Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
File:                     AS61317.roa (raw, json)
Hash identifier:          UlKufyrvyoDknT5gMDH+t4LN3L1uXzrYI9YyYU0KONw=
Subject key identifier:   20:AB:BB:80:78:22:BB:93:94:06:5C:E6:97:C5:56:32:6C:9F:A6:A5
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5436A4166B56F65981C90AD9B8540E5DA95193A1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
Signing time:             Wed 04 Feb 2026 08:23:39 +0000
ROA not before:           Wed 04 Feb 2026 08:18:39 +0000
ROA not after:            Wed 03 Feb 2027 08:23:39 +0000
asID:                     61317
IP address blocks:        147.79.29.0/24 maxlen: 24
                          148.135.162.0/24 maxlen: 24
                          167.148.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:36:a4:16:6b:56:f6:59:81:c9:0a:d9:b8:54:0e:5d:a9:51:93:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  4 08:18:39 2026 GMT
            Not After : Feb  3 08:23:39 2027 GMT
        Subject: CN=20ABBB807822BB9394065CE697C556326C9FA6A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:35:7c:69:e3:e6:9f:38:35:9a:4b:b1:9f:71:
                    f1:40:47:a8:5e:c7:e6:28:1f:28:c6:de:47:13:93:
                    e0:c4:e4:da:d4:bb:a2:d9:a8:d5:23:7f:27:b0:98:
                    22:13:ca:fc:f9:b9:c2:5b:21:94:0c:4d:c1:49:98:
                    9a:03:cc:66:51:75:25:5c:46:25:65:6a:8a:61:32:
                    ed:75:ba:0e:ee:4c:4d:ed:7c:6b:9c:a4:e3:d0:64:
                    a1:00:f2:35:3a:53:2d:9b:f2:0a:45:b5:5d:c5:d5:
                    e1:36:d2:87:97:d3:c5:30:67:0b:03:2c:ab:7f:8c:
                    79:96:38:d8:d3:1a:51:ef:5d:4f:22:ff:f3:92:27:
                    e3:64:38:d6:89:cc:bd:e8:59:7d:a3:8a:b0:fc:aa:
                    26:15:30:60:21:02:fb:cb:f2:60:a9:d2:9f:cf:2b:
                    ff:c7:15:03:1c:1c:80:a4:23:21:f3:34:91:16:ee:
                    d1:c0:f8:16:d8:38:20:d3:12:63:44:2e:57:59:1e:
                    f2:db:4f:84:89:fb:cc:ce:32:0f:b6:0d:eb:d3:9d:
                    bc:5d:94:26:84:98:09:c0:ab:39:7c:70:40:20:75:
                    24:37:75:af:06:9b:70:5e:3d:05:30:28:ea:92:47:
                    7b:41:f9:03:58:e3:10:b7:0b:cb:ce:f7:b2:f5:78:
                    9e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:AB:BB:80:78:22:BB:93:94:06:5C:E6:97:C5:56:32:6C:9F:A6:A5
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.29.0/24
                  148.135.162.0/24
                  167.148.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:5d:b5:07:4e:4e:73:94:5d:bc:82:b6:59:4a:9b:b5:ba:e1:
         58:66:e3:69:28:25:72:51:89:93:2e:3c:83:47:16:1c:39:f3:
         3c:90:f9:2e:5a:a1:b1:1f:47:e6:8f:36:5d:c2:11:b6:a0:f8:
         63:1e:5a:36:43:da:e0:90:77:33:93:ff:88:cb:ba:93:3e:c8:
         20:7c:77:e1:11:19:5d:bc:43:c9:22:f1:3a:a7:38:80:e6:ed:
         04:29:e1:86:3c:8b:7b:24:8d:96:68:64:12:de:d5:ba:2b:f5:
         c1:96:9f:75:ca:09:ad:f6:88:e2:00:29:97:0b:64:2d:95:2d:
         a6:d9:72:d3:3b:16:f5:12:66:2f:6a:de:d7:18:a7:15:cc:88:
         81:29:b1:38:1c:c1:ec:b8:ae:d3:12:da:73:a1:ca:85:84:82:
         e3:d5:47:8a:4a:66:e9:9e:bd:82:c7:bc:c7:46:72:f5:12:c5:
         81:4a:07:76:8c:63:fe:c0:19:80:a1:ee:06:97:26:e1:76:48:
         f9:fb:a6:76:b0:23:8a:ae:22:c0:26:66:ce:a9:44:07:b8:c7:
         fa:5f:80:18:09:40:16:db:b6:35:a5:48:e0:43:a4:cf:d7:30:
         51:4b:90:75:81:2b:e1:2c:8b:74:7f:fa:ae:08:e9:7e:08:8c:
         57:9b:5a:a1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUVDakFmtW9lmByQrZuFQOXalRk6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDQwODE4MzlaFw0yNzAyMDMwODIzMzlaMDMxMTAvBgNV
BAMTKDIwQUJCQjgwNzgyMkJCOTM5NDA2NUNFNjk3QzU1NjMyNkM5RkE2QTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYNXxp4+afODWaS7GfcfFAR6he
x+YoHyjG3kcTk+DE5NrUu6LZqNUjfyewmCITyvz5ucJbIZQMTcFJmJoDzGZRdSVc
RiVlaophMu11ug7uTE3tfGucpOPQZKEA8jU6Uy2b8gpFtV3F1eE20oeX08UwZwsD
LKt/jHmWONjTGlHvXU8i//OSJ+NkONaJzL3oWX2jirD8qiYVMGAhAvvL8mCp0p/P
K//HFQMcHICkIyHzNJEW7tHA+BbYOCDTEmNELldZHvLbT4SJ+8zOMg+2DevTnbxd
lCaEmAnAqzl8cEAgdSQ3da8Gm3BePQUwKOqSR3tB+QNY4xC3C8vO97L1eJ7vAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUIKu7gHgiu5OUBlzml8VWMmyfpqUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjEzMTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACTTx0D
BACUh6IDBACnlJwwDQYJKoZIhvcNAQELBQADggEBAJldtQdOTnOUXbyCtllKm7W6
4Vhm42koJXJRiZMuPINHFhw58zyQ+S5aobEfR+aPNl3CEbag+GMeWjZD2uCQdzOT
/4jLupM+yCB8d+ERGV28Q8ki8TqnOIDm7QQp4YY8i3skjZZoZBLe1bor9cGWn3XK
Ca32iOIAKZcLZC2VLabZctM7FvUSZi9q3tcYpxXMiIEpsTgcwey4rtMS2nOhyoWE
guPVR4pKZumevYLHvMdGcvUSxYFKB3aMY/7AGYCh7gaXJuF2SPn7pnawI4quIsAm
Zs6pRAe4x/pfgBgJQBbbtjWlSOBDpM/XMFFLkHWBK+Esi3R/+q4I6X4IjFebWqE=
-----END CERTIFICATE-----