Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51561.roa
File:                     AS51561.roa (raw, json)
Hash identifier:          teKzxvec0lUpT4iXCmOF5jghkiw24cyAV39GweW6wk0=
Subject key identifier:   AB:0E:63:AD:48:90:10:0D:35:D8:88:6F:4D:11:E7:81:A0:3C:13:AA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6DE1F87BF0C5DC5DCEB2F1599754AA6004A08E00
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51561.roa
Signing time:             Tue 15 Jul 2025 10:54:13 +0000
ROA not before:           Tue 15 Jul 2025 10:49:13 +0000
ROA not after:            Tue 14 Jul 2026 10:54:13 +0000
asID:                     51561
IP address blocks:        181.215.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:e1:f8:7b:f0:c5:dc:5d:ce:b2:f1:59:97:54:aa:60:04:a0:8e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 15 10:49:13 2025 GMT
            Not After : Jul 14 10:54:13 2026 GMT
        Subject: CN=AB0E63AD4890100D35D8886F4D11E781A03C13AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e6:72:bf:e6:ed:4c:89:cc:b3:93:14:d0:72:
                    5a:bd:93:8b:6b:c8:5f:b9:be:9c:37:ef:b2:36:7b:
                    a9:f8:cc:05:40:74:b6:92:2a:6a:72:cd:f6:78:b4:
                    bf:76:63:c7:71:8a:9b:3f:df:f7:86:f3:de:cf:be:
                    c6:4e:aa:d8:a7:bf:19:8d:da:67:43:d7:e8:4a:45:
                    6e:3c:63:30:a9:19:ef:8a:b2:c0:a9:8e:06:08:f5:
                    f9:f5:ff:34:e4:91:d5:05:dc:89:42:a9:77:42:d7:
                    8c:d1:bb:0c:46:75:95:99:45:36:28:f8:05:22:43:
                    21:e4:43:48:e0:67:40:66:33:2d:07:c8:09:3d:bd:
                    75:bc:94:ab:1b:1b:11:a3:9e:53:8e:18:04:c3:9b:
                    d4:68:e4:f7:b5:35:eb:8b:b3:e9:b8:f6:60:ad:7b:
                    2a:93:0b:81:45:5c:e7:58:36:8b:69:9e:7a:5c:93:
                    31:c9:c4:dc:d8:75:1d:54:95:b3:30:18:ec:d3:5c:
                    8d:1f:b2:33:d4:62:8e:61:6b:6b:70:1b:fd:0f:9c:
                    e2:2b:f0:15:ea:1a:d5:79:5a:46:0c:cd:53:b9:b8:
                    43:41:6b:c6:85:64:c1:48:10:93:a8:df:5f:45:0e:
                    47:df:77:7e:bc:5a:ea:76:6d:70:59:c9:b2:cf:9d:
                    86:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:0E:63:AD:48:90:10:0D:35:D8:88:6F:4D:11:E7:81:A0:3C:13:AA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51561.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:db:47:38:fd:7f:14:f3:1e:4f:06:72:02:e8:b9:71:11:ce:
         aa:fd:9a:11:e1:ab:31:47:7c:7f:ac:d1:7b:ce:fd:b3:5b:e1:
         cb:fd:a2:cc:25:2b:84:80:c7:41:06:93:de:36:f7:31:d5:83:
         48:e8:29:2f:e7:70:a7:7b:79:5d:c1:1c:d4:c8:f1:cb:c5:ef:
         5e:95:4c:a9:70:48:9e:0d:5d:1e:33:97:98:5c:6a:30:9a:1d:
         0a:2a:98:f4:b3:43:29:73:66:68:f4:ad:d6:6e:44:72:39:7c:
         1a:3e:b9:53:18:f0:a4:78:2e:02:b2:8c:72:0e:dd:f7:09:94:
         ff:81:62:fc:10:7e:32:14:04:a9:86:c1:27:db:61:08:0c:02:
         c5:ec:79:ca:68:f5:ec:26:94:d5:ea:57:46:fd:22:45:5e:94:
         5f:ca:07:4d:44:cc:47:11:e2:42:3a:7c:ed:6b:68:0b:6e:08:
         e5:75:61:e0:bd:ec:e3:ee:af:48:f1:d1:ed:34:99:71:66:bd:
         92:49:f9:92:ea:d3:62:b0:7a:04:1d:f2:8d:58:00:5a:16:23:
         47:5a:0e:cc:bb:35:34:3c:34:a7:fd:6d:be:b3:9a:67:25:17:
         a2:d9:3a:02:f3:50:d1:03:d8:91:32:5e:3f:77:be:42:f6:36:
         91:a4:5d:a6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbeH4e/DF3F3OsvFZl1SqYASgjgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MTUxMDQ5MTNaFw0yNjA3MTQxMDU0MTNaMDMxMTAvBgNV
BAMTKEFCMEU2M0FENDg5MDEwMEQzNUQ4ODg2RjREMTFFNzgxQTAzQzEzQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC15nK/5u1MicyzkxTQclq9k4tr
yF+5vpw377I2e6n4zAVAdLaSKmpyzfZ4tL92Y8dxips/3/eG897PvsZOqtinvxmN
2mdD1+hKRW48YzCpGe+KssCpjgYI9fn1/zTkkdUF3IlCqXdC14zRuwxGdZWZRTYo
+AUiQyHkQ0jgZ0BmMy0HyAk9vXW8lKsbGxGjnlOOGATDm9Ro5Pe1NeuLs+m49mCt
eyqTC4FFXOdYNotpnnpckzHJxNzYdR1UlbMwGOzTXI0fsjPUYo5ha2twG/0PnOIr
8BXqGtV5WkYMzVO5uENBa8aFZMFIEJOo319FDkffd368Wup2bXBZybLPnYYbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUqw5jrUiQEA012IhvTRHngaA8E6owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTE1NjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11yAw
DQYJKoZIhvcNAQELBQADggEBAIHbRzj9fxTzHk8GcgLouXERzqr9mhHhqzFHfH+s
0XvO/bNb4cv9oswlK4SAx0EGk9429zHVg0joKS/ncKd7eV3BHNTI8cvF716VTKlw
SJ4NXR4zl5hcajCaHQoqmPSzQylzZmj0rdZuRHI5fBo+uVMY8KR4LgKyjHIO3fcJ
lP+BYvwQfjIUBKmGwSfbYQgMAsXsecpo9ewmlNXqV0b9IkVelF/KB01EzEcR4kI6
fO1raAtuCOV1YeC97OPur0jx0e00mXFmvZJJ+ZLq02KwegQd8o1YAFoWI0daDsy7
NTQ8NKf9bb6zmmclF6LZOgLzUNED2JEyXj93vkL2NpGkXaY=
-----END CERTIFICATE-----