Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61254.roa
File:                     AS61254.roa (raw, json)
Hash identifier:          ooc60A8lS4Zqngi1Dj3qfQ2w06t82rL7qWelLWEW+rY=
Subject key identifier:   01:E9:89:31:A0:9A:57:BE:17:0D:2E:F3:7A:8B:2E:91:6D:06:9F:F1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       31A4AC832B23C60EF10D43F46B7DE09E551C8E3C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61254.roa
Signing time:             Mon 01 Sep 2025 20:04:52 +0000
ROA not before:           Mon 01 Sep 2025 19:59:52 +0000
ROA not after:            Mon 31 Aug 2026 20:04:52 +0000
asID:                     61254
IP address blocks:        140.233.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:a4:ac:83:2b:23:c6:0e:f1:0d:43:f4:6b:7d:e0:9e:55:1c:8e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep  1 19:59:52 2025 GMT
            Not After : Aug 31 20:04:52 2026 GMT
        Subject: CN=01E98931A09A57BE170D2EF37A8B2E916D069FF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:53:88:e6:49:9b:b3:b6:4e:05:b7:5e:ee:79:
                    65:98:9c:eb:85:00:bc:1a:20:67:8f:2c:cf:10:12:
                    bc:2e:ea:39:de:2b:39:c7:dc:5a:85:9d:99:ec:00:
                    8d:a5:e7:d0:96:56:01:da:35:da:d1:86:3a:96:89:
                    80:a6:25:72:ab:df:28:89:05:fa:60:2f:68:ba:90:
                    a7:d6:97:06:d8:fa:5c:ee:e4:ff:98:37:1f:2c:60:
                    fb:31:91:56:ca:86:35:b9:59:78:7c:c6:96:de:a1:
                    17:70:15:e3:34:c8:a2:e1:af:b9:c8:08:b7:e1:c8:
                    73:06:0d:ab:b8:02:cc:d2:bc:86:c3:d2:9d:00:78:
                    16:66:01:ab:7f:ed:40:8c:e3:b1:c7:76:b5:28:26:
                    5e:fb:2d:13:7c:9a:41:d6:4f:23:53:82:d7:a5:ed:
                    bd:2a:e3:b8:62:4c:02:21:89:5e:24:89:46:72:fd:
                    a2:c6:71:ad:3d:df:25:71:77:b1:34:23:b9:14:89:
                    b2:02:8a:e3:c3:2c:d5:cb:4e:c2:af:c8:04:54:e4:
                    03:59:fb:cc:82:6f:ea:be:8a:67:48:23:e4:d1:5d:
                    e8:e7:cc:76:8c:a4:a4:87:4a:c4:70:7f:40:6e:94:
                    f8:2e:0f:4d:19:b6:ed:31:c7:d4:5a:88:6c:a7:86:
                    f3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:E9:89:31:A0:9A:57:BE:17:0D:2E:F3:7A:8B:2E:91:6D:06:9F:F1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61254.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:08:9f:2a:7f:66:b6:af:57:92:b7:0c:09:d1:9f:f7:f6:cf:
         b4:f4:2a:a2:35:58:37:79:c1:b1:47:8b:14:56:02:ec:eb:53:
         9c:7c:9c:3f:c4:15:ec:ec:95:14:cb:a7:3a:55:cd:3e:3d:6c:
         97:dd:9e:ee:3c:a4:0c:d8:ee:ba:b1:4b:83:f6:79:de:b7:c5:
         f2:e0:68:17:67:22:5e:6e:61:7c:f1:ea:b7:76:4c:dd:f1:b4:
         5a:f1:6d:49:1f:b4:b2:81:9f:a1:86:9d:55:61:dc:7f:f3:45:
         fe:b7:10:27:e1:a3:ad:1c:e9:81:05:42:28:a0:68:4b:a5:a2:
         b3:c7:80:55:83:f6:64:6c:21:56:33:1f:20:86:47:de:5c:0e:
         b7:41:b6:e6:b2:4d:a1:0f:e5:a2:cd:69:e9:ae:e6:21:78:a6:
         9d:bb:7f:9b:47:cd:2a:0f:d1:1e:83:a9:ce:20:fb:2c:a3:43:
         77:ee:22:75:5c:fb:23:89:24:44:d7:ed:92:09:e6:13:7f:f5:
         a2:4a:1a:d6:c0:17:02:5e:65:35:5d:92:ff:77:9d:5b:b2:a2:
         8a:d0:cb:c0:79:27:2e:06:c5:78:4e:1a:d6:2c:85:35:27:17:
         8b:b3:e5:94:7d:1a:7c:d2:d0:84:d5:9d:2b:31:bb:34:66:07:
         3e:88:51:b6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMaSsgysjxg7xDUP0a33gnlUcjjwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDExOTU5NTJaFw0yNjA4MzEyMDA0NTJaMDMxMTAvBgNV
BAMTKDAxRTk4OTMxQTA5QTU3QkUxNzBEMkVGMzdBOEIyRTkxNkQwNjlGRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkU4jmSZuztk4Ft17ueWWYnOuF
ALwaIGePLM8QErwu6jneKznH3FqFnZnsAI2l59CWVgHaNdrRhjqWiYCmJXKr3yiJ
BfpgL2i6kKfWlwbY+lzu5P+YNx8sYPsxkVbKhjW5WXh8xpbeoRdwFeM0yKLhr7nI
CLfhyHMGDau4AszSvIbD0p0AeBZmAat/7UCM47HHdrUoJl77LRN8mkHWTyNTgtel
7b0q47hiTAIhiV4kiUZy/aLGca093yVxd7E0I7kUibICiuPDLNXLTsKvyARU5ANZ
+8yCb+q+imdII+TRXejnzHaMpKSHSsRwf0BulPguD00Ztu0xx9RaiGynhvPhAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAemJMaCaV74XDS7zeosukW0Gn/EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjEyNTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACM6acw
DQYJKoZIhvcNAQELBQADggEBADcInyp/ZravV5K3DAnRn/f2z7T0KqI1WDd5wbFH
ixRWAuzrU5x8nD/EFezslRTLpzpVzT49bJfdnu48pAzY7rqxS4P2ed63xfLgaBdn
Il5uYXzx6rd2TN3xtFrxbUkftLKBn6GGnVVh3H/zRf63ECfho60c6YEFQiigaEul
orPHgFWD9mRsIVYzHyCGR95cDrdBtuayTaEP5aLNaemu5iF4pp27f5tHzSoP0R6D
qc4g+yyjQ3fuInVc+yOJJETX7ZIJ5hN/9aJKGtbAFwJeZTVdkv93nVuyoorQy8B5
Jy4GxXhOGtYshTUnF4uz5ZR9GnzS0ITVnSsxuzRmBz6IUbY=
-----END CERTIFICATE-----