Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140641.roa
File:                     AS140641.roa (raw, json)
Hash identifier:          YG0bFI++EkQd4nizdJbqQ3m6DkGOtE2pzNNCQo2FFpY=
Subject key identifier:   DF:27:5F:DD:5E:4A:24:92:13:62:42:02:D8:67:B4:CB:B9:02:8A:49
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       408736649E33577654DB92CDE64227A600590D8D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140641.roa
Signing time:             Fri 29 Aug 2025 14:51:05 +0000
ROA not before:           Fri 29 Aug 2025 14:46:05 +0000
ROA not after:            Fri 28 Aug 2026 14:51:05 +0000
asID:                     140641
IP address blocks:        181.214.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:87:36:64:9e:33:57:76:54:db:92:cd:e6:42:27:a6:00:59:0d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 29 14:46:05 2025 GMT
            Not After : Aug 28 14:51:05 2026 GMT
        Subject: CN=DF275FDD5E4A249213624202D867B4CBB9028A49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f4:7d:72:e1:f8:a7:97:1b:5f:1f:24:fa:35:
                    d3:29:c2:3e:60:d8:17:12:bd:1e:1f:40:a2:63:5f:
                    86:73:1f:1a:02:23:30:64:7d:f8:09:64:2f:b4:29:
                    b4:ae:96:b6:e5:09:e5:3c:7b:b3:2e:2e:f2:40:d3:
                    da:f5:f7:17:6a:76:2c:bb:1a:37:51:97:a7:a7:52:
                    fe:ac:05:4b:8c:1a:44:73:ba:0d:3e:aa:7f:fb:c4:
                    b0:55:83:18:9a:fd:21:fb:02:26:50:81:26:58:63:
                    8f:62:29:c1:32:bd:02:4a:db:e7:45:81:d0:08:a9:
                    6e:2b:1f:ec:68:22:08:fa:22:6e:44:64:4e:a2:20:
                    ac:36:1f:05:86:5a:6f:e7:d1:4b:56:14:15:7b:3c:
                    10:10:c3:b5:f0:c0:19:cb:d7:5c:59:90:6f:69:68:
                    12:22:ea:f7:24:4d:28:e3:91:cb:cc:14:79:ec:2d:
                    28:e9:5b:49:34:2c:d7:a9:d8:11:3f:ff:d0:df:2d:
                    18:b6:88:35:e7:e1:64:e8:a8:de:50:f1:d1:c9:c1:
                    27:c8:7a:69:44:70:fb:69:48:ca:00:b5:72:f0:66:
                    21:1e:54:bd:15:54:a9:1e:1b:6d:31:34:95:49:ec:
                    b2:55:89:dc:b8:16:43:5d:c6:35:e6:24:bb:c0:8b:
                    13:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:27:5F:DD:5E:4A:24:92:13:62:42:02:D8:67:B4:CB:B9:02:8A:49
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:72:75:34:78:bf:65:cf:60:ed:fc:88:82:9f:5d:b9:44:b1:
         fd:2c:15:28:dd:35:55:45:68:17:25:c3:ec:c3:7b:09:06:01:
         e5:a1:21:df:79:26:42:69:d3:5d:9c:7b:4e:e0:2d:23:5b:be:
         4c:b7:0f:a1:07:7d:01:a7:3e:c2:8e:b8:14:6b:e3:31:68:45:
         f3:a5:b7:41:1e:47:fc:a4:05:df:6e:94:e4:e5:99:ab:d4:10:
         29:96:e8:a1:98:2c:fa:f7:11:79:16:63:d0:9b:89:16:e6:e9:
         4b:2c:e2:dc:5e:c8:79:f5:ba:e9:8d:a1:4b:d1:0b:b0:3c:ff:
         09:d0:4a:24:a0:38:f1:f9:1d:fd:73:c6:c5:79:6a:31:fa:4f:
         31:f4:c3:c9:10:03:7c:e5:ae:c1:5c:79:0a:1c:50:60:ae:f0:
         9e:aa:16:c1:65:52:b2:3e:cf:85:6f:0c:3e:c3:f5:ec:27:f3:
         8b:3f:5c:49:20:8e:c9:b1:da:1b:18:d7:a1:04:44:f8:06:ff:
         a1:45:e5:50:06:05:52:26:85:d2:17:66:cb:8b:be:48:6b:82:
         b1:11:3d:0e:7e:26:97:e8:71:77:e5:f6:c4:01:83:d8:1f:ea:
         8e:bd:ec:eb:c3:77:20:30:25:cf:9f:e9:0e:44:52:0e:9c:ad:
         be:eb:2c:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQIc2ZJ4zV3ZU25LN5kInpgBZDY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjkxNDQ2MDVaFw0yNjA4MjgxNDUxMDVaMDMxMTAvBgNV
BAMTKERGMjc1RkRENUU0QTI0OTIxMzYyNDIwMkQ4NjdCNENCQjkwMjhBNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC39H1y4finlxtfHyT6NdMpwj5g
2BcSvR4fQKJjX4ZzHxoCIzBkffgJZC+0KbSulrblCeU8e7MuLvJA09r19xdqdiy7
GjdRl6enUv6sBUuMGkRzug0+qn/7xLBVgxia/SH7AiZQgSZYY49iKcEyvQJK2+dF
gdAIqW4rH+xoIgj6Im5EZE6iIKw2HwWGWm/n0UtWFBV7PBAQw7XwwBnL11xZkG9p
aBIi6vckTSjjkcvMFHnsLSjpW0k0LNep2BE//9DfLRi2iDXn4WToqN5Q8dHJwSfI
emlEcPtpSMoAtXLwZiEeVL0VVKkeG20xNJVJ7LJVidy4FkNdxjXmJLvAixM7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3ydf3V5KJJITYkIC2Ge0y7kCikkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQwNjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYK
MA0GCSqGSIb3DQEBCwUAA4IBAQAgcnU0eL9lz2Dt/IiCn125RLH9LBUo3TVVRWgX
JcPsw3sJBgHloSHfeSZCadNdnHtO4C0jW75Mtw+hB30Bpz7CjrgUa+MxaEXzpbdB
Hkf8pAXfbpTk5Zmr1BApluihmCz69xF5FmPQm4kW5ulLLOLcXsh59brpjaFL0Quw
PP8J0EokoDjx+R39c8bFeWox+k8x9MPJEAN85a7BXHkKHFBgrvCeqhbBZVKyPs+F
bww+w/XsJ/OLP1xJII7JsdobGNehBET4Bv+hReVQBgVSJoXSF2bLi75Ia4KxET0O
fiaX6HF35fbEAYPYH+qOvezrw3cgMCXPn+kORFIOnK2+6yyK
-----END CERTIFICATE-----