Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
File:                     AS13768.roa (raw, json)
Hash identifier:          l7I/sg5bggSNmU8wRmxgEdk/3z4UbdKm8531AeRFU4M=
Subject key identifier:   A2:92:8A:44:32:02:98:C6:E1:91:78:96:C2:D7:67:C5:84:84:1B:4D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7EE9F198BB0F2F0B6075D08B92DF127BE8913878
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
Signing time:             Wed 17 Jun 2026 12:47:39 +0000
ROA not before:           Wed 17 Jun 2026 12:42:39 +0000
ROA not after:            Wed 16 Jun 2027 12:47:39 +0000
asID:                     13768
IP address blocks:        181.215.249.0/24 maxlen: 24
                          191.96.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Jun 2026 14:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:e9:f1:98:bb:0f:2f:0b:60:75:d0:8b:92:df:12:7b:e8:91:38:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 17 12:42:39 2026 GMT
            Not After : Jun 16 12:47:39 2027 GMT
        Subject: CN=A2928A44320298C6E1917896C2D767C584841B4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8c:dc:d9:18:f6:ed:2b:e0:b3:00:6c:4a:4c:
                    4e:32:58:d6:70:db:31:c1:8b:f2:fb:04:a2:4a:d5:
                    a2:4d:e4:ca:dc:b5:bd:86:5f:69:26:a1:0e:47:da:
                    98:2d:fb:48:77:02:f7:e6:be:a1:e2:54:66:12:5b:
                    03:73:8b:8e:d2:99:ec:2c:35:2b:29:1a:ec:be:84:
                    50:d4:9e:17:d1:ca:7d:95:a2:ef:ba:eb:61:56:71:
                    5a:ff:52:14:12:ee:78:39:96:25:81:39:5f:ad:01:
                    cf:fd:e9:4a:2b:a6:72:97:45:1b:a9:2c:8b:05:37:
                    0a:a0:4b:d8:57:d8:94:83:1c:ab:41:65:0d:b8:62:
                    63:e0:e0:42:9f:b3:13:14:00:60:b1:a0:d5:d7:79:
                    d7:81:da:e0:34:f2:50:3b:13:82:f5:85:64:e4:40:
                    db:b2:de:da:90:ff:42:1f:73:c5:02:b6:3e:25:a7:
                    e4:c6:12:49:bb:1c:6d:d6:ce:23:9b:e8:5c:30:ef:
                    b1:ef:4d:2a:d7:05:de:d1:72:a2:9d:78:a4:c6:9a:
                    5a:f8:8d:4d:8a:d9:e4:08:b1:4d:95:0f:43:1a:c1:
                    b5:7a:15:5b:9e:8b:8f:e7:72:07:99:0c:e3:5b:18:
                    0c:9e:4d:00:96:2d:21:04:ac:eb:04:bb:4b:78:e7:
                    f9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:92:8A:44:32:02:98:C6:E1:91:78:96:C2:D7:67:C5:84:84:1B:4D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.249.0/24
                  191.96.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:fd:c5:20:b8:76:ed:4f:1d:46:ab:47:24:af:e3:fc:cf:64:
         7e:6d:31:71:9d:74:1a:b6:02:7c:c8:de:19:ae:aa:a4:b0:f4:
         12:04:6d:16:2a:de:91:67:74:f6:65:a5:e9:03:96:ca:b5:e0:
         b3:56:c8:2a:6a:2d:20:af:1c:95:02:1f:d5:83:22:0c:61:13:
         8b:d7:ef:09:72:25:12:08:90:56:a0:25:b1:56:fc:2a:64:62:
         3b:21:3a:7f:28:aa:a9:ef:1f:91:ba:85:84:57:3b:46:b8:9b:
         1a:50:9d:88:5e:29:39:59:8c:4f:e6:99:37:88:3c:69:5a:bc:
         cb:33:c2:94:af:d4:77:30:11:d0:a7:09:fa:29:cf:bb:bf:3b:
         9f:f3:cf:5b:9d:67:6a:4d:f2:d1:45:cc:85:fb:85:9d:a9:84:
         2f:d1:ff:3b:c8:24:fb:81:05:ec:ba:1a:9a:47:cd:aa:18:16:
         fb:63:26:da:94:75:1f:37:8b:61:85:2f:56:b3:65:ee:c3:e4:
         64:86:81:83:6b:49:a0:27:54:6d:25:f0:77:fa:a6:59:1a:20:
         63:6e:4b:2a:f5:9f:03:67:73:58:71:e7:2a:5c:3b:fb:3a:1f:
         ea:5e:07:e3:6f:75:fc:01:6f:87:45:3a:9f:e9:e3:b0:32:0e:
         ce:9b:97:53
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfunxmLsPLwtgddCLkt8Se+iROHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTcxMjQyMzlaFw0yNzA2MTYxMjQ3MzlaMDMxMTAvBgNV
BAMTKEEyOTI4QTQ0MzIwMjk4QzZFMTkxNzg5NkMyRDc2N0M1ODQ4NDFCNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0jNzZGPbtK+CzAGxKTE4yWNZw
2zHBi/L7BKJK1aJN5Mrctb2GX2kmoQ5H2pgt+0h3AvfmvqHiVGYSWwNzi47Smews
NSspGuy+hFDUnhfRyn2Vou+662FWcVr/UhQS7ng5liWBOV+tAc/96UorpnKXRRup
LIsFNwqgS9hX2JSDHKtBZQ24YmPg4EKfsxMUAGCxoNXXedeB2uA08lA7E4L1hWTk
QNuy3tqQ/0Ifc8UCtj4lp+TGEkm7HG3WziOb6Fww77HvTSrXBd7RcqKdeKTGmlr4
jU2K2eQIsU2VD0MawbV6FVuei4/ncgeZDONbGAyeTQCWLSEErOsEu0t45/nnAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUopKKRDICmMbhkXiWwtdnxYSEG00wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3Njgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11/kD
BAC/YB4wDQYJKoZIhvcNAQELBQADggEBAD39xSC4du1PHUarRySv4/zPZH5tMXGd
dBq2AnzI3hmuqqSw9BIEbRYq3pFndPZlpekDlsq14LNWyCpqLSCvHJUCH9WDIgxh
E4vX7wlyJRIIkFagJbFW/CpkYjshOn8oqqnvH5G6hYRXO0a4mxpQnYheKTlZjE/m
mTeIPGlavMszwpSv1HcwEdCnCfopz7u/O5/zz1udZ2pN8tFFzIX7hZ2phC/R/zvI
JPuBBey6GppHzaoYFvtjJtqUdR83i2GFL1azZe7D5GSGgYNrSaAnVG0l8Hf6plka
IGNuSyr1nwNnc1hx5ypcO/s6H+peB+NvdfwBb4dFOp/p47AyDs6bl1M=
-----END CERTIFICATE-----