Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS61142.roa
File:                     AS61142.roa (raw, json)
Hash identifier:          Pc5738/aO6u0HKLy5ohr5TRSkSeAtt5Q9+v9n3d2w/M=
Subject key identifier:   4E:27:29:67:DC:4B:12:C3:7A:24:0B:0B:6A:88:1F:4F:EA:01:C3:72
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7A1C64737FA7BFEAE254A5F6099642A866962090
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS61142.roa
Signing time:             Wed 09 Jul 2025 20:38:41 +0000
ROA not before:           Wed 09 Jul 2025 20:33:41 +0000
ROA not after:            Wed 08 Jul 2026 20:38:41 +0000
asID:                     61142
IP address blocks:        2a0f:85c1:850::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:1c:64:73:7f:a7:bf:ea:e2:54:a5:f6:09:96:42:a8:66:96:20:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul  9 20:33:41 2025 GMT
            Not After : Jul  8 20:38:41 2026 GMT
        Subject: CN=4E272967DC4B12C37A240B0B6A881F4FEA01C372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e0:28:41:64:4c:c4:de:4c:58:c7:b6:a9:3e:
                    51:b2:17:45:83:98:e9:06:40:9e:d3:07:52:12:55:
                    2e:15:60:5d:fc:ad:00:af:b6:f8:86:93:b1:dd:7c:
                    1c:80:8e:68:e0:42:04:3b:4f:d1:b8:54:ba:52:91:
                    7a:56:e7:a5:05:90:e6:2d:f9:3d:15:a4:0b:3f:42:
                    3f:8b:ec:8a:0e:4d:c5:23:1b:be:66:e6:7b:29:3f:
                    44:f9:47:e9:de:b3:89:26:87:95:20:96:b9:25:3d:
                    9c:cd:c3:52:c7:d7:c5:25:db:a8:33:fd:7b:51:af:
                    7e:8d:22:68:22:8c:63:69:37:ec:b5:55:d3:2d:9b:
                    d4:e6:79:69:7c:f8:97:4a:56:de:3a:98:e2:28:4e:
                    92:a0:aa:2e:84:ce:08:bc:0d:a0:1b:21:4f:d4:1b:
                    d1:58:44:35:1d:15:b3:fb:fe:f9:84:aa:d2:05:a2:
                    64:1b:5f:3b:f5:96:03:a3:47:65:b2:83:f4:45:4a:
                    3a:3e:7e:30:cd:aa:9f:93:e5:8f:c4:20:17:a1:0c:
                    61:ee:e6:8e:12:97:fc:4f:08:09:72:29:10:e2:db:
                    50:e9:dc:6f:fc:1c:ec:12:0a:ce:a1:9f:40:44:5e:
                    6a:59:ae:61:09:56:65:07:97:aa:cf:d3:bd:40:c8:
                    0c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:27:29:67:DC:4B:12:C3:7A:24:0B:0B:6A:88:1F:4F:EA:01:C3:72
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS61142.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:850::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:a2:a4:24:ea:4e:5d:0b:97:90:b5:b5:20:bc:1f:70:d3:21:
         1e:bb:75:82:70:57:90:d6:f5:78:78:d7:2e:cc:08:55:b5:d9:
         50:04:b6:e8:af:61:0a:b8:8e:cf:b6:28:fd:ae:00:7f:67:14:
         a5:da:a7:56:43:8f:66:32:b1:dd:35:71:64:10:fe:7c:dd:ac:
         94:5e:9e:b8:55:3e:ac:5a:88:9d:9f:6f:c3:ed:59:50:5d:08:
         1d:1f:f1:a3:1c:09:07:63:49:36:f8:46:9b:ae:c3:b1:11:67:
         ca:1d:1e:c6:a3:a7:20:be:3c:43:77:8e:5d:5e:e8:33:37:13:
         07:20:af:08:23:d7:90:eb:05:ab:3b:b1:77:0e:70:57:34:6b:
         75:4e:fb:53:60:a5:a7:54:b3:b0:79:6c:54:86:f6:5f:ce:d1:
         c9:ef:ac:b9:66:92:fc:d0:61:05:26:81:b4:2d:a8:bf:de:28:
         06:27:ba:7a:08:6c:60:ee:ef:24:f3:fb:a9:b5:93:4d:5c:70:
         14:23:05:bf:59:ac:15:e9:87:f6:df:21:45:ec:54:cf:73:36:
         f9:63:6e:72:fa:cd:a0:db:1a:0d:48:41:93:df:0e:c2:08:d3:
         ea:52:38:b8:9b:7c:90:a0:42:9c:ad:70:ec:54:16:28:18:57:
         60:17:f6:51
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUehxkc3+nv+riVKX2CZZCqGaWIJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MDkyMDMzNDFaFw0yNjA3MDgyMDM4NDFaMDMxMTAvBgNV
BAMTKDRFMjcyOTY3REM0QjEyQzM3QTI0MEIwQjZBODgxRjRGRUEwMUMzNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp4ChBZEzE3kxYx7apPlGyF0WD
mOkGQJ7TB1ISVS4VYF38rQCvtviGk7HdfByAjmjgQgQ7T9G4VLpSkXpW56UFkOYt
+T0VpAs/Qj+L7IoOTcUjG75m5nspP0T5R+nes4kmh5UglrklPZzNw1LH18Ul26gz
/XtRr36NImgijGNpN+y1VdMtm9TmeWl8+JdKVt46mOIoTpKgqi6Ezgi8DaAbIU/U
G9FYRDUdFbP7/vmEqtIFomQbXzv1lgOjR2Wyg/RFSjo+fjDNqp+T5Y/EIBehDGHu
5o4Sl/xPCAlyKRDi21Dp3G/8HOwSCs6hn0BEXmpZrmEJVmUHl6rP071AyAzXAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUTicpZ9xLEsN6JAsLaogfT+oBw3IwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNjExNDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
CFAwDQYJKoZIhvcNAQELBQADggEBAFuipCTqTl0Ll5C1tSC8H3DTIR67dYJwV5DW
9Xh41y7MCFW12VAEtuivYQq4js+2KP2uAH9nFKXap1ZDj2Yysd01cWQQ/nzdrJRe
nrhVPqxaiJ2fb8PtWVBdCB0f8aMcCQdjSTb4Rpuuw7ERZ8odHsajpyC+PEN3jl1e
6DM3Ewcgrwgj15DrBas7sXcOcFc0a3VO+1NgpadUs7B5bFSG9l/O0cnvrLlmkvzQ
YQUmgbQtqL/eKAYnunoIbGDu7yTz+6m1k01ccBQjBb9ZrBXph/bfIUXsVM9zNvlj
bnL6zaDbGg1IQZPfDsII0+pSOLibfJCgQpytcOxUFigYV2AX9lE=
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:01:56 2025 by rpki-client