Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa
File:                     AS15440.roa (raw, json)
Hash identifier:          vDOvDBn4BCgyx0722KGCmzc9T8WQf0udntbhor6sdiA=
Subject key identifier:   A7:6D:BF:63:F7:18:74:A5:05:9F:73:57:78:8B:4A:B9:10:9B:3D:39
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       119D8D7CDAD525535BB760AB0234039C3AFE7DF3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa
Signing time:             Thu 17 Jul 2025 17:54:13 +0000
ROA not before:           Thu 17 Jul 2025 17:49:13 +0000
ROA not after:            Thu 16 Jul 2026 17:54:13 +0000
asID:                     15440
IP address blocks:        181.214.147.0/24 maxlen: 24
                          191.96.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:9d:8d:7c:da:d5:25:53:5b:b7:60:ab:02:34:03:9c:3a:fe:7d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 17 17:49:13 2025 GMT
            Not After : Jul 16 17:54:13 2026 GMT
        Subject: CN=A76DBF63F71874A5059F7357788B4AB9109B3D39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:42:3d:7c:f4:88:71:d4:08:f8:1c:18:6e:e7:
                    94:a1:28:12:a2:66:dc:3d:8a:54:2c:b7:bf:95:5f:
                    92:4f:62:f6:da:8f:2e:ce:6b:c3:1e:83:29:99:df:
                    b8:9b:6f:13:fa:4b:ce:6e:78:c0:3f:c4:fd:40:a9:
                    0d:1e:46:2a:a0:f4:59:bc:ad:d8:dd:65:df:42:b4:
                    de:3b:08:69:3e:58:d5:ec:17:eb:81:88:3e:e1:70:
                    eb:98:ab:9a:00:0e:64:60:9a:89:bf:02:4b:e4:9a:
                    80:d9:21:c4:d4:c1:41:78:75:0e:9a:c8:7a:99:4a:
                    0b:15:e6:b4:75:b8:26:fe:6c:dd:9f:97:da:a0:ad:
                    48:fe:d2:ac:06:2e:55:81:ce:eb:fc:a1:5d:b7:eb:
                    55:8d:a0:d4:07:27:9c:c2:60:42:b0:fa:b9:8d:7f:
                    71:dc:ba:16:91:cc:d5:58:76:d5:82:f4:d0:54:19:
                    75:8e:3f:8f:8e:89:c9:2e:44:06:2d:e2:47:b8:49:
                    74:ff:78:b3:70:cc:53:26:0a:f4:e1:52:d0:ed:a4:
                    6b:6e:b2:1f:cc:2d:69:e3:5d:28:ea:dd:1c:eb:75:
                    fe:fa:ab:a9:0b:cb:cd:f2:62:d2:be:fa:ed:a9:79:
                    bf:46:f6:38:f3:82:7a:ce:e2:f1:e3:40:94:91:a5:
                    f9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6D:BF:63:F7:18:74:A5:05:9F:73:57:78:8B:4A:B9:10:9B:3D:39
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.147.0/24
                  191.96.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:8c:66:ec:11:5f:e2:2d:49:19:cf:60:ef:d8:9b:0a:ad:91:
         c3:46:68:9c:dd:e5:ef:e5:bf:a4:07:7a:d6:13:1b:ad:fd:ac:
         4b:5d:bb:5d:57:02:83:30:ae:c8:44:02:f4:e8:50:b6:60:4f:
         8f:10:99:3b:51:fa:6d:2a:b4:1a:c4:f4:f1:a3:e9:7b:42:92:
         fe:2d:a5:b8:b8:b8:30:d5:d4:b7:6c:ac:69:db:21:81:cb:2d:
         14:5e:c7:5d:b2:56:e4:b5:5f:fe:b6:d1:eb:e1:65:2f:19:0c:
         22:e8:c0:2f:57:27:88:d2:7a:5a:dd:6e:4d:9c:3f:76:50:7d:
         e8:7d:2b:3d:5c:bb:49:ca:98:cf:91:ea:01:d2:45:82:25:41:
         07:ec:b7:ed:9d:11:48:7f:74:82:fa:c1:e7:09:62:07:a1:cc:
         f9:f9:a2:38:a8:eb:17:c3:c5:1e:e6:89:67:19:d4:98:6e:26:
         6e:1e:9c:d2:ae:85:1e:c1:6a:39:e0:22:f2:70:39:f6:84:4d:
         82:0a:45:34:88:50:b0:67:33:0a:8e:23:d4:a9:c9:f9:4b:99:
         f0:c9:5f:6a:2a:18:48:46:45:d1:df:19:d0:99:55:a1:38:64:
         87:63:11:58:16:ed:2a:d5:77:2f:92:a6:f7:5c:ba:f9:88:26:
         ee:53:83:e1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUEZ2NfNrVJVNbt2CrAjQDnDr+ffMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MTcxNzQ5MTNaFw0yNjA3MTYxNzU0MTNaMDMxMTAvBgNV
BAMTKEE3NkRCRjYzRjcxODc0QTUwNTlGNzM1Nzc4OEI0QUI5MTA5QjNEMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkQj189Ihx1Aj4HBhu55ShKBKi
Ztw9ilQst7+VX5JPYvbajy7Oa8MegymZ37ibbxP6S85ueMA/xP1AqQ0eRiqg9Fm8
rdjdZd9CtN47CGk+WNXsF+uBiD7hcOuYq5oADmRgmom/AkvkmoDZIcTUwUF4dQ6a
yHqZSgsV5rR1uCb+bN2fl9qgrUj+0qwGLlWBzuv8oV2361WNoNQHJ5zCYEKw+rmN
f3HcuhaRzNVYdtWC9NBUGXWOP4+OickuRAYt4ke4SXT/eLNwzFMmCvThUtDtpGtu
sh/MLWnjXSjq3Rzrdf76q6kLy83yYtK++u2peb9G9jjzgnrO4vHjQJSRpfnLAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUp22/Y/cYdKUFn3NXeItKuRCbPTkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTU0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11pMD
BAC/YPUwDQYJKoZIhvcNAQELBQADggEBALeMZuwRX+ItSRnPYO/YmwqtkcNGaJzd
5e/lv6QHetYTG639rEtdu11XAoMwrshEAvToULZgT48QmTtR+m0qtBrE9PGj6XtC
kv4tpbi4uDDV1LdsrGnbIYHLLRRex12yVuS1X/620evhZS8ZDCLowC9XJ4jSelrd
bk2cP3ZQfeh9Kz1cu0nKmM+R6gHSRYIlQQfst+2dEUh/dIL6wecJYgehzPn5ojio
6xfDxR7miWcZ1JhuJm4enNKuhR7BajngIvJwOfaETYIKRTSIULBnMwqOI9SpyflL
mfDJX2oqGEhGRdHfGdCZVaE4ZIdjEVgW7SrVdy+SpvdcuvmIJu5Tg+E=
-----END CERTIFICATE-----