Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS154383.roa
File:                     AS154383.roa (raw, json)
Hash identifier:          dq2+0i1MPQddJv7y5hRf9MCXZxm4Yhtkw9dzwv0AAn4=
Subject key identifier:   DE:78:AB:75:E7:6F:9A:E7:A8:D2:88:A7:5A:57:06:96:08:0E:01:00
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       40093BA9D0FEF35E227F4B38E34AAFCDD973ED41
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS154383.roa
Signing time:             Fri 29 May 2026 23:40:44 +0000
ROA not before:           Fri 29 May 2026 23:35:44 +0000
ROA not after:            Fri 28 May 2027 23:40:44 +0000
asID:                     154383
IP address blocks:        179.61.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:09:3b:a9:d0:fe:f3:5e:22:7f:4b:38:e3:4a:af:cd:d9:73:ed:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 29 23:35:44 2026 GMT
            Not After : May 28 23:40:44 2027 GMT
        Subject: CN=DE78AB75E76F9AE7A8D288A75A570696080E0100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b9:fb:55:b0:01:3e:9d:91:3a:54:82:ec:d7:
                    62:ac:86:93:bf:98:3e:63:b3:68:7c:49:e2:06:d2:
                    2f:87:96:e8:09:d5:69:82:d9:8b:20:fd:57:0a:b6:
                    06:73:f8:15:d0:47:1d:5d:e9:04:3c:43:45:11:3f:
                    d0:b9:d4:3f:0f:77:0a:61:5a:c4:a5:75:62:7d:2a:
                    55:f8:a4:b2:38:49:1f:aa:3e:c9:28:c1:66:40:4b:
                    3e:a9:2d:a5:e8:97:a2:ad:3f:b7:47:a4:e7:66:76:
                    1b:7a:6a:ac:f4:30:4e:c0:ca:09:50:63:8e:04:c2:
                    4a:79:9d:8b:07:46:8d:bc:14:00:b4:d8:87:cc:81:
                    34:08:15:44:5c:2e:9a:22:4c:68:e3:6a:0c:13:34:
                    ff:c7:2d:91:06:09:9f:a4:9a:28:be:66:08:85:01:
                    de:95:ab:ac:c5:9c:03:ad:97:02:3f:46:c7:bf:3d:
                    b1:ac:8c:55:49:4d:6b:aa:f6:f3:fd:13:0e:35:6c:
                    cf:25:1e:cc:a2:8e:39:71:14:76:a4:2b:b6:e0:a7:
                    77:fe:73:9b:80:06:7c:48:bb:45:65:75:1f:cb:bb:
                    ce:34:3a:14:8b:8f:42:0d:21:f6:f6:0d:25:ee:3b:
                    ad:e8:03:f1:c8:7a:a3:ae:28:e4:76:71:ad:b0:a9:
                    c1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:78:AB:75:E7:6F:9A:E7:A8:D2:88:A7:5A:57:06:96:08:0E:01:00
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS154383.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:31:b2:4c:1c:95:46:5f:17:86:27:53:7d:4c:a7:75:d3:ba:
         4e:3a:17:b8:43:bb:4e:7a:a1:0a:e1:54:01:22:55:85:d8:a3:
         24:5d:c1:15:c3:aa:46:39:61:5f:c6:5b:73:ef:3d:6e:9b:83:
         36:4d:98:3e:2e:c0:7f:c9:f2:cd:b4:3c:e0:eb:fa:f7:ee:4a:
         63:56:6b:9c:5f:5d:e3:ee:06:a9:db:0e:63:ec:a7:12:42:74:
         5c:f7:3f:64:80:be:d5:85:fa:e0:85:9b:51:23:19:6a:2c:5e:
         06:ad:7e:d0:ea:5c:cf:78:fd:91:5b:d2:ce:d1:46:70:20:a5:
         5a:76:b9:a6:c2:da:d8:96:15:e0:eb:0f:94:da:2a:48:e3:93:
         3f:cc:eb:ff:71:0e:8f:1f:ef:f7:3f:04:ac:f1:f7:72:33:8a:
         9d:60:5e:ad:af:8f:41:3e:18:45:e9:82:c9:19:be:28:21:f9:
         ca:9b:33:36:68:9d:2b:00:99:6e:11:ec:d4:69:52:92:9a:2a:
         1a:04:d1:71:a1:bf:a1:31:90:cd:a4:6f:75:4a:d7:8a:12:90:
         9f:50:02:46:8f:9e:f6:7d:7d:0a:0d:20:27:ed:5e:b7:7f:c1:
         9b:6a:78:8a:a1:9f:7d:31:94:2d:6e:e4:01:c4:48:02:8a:13:
         2b:35:77:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQAk7qdD+814if0s440qvzdlz7UEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjkyMzM1NDRaFw0yNzA1MjgyMzQwNDRaMDMxMTAvBgNV
BAMTKERFNzhBQjc1RTc2RjlBRTdBOEQyODhBNzVBNTcwNjk2MDgwRTAxMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOuftVsAE+nZE6VILs12KshpO/
mD5js2h8SeIG0i+HlugJ1WmC2Ysg/VcKtgZz+BXQRx1d6QQ8Q0URP9C51D8Pdwph
WsSldWJ9KlX4pLI4SR+qPskowWZASz6pLaXol6KtP7dHpOdmdht6aqz0ME7AyglQ
Y44Ewkp5nYsHRo28FAC02IfMgTQIFURcLpoiTGjjagwTNP/HLZEGCZ+kmii+ZgiF
Ad6Vq6zFnAOtlwI/Rse/PbGsjFVJTWuq9vP9Ew41bM8lHsyijjlxFHakK7bgp3f+
c5uABnxIu0VldR/Lu840OhSLj0INIfb2DSXuO63oA/HIeqOuKOR2ca2wqcGBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3nirdedvmueo0oinWlcGlggOAQAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTU0MzgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz24
MA0GCSqGSIb3DQEBCwUAA4IBAQC2MbJMHJVGXxeGJ1N9TKd107pOOhe4Q7tOeqEK
4VQBIlWF2KMkXcEVw6pGOWFfxltz7z1um4M2TZg+LsB/yfLNtDzg6/r37kpjVmuc
X13j7gap2w5j7KcSQnRc9z9kgL7VhfrghZtRIxlqLF4GrX7Q6lzPeP2RW9LO0UZw
IKVadrmmwtrYlhXg6w+U2ipI45M/zOv/cQ6PH+/3PwSs8fdyM4qdYF6tr49BPhhF
6YLJGb4oIfnKmzM2aJ0rAJluEezUaVKSmioaBNFxob+hMZDNpG91SteKEpCfUAJG
j572fX0KDSAn7V63f8GbaniKoZ99MZQtbuQBxEgCihMrNXfI
-----END CERTIFICATE-----