Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
File:                     AS61317.roa (raw, json)
Hash identifier:          zgWD+tRI8XZciimGjCvExqtg1eBrf3ayOTByYuFS/9s=
Subject key identifier:   D8:60:F6:BB:3D:B7:6A:65:8D:D1:9A:68:B1:3F:94:EA:C6:AF:0C:52
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       35E679FE442B24399B15603746117887DA650D2E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
Signing time:             Mon 25 Aug 2025 00:00:09 +0000
ROA not before:           Sun 24 Aug 2025 23:55:09 +0000
ROA not after:            Mon 24 Aug 2026 00:00:09 +0000
asID:                     61317
IP address blocks:        147.79.29.0/24 maxlen: 24
                          148.135.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:e6:79:fe:44:2b:24:39:9b:15:60:37:46:11:78:87:da:65:0d:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 24 23:55:09 2025 GMT
            Not After : Aug 24 00:00:09 2026 GMT
        Subject: CN=D860F6BB3DB76A658DD19A68B13F94EAC6AF0C52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4c:a9:9f:e1:66:22:1c:d7:1a:37:18:2f:50:
                    e1:39:49:57:bb:5c:29:b8:b4:1d:2f:0c:b7:34:e5:
                    a1:81:fe:a7:9a:82:c9:7e:1d:2b:7a:73:85:e2:1f:
                    c2:16:69:eb:7a:63:e4:54:72:e1:97:11:e2:62:72:
                    f8:53:3e:e2:c9:48:1b:d2:c7:1f:7d:b2:d7:a3:02:
                    3b:02:91:21:9e:de:dc:74:e5:c6:cc:fd:6c:20:75:
                    cd:02:0a:c7:98:04:ac:f0:93:dc:e3:a6:93:54:28:
                    a3:02:73:0b:e6:42:21:7a:7a:27:c5:48:31:b6:51:
                    23:80:59:e0:4b:ae:a5:2a:b8:1d:dd:69:bf:a7:1f:
                    69:d3:04:37:19:db:67:28:57:60:66:8b:2c:59:65:
                    f9:d8:72:4c:18:14:2b:09:19:a9:29:8e:9b:5d:f9:
                    04:29:84:da:93:b4:a5:da:b1:ff:ae:fc:0b:c0:36:
                    34:ec:49:41:98:ef:9d:4a:83:ed:51:49:69:87:48:
                    a3:eb:9e:fd:07:d2:bd:67:76:85:52:13:cb:ab:bb:
                    0d:68:9b:db:af:09:b6:ca:3c:a3:e7:4d:40:b6:6e:
                    8b:e8:16:40:36:0b:8e:50:3d:51:94:61:9e:ec:cd:
                    6e:42:81:1d:3d:f4:34:12:fb:4f:00:95:f3:25:23:
                    4f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:60:F6:BB:3D:B7:6A:65:8D:D1:9A:68:B1:3F:94:EA:C6:AF:0C:52
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.29.0/24
                  148.135.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:26:43:56:ba:da:0b:79:50:55:57:95:af:3d:a8:75:3f:d7:
         76:12:63:3e:39:bd:78:f0:e7:33:75:af:85:f6:45:4a:9a:a1:
         a9:37:bb:85:28:29:2e:67:02:58:61:a7:f4:95:52:7e:87:f8:
         bc:8d:5d:5d:30:02:16:92:99:5a:49:b4:8e:b7:1f:f1:32:eb:
         83:b9:e2:f8:08:33:6e:73:1f:13:51:fe:09:c5:5e:64:67:40:
         0f:d2:e1:b0:f5:4f:ab:3f:53:ad:96:a2:df:3c:a7:56:b0:c2:
         f8:07:9d:db:c4:d2:ee:35:8f:c4:a4:c9:ae:1a:06:a4:f0:b7:
         11:93:3f:7d:dc:64:da:15:f3:3c:af:ac:c3:08:58:d3:26:6e:
         18:a0:0d:56:da:2b:0f:bd:ff:19:49:a5:16:fe:59:91:73:27:
         d2:df:21:63:93:d4:f1:ca:d7:de:1f:9e:3c:0f:5a:ed:23:27:
         12:ae:79:97:82:ab:05:7c:3a:fd:78:2a:13:54:23:53:fe:68:
         e6:de:d6:9e:5a:5c:4d:21:35:25:32:4c:d5:a2:23:a4:33:fe:
         fe:31:b7:80:92:b6:d3:49:88:bb:34:0d:5f:3a:43:b9:df:fe:
         08:7a:75:81:69:dd:83:3f:59:46:9d:bb:ae:83:e0:47:14:7f:
         ba:94:b4:d3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUNeZ5/kQrJDmbFWA3RhF4h9plDS4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjQyMzU1MDlaFw0yNjA4MjQwMDAwMDlaMDMxMTAvBgNV
BAMTKEQ4NjBGNkJCM0RCNzZBNjU4REQxOUE2OEIxM0Y5NEVBQzZBRjBDNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTKmf4WYiHNcaNxgvUOE5SVe7
XCm4tB0vDLc05aGB/qeagsl+HSt6c4XiH8IWaet6Y+RUcuGXEeJicvhTPuLJSBvS
xx99stejAjsCkSGe3tx05cbM/Wwgdc0CCseYBKzwk9zjppNUKKMCcwvmQiF6eifF
SDG2USOAWeBLrqUquB3dab+nH2nTBDcZ22coV2BmiyxZZfnYckwYFCsJGakpjptd
+QQphNqTtKXasf+u/AvANjTsSUGY751Kg+1RSWmHSKPrnv0H0r1ndoVSE8uruw1o
m9uvCbbKPKPnTUC2bovoFkA2C45QPVGUYZ7szW5CgR099DQS+08AlfMlI0/XAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU2GD2uz23amWN0ZposT+U6savDFIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjEzMTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACTTx0D
BACUh6IwDQYJKoZIhvcNAQELBQADggEBALgmQ1a62gt5UFVXla89qHU/13YSYz45
vXjw5zN1r4X2RUqaoak3u4UoKS5nAlhhp/SVUn6H+LyNXV0wAhaSmVpJtI63H/Ey
64O54vgIM25zHxNR/gnFXmRnQA/S4bD1T6s/U62Wot88p1awwvgHndvE0u41j8Sk
ya4aBqTwtxGTP33cZNoV8zyvrMMIWNMmbhigDVbaKw+9/xlJpRb+WZFzJ9LfIWOT
1PHK194fnjwPWu0jJxKueZeCqwV8Ov14KhNUI1P+aObe1p5aXE0hNSUyTNWiI6Qz
/v4xt4CSttNJiLs0DV86Q7nf/gh6dYFp3YM/WUadu66D4EcUf7qUtNM=
-----END CERTIFICATE-----