Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
File:                     AS205771.roa (raw, json)
Hash identifier:          n3vUojHlS0t0gmbOfpr3SeW5EGsFvnP3Vyfqwa5Jjgc=
Subject key identifier:   7B:10:2F:30:29:39:BF:51:C5:FD:07:B1:3C:F8:E3:C4:76:C6:6F:A9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4D017648D37DC3DA12F45DB5662781E7DA253E66
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
Signing time:             Thu 03 Jul 2025 14:54:13 +0000
ROA not before:           Thu 03 Jul 2025 14:49:13 +0000
ROA not after:            Thu 02 Jul 2026 14:54:13 +0000
asID:                     205771
IP address blocks:        191.101.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:01:76:48:d3:7d:c3:da:12:f4:5d:b5:66:27:81:e7:da:25:3e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  3 14:49:13 2025 GMT
            Not After : Jul  2 14:54:13 2026 GMT
        Subject: CN=7B102F302939BF51C5FD07B13CF8E3C476C66FA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:be:09:4d:74:3f:ca:b2:f5:18:a8:42:27:d8:
                    65:c2:c4:79:d4:38:01:a9:f5:fc:be:16:99:7f:c1:
                    6b:db:c0:69:5e:43:0d:c4:9e:a1:4d:00:7f:53:99:
                    c7:2e:25:54:9d:c5:1c:33:96:6a:0c:0a:a0:45:da:
                    b4:48:50:7b:cd:74:12:57:cb:32:47:77:e7:47:cd:
                    5e:58:72:9d:b5:e6:63:62:b0:d4:08:71:4d:4e:df:
                    00:1d:e0:3f:ed:8e:f5:f4:cb:00:a8:d4:47:c7:a7:
                    84:ad:97:1c:2f:8e:80:40:4e:f9:d2:26:37:d7:37:
                    4d:0f:07:ed:a3:3c:7c:27:45:c5:a2:6a:39:c3:a8:
                    51:34:08:12:ca:80:4b:86:71:e3:52:c4:a8:5e:a8:
                    6d:42:27:7d:84:59:82:22:55:fd:08:d1:f4:d0:0d:
                    35:7d:c0:40:21:47:10:0a:41:20:52:d6:50:25:80:
                    62:ca:66:bd:3d:91:f4:72:0c:b6:15:6c:46:88:e6:
                    ee:7d:e4:2d:fa:04:8b:37:0b:c2:94:1c:c2:81:60:
                    06:4d:ac:b6:23:57:61:8d:c4:92:0f:1c:2a:5c:18:
                    bf:8d:1c:7e:cd:b4:93:fa:6e:e1:d7:65:e0:49:ed:
                    7d:53:34:67:8e:93:4e:03:58:a9:5e:94:df:88:89:
                    39:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:10:2F:30:29:39:BF:51:C5:FD:07:B1:3C:F8:E3:C4:76:C6:6F:A9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:db:db:04:32:e2:5d:c5:93:f3:1f:d0:fb:80:3d:a2:8a:a8:
         0f:61:c7:e3:77:d1:2d:88:f7:8e:77:c4:c3:19:32:ce:c9:63:
         94:6d:75:99:11:84:1f:8b:39:30:87:3a:12:b5:5d:63:61:0e:
         4c:e7:86:57:6b:65:4e:ba:11:e4:18:70:e7:fa:c4:12:c8:df:
         04:6a:63:b0:90:0a:26:8f:28:46:2b:50:89:d5:e0:ce:97:31:
         97:0d:88:36:04:ab:99:4d:e0:05:d1:70:41:e2:e3:9e:dc:0c:
         cc:59:f7:4a:3c:8f:65:f2:4f:53:d9:d6:69:f6:6c:f5:cf:1d:
         3e:bc:a0:01:46:b8:4d:a8:e0:07:b8:c5:7d:ee:73:ac:ad:27:
         9c:12:1b:1c:fe:d7:a3:cd:50:48:19:76:cc:ae:81:4b:c0:78:
         8b:be:54:bf:4e:53:9b:60:36:29:40:28:32:f2:8d:91:6c:69:
         b1:9a:c5:16:4c:89:8a:2f:e6:43:2f:11:67:bb:f3:57:4f:99:
         34:a1:d5:ca:21:f9:23:83:78:5e:17:9f:d0:4a:7f:8c:81:5b:
         0f:06:f7:7f:ae:b7:68:d0:d4:50:b7:2f:c8:83:b0:a9:5a:df:
         ff:11:13:8d:91:24:80:d7:d1:18:ff:5c:37:89:2a:41:49:c7:
         22:b9:e5:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTQF2SNN9w9oS9F21ZieB59olPmYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDMxNDQ5MTNaFw0yNjA3MDIxNDU0MTNaMDMxMTAvBgNV
BAMTKDdCMTAyRjMwMjkzOUJGNTFDNUZEMDdCMTNDRjhFM0M0NzZDNjZGQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQvglNdD/KsvUYqEIn2GXCxHnU
OAGp9fy+Fpl/wWvbwGleQw3EnqFNAH9TmccuJVSdxRwzlmoMCqBF2rRIUHvNdBJX
yzJHd+dHzV5Ycp215mNisNQIcU1O3wAd4D/tjvX0ywCo1EfHp4StlxwvjoBATvnS
JjfXN00PB+2jPHwnRcWiajnDqFE0CBLKgEuGceNSxKheqG1CJ32EWYIiVf0I0fTQ
DTV9wEAhRxAKQSBS1lAlgGLKZr09kfRyDLYVbEaI5u595C36BIs3C8KUHMKBYAZN
rLYjV2GNxJIPHCpcGL+NHH7NtJP6buHXZeBJ7X1TNGeOk04DWKlelN+IiTnXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUexAvMCk5v1HF/QexPPjjxHbGb6kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2UY
MA0GCSqGSIb3DQEBCwUAA4IBAQCH29sEMuJdxZPzH9D7gD2iiqgPYcfjd9EtiPeO
d8TDGTLOyWOUbXWZEYQfizkwhzoStV1jYQ5M54ZXa2VOuhHkGHDn+sQSyN8EamOw
kAomjyhGK1CJ1eDOlzGXDYg2BKuZTeAF0XBB4uOe3AzMWfdKPI9l8k9T2dZp9mz1
zx0+vKABRrhNqOAHuMV97nOsrSecEhsc/tejzVBIGXbMroFLwHiLvlS/TlObYDYp
QCgy8o2RbGmxmsUWTImKL+ZDLxFnu/NXT5k0odXKIfkjg3heF5/QSn+MgVsPBvd/
rrdo0NRQty/Ig7CpWt//ERONkSSA19EY/1w3iSpBScciueWC
-----END CERTIFICATE-----