Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140813.roa
File:                     AS140813.roa (raw, json)
Hash identifier:          5RmTn/Eeb2IsGuKRlN8ILQqJzbFXeXcviR5y9ZkXHnY=
Subject key identifier:   9C:05:8C:85:FE:7A:7A:A4:74:E6:CD:C3:05:6D:89:63:8F:F4:43:1B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       795FF8A51913E315237361AD84A972BBD0E9AFE3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140813.roa
Signing time:             Thu 04 Sep 2025 18:10:06 +0000
ROA not before:           Thu 04 Sep 2025 18:05:06 +0000
ROA not after:            Thu 03 Sep 2026 18:10:06 +0000
asID:                     140813
IP address blocks:        181.214.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:5f:f8:a5:19:13:e3:15:23:73:61:ad:84:a9:72:bb:d0:e9:af:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  4 18:05:06 2025 GMT
            Not After : Sep  3 18:10:06 2026 GMT
        Subject: CN=9C058C85FE7A7AA474E6CDC3056D89638FF4431B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:33:a8:9a:90:f1:1c:a4:e4:5e:c1:f5:4b:8b:
                    a1:3e:32:6f:0c:6f:f6:5c:bf:6c:cf:b2:4f:cd:6b:
                    cb:de:d4:54:c7:70:40:71:5c:67:2c:54:e2:a5:0d:
                    d3:75:05:5e:45:ba:dc:1c:47:e8:da:3e:33:44:57:
                    ca:e0:fe:1a:78:ef:57:e9:f8:99:2f:0f:d2:ab:5e:
                    bc:e3:24:01:f3:9e:2e:9b:c0:5b:5c:a2:c7:f9:b0:
                    b1:76:4b:1f:63:89:9d:e6:3e:43:00:fb:d6:2a:1f:
                    eb:e6:17:05:c0:3d:a7:78:bc:a6:37:06:4a:2c:0a:
                    d5:c9:31:f1:2a:4b:ce:ef:99:12:78:64:6d:6c:7c:
                    33:c4:5a:e6:36:7a:01:df:fb:67:75:ee:cf:25:9b:
                    21:5c:8c:b2:32:d5:91:4c:b2:b5:65:19:80:88:04:
                    0d:50:2d:45:7d:2a:43:b1:7a:5d:92:72:d8:54:b9:
                    ca:6c:35:68:f2:30:ef:17:69:c4:d9:9d:42:d7:e2:
                    9d:cb:2d:7c:13:bc:54:48:e5:aa:35:dc:52:aa:f9:
                    95:90:18:48:db:6e:13:92:e9:ef:3b:a9:88:7c:c4:
                    cc:f1:a8:b9:82:dd:ea:17:92:72:97:f8:53:ff:e4:
                    94:f3:3b:08:1d:a5:a8:54:41:ba:19:e0:15:23:5d:
                    ae:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:05:8C:85:FE:7A:7A:A4:74:E6:CD:C3:05:6D:89:63:8F:F4:43:1B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140813.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:1c:ea:09:4c:1b:22:2f:28:2e:e2:c4:24:b4:fe:48:8a:42:
         5b:6a:6b:61:63:fb:fc:d8:ed:56:85:b9:02:ab:29:02:9c:c0:
         d2:cb:0a:82:87:9f:2b:e6:fa:d6:1d:78:ad:11:d5:18:81:1a:
         8e:2b:07:ca:6b:19:4e:63:ed:a7:22:ea:31:81:b1:cb:83:b7:
         38:34:63:ef:89:63:56:68:1a:ac:04:da:e5:9b:da:6c:ff:6c:
         1a:b5:b8:3f:ce:6f:b1:55:e3:96:e0:59:99:cb:25:93:dc:09:
         6d:3e:a1:d8:82:2f:0d:54:c8:27:6a:53:9f:5a:eb:e8:a0:f2:
         28:85:4b:ca:78:0f:06:d7:52:ce:83:30:64:41:31:44:f5:6b:
         81:f3:50:bf:28:bc:ef:1c:fd:cd:62:dc:86:6e:59:a5:fb:ad:
         0f:18:ff:1f:4f:b0:c7:04:62:48:f2:2f:f6:d1:9d:72:fe:73:
         69:a9:f1:5b:26:c6:be:05:e6:71:3f:0f:ff:17:db:95:1b:71:
         72:08:8f:61:02:ff:65:76:17:5b:33:2a:39:32:fd:c2:84:7a:
         c8:3a:34:5f:25:77:cb:ed:f9:1b:ea:a3:04:af:58:8c:3a:09:
         d3:60:35:ee:92:4b:f0:eb:fc:bd:65:f8:e8:32:8b:20:86:76:
         9f:df:2b:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeV/4pRkT4xUjc2GthKlyu9Dpr+MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDQxODA1MDZaFw0yNjA5MDMxODEwMDZaMDMxMTAvBgNV
BAMTKDlDMDU4Qzg1RkU3QTdBQTQ3NEU2Q0RDMzA1NkQ4OTYzOEZGNDQzMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQM6iakPEcpORewfVLi6E+Mm8M
b/Zcv2zPsk/Na8ve1FTHcEBxXGcsVOKlDdN1BV5FutwcR+jaPjNEV8rg/hp471fp
+JkvD9KrXrzjJAHzni6bwFtcosf5sLF2Sx9jiZ3mPkMA+9YqH+vmFwXAPad4vKY3
BkosCtXJMfEqS87vmRJ4ZG1sfDPEWuY2egHf+2d17s8lmyFcjLIy1ZFMsrVlGYCI
BA1QLUV9KkOxel2ScthUucpsNWjyMO8XacTZnULX4p3LLXwTvFRI5ao13FKq+ZWQ
GEjbbhOS6e87qYh8xMzxqLmC3eoXknKX+FP/5JTzOwgdpahUQboZ4BUjXa7NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnAWMhf56eqR05s3DBW2JY4/0QxswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQwODEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdan
MA0GCSqGSIb3DQEBCwUAA4IBAQCnHOoJTBsiLygu4sQktP5IikJbamthY/v82O1W
hbkCqykCnMDSywqCh58r5vrWHXitEdUYgRqOKwfKaxlOY+2nIuoxgbHLg7c4NGPv
iWNWaBqsBNrlm9ps/2watbg/zm+xVeOW4FmZyyWT3AltPqHYgi8NVMgnalOfWuvo
oPIohUvKeA8G11LOgzBkQTFE9WuB81C/KLzvHP3NYtyGblml+60PGP8fT7DHBGJI
8i/20Z1y/nNpqfFbJsa+BeZxPw//F9uVG3FyCI9hAv9ldhdbMyo5Mv3ChHrIOjRf
JXfL7fkb6qMEr1iMOgnTYDXukkvw6/y9ZfjoMosghnaf3yvr
-----END CERTIFICATE-----