34:93:4b:5e:c5:0b:4b:2b:
                    a7:bb:5b:d1:cf:58:97:d4:bc:cc:4a:96:fc:57:cb:
                    4c:09:e9:2c:f4:99:a3:8e:d8:de:65:ae:68:d1:3d:
                    ac:d8:c1:b9:82:fd:3d:bc:c6:e9:48:d6:7d:44:aa:
                    20:86:a1:47:74:0f:0d:82:66:69:3b:e9:df:4f:d2:
                    4a:67:a5:82:8f:67:00:c9:b5:47:1a:b0:59:70:13:
                    12:67:18:b7:34:52:ff:19:aa:3a:5a:04:25:54:da:
                    7b:93:e6:4b:6c:9b:8c:f2:f7:3f:6b:2d:c4:08:8e:
                    65:a8:30:8b:e3:df:bc:d3:c5:59:86:63:15:45:5c:
                    e7:e1:b9:04:9f:94:8f:94:2f:c6:65:b1:6a:ba:71:
                    ad:52:d3:14:bf:b5:6f:f7:2c:96:a9:9a:b8:e1:25:
                    66:40:80:4c:7b:17:bc:e6:32:a8:89:53:fe:52:c7:
                    20:fc:f0:bc:11:69:a8:de:b3:8e:c1:62:02:fb:b0:
                    54:06:4e:33:f4:be:ca:0d:07:49:a3:64:5d:06:16:
                    c2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6D:80:AD:89:F2:64:FF:63:F6:3B:C9:8E:11:C1:53:20:73:25:6A
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS201541.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7585:d000::/40
                  2a14:7587:d000::/36

    Signature Algorithm: sha256WithRSAEncryption
         89:7a:6f:08:53:65:88:0e:cf:cb:83:72:c5:95:5f:8b:23:db:
         47:d8:e8:3e:12:90:6d:27:a1:67:5c:8a:43:96:07:95:0a:4b:
         61:19:68:64:7b:20:ed:17:3f:59:42:e0:2f:39:24:90:f2:d9:
         5e:33:0b:83:3a:28:80:ad:f2:9e:56:ca:5e:e5:00:97:dd:c5:
         70:10:65:e4:c9:98:cf:c0:f1:97:25:5b:68:67:d8:c6:60:8a:
         55:74:a3:97:9f:fb:6c:c9:95:88:4e:95:88:54:d8:ed:5f:05:
         1d:37:0f:44:ac:49:bb:85:a0:74:57:eb:63:16:d2:fc:97:5b:
         d6:39:0f:d5:a0:3b:af:c8:87:25:d9:26:25:36:7b:aa:c6:60:
         7f:b2:d0:d4:73:37:76:07:cf:6c:ee:38:44:d6:e5:d0:fe:af:
         d3:90:90:34:e3:0a:0c:e0:72:41:98:27:2e:ec:4f:c5:af:53:
         7a:dc:d9:49:99:4e:78:eb:cf:32:70:bd:c7:d0:5a:0f:4e:7b:
         2b:86:40:45:a2:f3:82:c4:38:bc:8a:e6:1c:32:41:5a:49:bc:
         24:fc:d9:7c:3c:25:f9:2c:fd:58:40:0d:e7:d8:de:0f:06:b8:
         82:a0:c6:02:ee:03:9c:1d:16:39:e8:30:f6:f5:83:fc:45:10:
         08:a5:f4:71
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUBN48WqrIrZKMckXzXOEaglMxAbcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MzAwMjExNTVaFw0yNzA0MjkwMjE2NTVaMDMxMTAvBgNV
BAMTKDc3NkQ4MEFEODlGMjY0RkY2M0Y2M0JDOThFMTFDMTUzMjA3MzI1NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWvyKfvn9FITiLOBCp/712unrd
a4Di2vMDDn09PBbqNPPgrIcH4tGnVgV37usPvaJwg/M0k0texQtLK6e7W9HPWJfU
vMxKlvxXy0wJ6Sz0maOO2N5lrmjRPazYwbmC/T28xulI1n1EqiCGoUd0Dw2CZmk7
6d9P0kpnpYKPZwDJtUcasFlwExJnGLc0Uv8ZqjpaBCVU2nuT5ktsm4zy9z9rLcQI
jmWoMIvj37zTxVmGYxVFXOfhuQSflI+UL8ZlsWq6ca1S0xS/tW/3LJapmrjhJWZA
gEx7F7zmMqiJU/5SxyD88LwRaajes47BYgL7sFQGTjP0vsoNB0mjZF0GFsInAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUd22ArYnyZP9j9jvJjhHBUyBzJWowHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjAxNTQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhR1
hdADBgQqFHWH0DANBgkqhkiG9w0BAQsFAAOCAQEAiXpvCFNliA7Py4NyxZVfiyPb
R9joPhKQbSehZ1yKQ5YHlQpLYRloZHsg7Rc/WULgLzkkkPLZXjMLgzoogK3ynlbK
XuUAl93FcBBl5MmYz8DxlyVbaGfYxmCKVXSjl5/7bMmViE6ViFTY7V8FHTcPRKxJ
u4WgdFfrYxbS/Jdb1jkP1aA7r8iHJdkmJTZ7qsZgf7LQ1HM3dgfPbO44RNbl0P6v
05CQNOMKDOByQZgnLuxPxa9TetzZSZlOeOvPMnC9x9BaD057K4ZARaLzgsQ4vIrm
HDJBWkm8JPzZfDwl+Sz9WEAN59jeDwa4gqDGAu4DnB0WOegw9vWD/EUQCKX0cQ==
-----END CERTIFICATE-----