Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
File:                     AS137571.roa (raw, json)
Hash identifier:          RL5ZQ+tkNZYGumNoDRWapFEh+9JNPVRvpip1Y803fR4=
Subject key identifier:   68:92:DA:70:A2:54:19:18:A3:F0:97:AC:46:3A:C7:B9:18:A2:54:E6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5465AA0C76CD26E3BFB504CBF7FFCE586A93AC69
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
Signing time:             Wed 17 Jun 2026 15:47:41 +0000
ROA not before:           Wed 17 Jun 2026 15:42:41 +0000
ROA not after:            Wed 16 Jun 2027 15:47:41 +0000
asID:                     137571
IP address blocks:        191.101.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Jul 2026 12:22:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:65:aa:0c:76:cd:26:e3:bf:b5:04:cb:f7:ff:ce:58:6a:93:ac:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 17 15:42:41 2026 GMT
            Not After : Jun 16 15:47:41 2027 GMT
        Subject: CN=6892DA70A2541918A3F097AC463AC7B918A254E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ba:d1:02:a1:4a:4d:10:78:01:15:d5:c0:e2:
                    4a:7b:48:1f:21:f6:7a:6e:2d:39:25:1c:b9:22:d8:
                    a2:12:de:26:d2:6f:fc:3a:d1:79:ed:c5:83:ac:e4:
                    e1:5b:e7:97:12:f4:df:2c:8f:57:61:e7:1e:44:f5:
                    85:31:d1:3e:40:13:ee:69:86:ff:71:74:c8:8e:4b:
                    b8:fe:35:5c:35:f2:1c:5f:c2:77:16:4e:f6:b3:25:
                    a6:fe:8a:fe:d3:c9:3c:e6:f7:48:eb:ec:6d:22:60:
                    e0:e1:bd:f6:af:c2:cc:ed:94:be:17:ec:4f:c6:21:
                    ce:50:62:a1:18:59:c9:ae:69:d0:29:e2:7c:cb:ad:
                    32:9e:1f:7e:93:fa:da:8e:89:07:a2:4f:fa:7d:b1:
                    83:d9:50:21:bf:8d:58:16:d4:dc:e8:d2:6e:7d:1c:
                    ed:7d:dc:0f:48:a0:c8:98:1c:f3:5c:ee:ba:b7:a1:
                    88:7b:0a:70:14:3c:16:f1:fd:1f:d0:6d:19:f4:3a:
                    d0:79:58:7f:58:01:8a:a1:24:6a:24:55:c2:18:50:
                    21:12:65:29:04:4c:67:e1:5e:42:5b:d3:69:17:ec:
                    79:11:77:eb:08:2a:58:66:be:c3:2b:33:af:e2:8d:
                    d5:1f:7e:23:bb:6a:94:23:01:3e:78:21:c1:e0:e7:
                    bc:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:92:DA:70:A2:54:19:18:A3:F0:97:AC:46:3A:C7:B9:18:A2:54:E6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:b3:b4:e6:ff:e4:9d:88:68:8d:25:76:b2:7e:ff:49:2c:e7:
         13:54:50:34:c3:8c:c6:0a:0d:f1:6b:e1:81:52:03:b3:45:13:
         89:48:71:75:5b:82:f5:42:56:60:68:c1:48:12:ef:25:2e:66:
         ff:37:37:50:00:35:be:3a:f3:5e:ea:a6:d1:a8:33:6a:a2:63:
         72:06:f2:ab:75:af:74:46:2b:49:a5:76:ff:07:5b:eb:0a:15:
         03:4c:ec:73:87:6b:2e:2f:d6:9d:43:45:a9:ca:df:73:c3:1c:
         5f:d3:14:88:c6:bc:e8:cf:4a:7e:c4:25:07:94:5e:e3:bb:48:
         a2:78:a6:1d:b2:de:4b:c1:42:36:e6:7b:49:a0:be:b0:fb:8b:
         d3:dc:32:52:2a:82:63:9c:36:f7:32:bd:9f:a2:d8:b0:f5:f8:
         0f:e6:e1:6d:1c:82:d4:68:67:53:38:92:4e:b1:34:c0:94:65:
         8a:9b:aa:79:0e:b4:98:f9:e9:99:d0:b7:ac:76:e5:ea:aa:a9:
         7f:0b:ac:74:d2:5c:d7:f7:ec:57:db:5f:12:86:4b:9c:db:3f:
         56:cc:a9:38:73:15:91:7d:ac:d9:88:7f:ef:1b:67:77:ee:e8:
         27:fa:27:08:23:5f:10:c1:05:ce:99:94:82:a0:65:e8:37:9e:
         cf:79:03:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVGWqDHbNJuO/tQTL9//OWGqTrGkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTcxNTQyNDFaFw0yNzA2MTYxNTQ3NDFaMDMxMTAvBgNV
BAMTKDY4OTJEQTcwQTI1NDE5MThBM0YwOTdBQzQ2M0FDN0I5MThBMjU0RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqutECoUpNEHgBFdXA4kp7SB8h
9npuLTklHLki2KIS3ibSb/w60XntxYOs5OFb55cS9N8sj1dh5x5E9YUx0T5AE+5p
hv9xdMiOS7j+NVw18hxfwncWTvazJab+iv7TyTzm90jr7G0iYODhvfavwsztlL4X
7E/GIc5QYqEYWcmuadAp4nzLrTKeH36T+tqOiQeiT/p9sYPZUCG/jVgW1Nzo0m59
HO193A9IoMiYHPNc7rq3oYh7CnAUPBbx/R/QbRn0OtB5WH9YAYqhJGokVcIYUCES
ZSkETGfhXkJb02kX7HkRd+sIKlhmvsMrM6/ijdUffiO7apQjAT54IcHg57z1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaJLacKJUGRij8JesRjrHuRiiVOYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3NTcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Us
MA0GCSqGSIb3DQEBCwUAA4IBAQAxs7Tm/+SdiGiNJXayfv9JLOcTVFA0w4zGCg3x
a+GBUgOzRROJSHF1W4L1QlZgaMFIEu8lLmb/NzdQADW+OvNe6qbRqDNqomNyBvKr
da90RitJpXb/B1vrChUDTOxzh2suL9adQ0Wpyt9zwxxf0xSIxrzoz0p+xCUHlF7j
u0iieKYdst5LwUI25ntJoL6w+4vT3DJSKoJjnDb3Mr2fotiw9fgP5uFtHILUaGdT
OJJOsTTAlGWKm6p5DrSY+emZ0LesduXqqql/C6x00lzX9+xX218Shkuc2z9WzKk4
cxWRfazZiH/vG2d37ugn+icII18QwQXOmZSCoGXoN57PeQPC
-----END CERTIFICATE-----
Generated at Tue Jul 14 23:11:25 2026 by rpki-client