Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202496.roa
File:                     AS202496.roa (raw, json)
Hash identifier:          Vt67l31uxaOQQFZUuNpa9Nri/2zSHohmGk9VRKWvNQE=
Subject key identifier:   21:66:86:80:C7:BC:71:C2:1F:A0:F4:FF:51:39:FA:27:CD:E1:E7:2C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1AC555B76CC40745125AA81996D0020DDEE8AE08
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202496.roa
Signing time:             Tue 01 Jul 2025 12:14:02 +0000
ROA not before:           Tue 01 Jul 2025 12:09:02 +0000
ROA not after:            Tue 30 Jun 2026 12:14:02 +0000
asID:                     202496
IP address blocks:        2a0a:7a00::/29 maxlen: 48
                          2a0a:a605::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:29:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:c5:55:b7:6c:c4:07:45:12:5a:a8:19:96:d0:02:0d:de:e8:ae:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  1 12:09:02 2025 GMT
            Not After : Jun 30 12:14:02 2026 GMT
        Subject: CN=21668680C7BC71C21FA0F4FF5139FA27CDE1E72C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:39:bb:a9:cc:b8:52:9e:6f:b1:1c:db:34:88:
                    52:29:22:3f:43:9d:de:6e:0b:a5:5d:89:22:e6:cd:
                    8a:ec:51:59:da:5f:cb:d2:5e:84:83:28:64:d7:93:
                    cd:75:58:5c:37:31:62:38:9b:62:24:2f:16:64:08:
                    06:a5:61:00:54:78:38:06:10:d6:cf:5f:5f:23:4e:
                    1f:8e:9a:dd:5a:27:34:60:ab:27:86:05:f1:a6:e3:
                    24:8f:a0:f8:ac:e3:36:a1:41:08:22:63:75:6f:ca:
                    6e:a9:50:47:51:33:6b:4c:c0:d2:84:96:24:cf:91:
                    15:ef:bd:08:60:7b:33:92:44:a5:dc:80:bd:fe:e3:
                    3a:b8:27:6e:4d:62:4e:48:c8:44:14:3d:e5:5b:bb:
                    80:99:9d:f7:ea:8d:05:71:37:91:27:3c:78:7f:37:
                    37:0d:a3:4b:f6:98:c5:81:13:64:2f:55:67:05:22:
                    b8:8a:1c:e5:39:00:e6:9f:8d:90:4f:51:43:03:cf:
                    37:00:33:50:ad:12:7a:03:16:c4:bf:38:48:8b:b1:
                    fc:56:33:8e:4c:74:67:b2:7a:cc:ea:1e:47:d6:f1:
                    b4:81:66:d9:47:32:6e:9b:cb:eb:a5:30:52:9c:78:
                    54:4c:0f:5c:7b:9c:e1:e0:85:07:4c:10:46:16:54:
                    52:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:66:86:80:C7:BC:71:C2:1F:A0:F4:FF:51:39:FA:27:CD:E1:E7:2C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202496.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7a00::/29
                  2a0a:a605::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:bd:00:3b:2f:6f:8a:30:4f:8e:d5:0d:32:30:cf:cb:82:31:
         0a:a0:eb:d2:6b:e0:d8:ae:16:80:27:6b:8a:df:19:3a:03:21:
         fb:54:23:0f:4b:f7:f5:30:07:14:60:da:23:56:2b:c2:c6:c9:
         f7:29:97:17:9a:7f:df:a3:ae:e2:27:fd:3c:9b:36:40:85:00:
         b7:a5:40:86:7c:7d:73:7c:51:7c:13:6c:04:e6:b7:8e:d6:08:
         96:80:e0:fd:98:c6:76:9a:3c:a6:6b:8b:2d:8f:a3:93:38:af:
         4d:cb:b3:d9:9f:55:ee:ce:75:34:49:f5:a6:3e:9a:96:ac:a8:
         b6:34:7e:7f:70:34:89:4a:c5:d3:93:d5:20:fd:bc:b3:b4:28:
         f5:a6:a0:ea:e6:a8:90:67:66:9c:ec:c0:2f:58:d0:3c:89:4f:
         6f:55:7a:4f:3b:8e:89:b0:4b:04:17:2e:02:12:58:fe:bb:ec:
         0c:c1:90:e8:42:44:43:a9:25:4a:60:d2:ff:48:56:39:f0:74:
         69:1f:5f:49:bb:0b:be:a0:b7:fa:3b:6d:0e:55:6d:cb:fd:d2:
         08:58:e8:b1:d2:7d:97:47:6a:1b:16:2d:4a:ed:68:3c:4c:9b:
         1c:11:ca:96:a4:49:36:ef:71:00:89:a0:e4:37:44:c8:d2:61:
         33:c8:61:4d
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUGsVVt2zEB0USWqgZltACDd7orggwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDExMjA5MDJaFw0yNjA2MzAxMjE0MDJaMDMxMTAvBgNV
BAMTKDIxNjY4NjgwQzdCQzcxQzIxRkEwRjRGRjUxMzlGQTI3Q0RFMUU3MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEObupzLhSnm+xHNs0iFIpIj9D
nd5uC6VdiSLmzYrsUVnaX8vSXoSDKGTXk811WFw3MWI4m2IkLxZkCAalYQBUeDgG
ENbPX18jTh+Omt1aJzRgqyeGBfGm4ySPoPis4zahQQgiY3Vvym6pUEdRM2tMwNKE
liTPkRXvvQhgezOSRKXcgL3+4zq4J25NYk5IyEQUPeVbu4CZnffqjQVxN5EnPHh/
NzcNo0v2mMWBE2QvVWcFIriKHOU5AOafjZBPUUMDzzcAM1CtEnoDFsS/OEiLsfxW
M45MdGeyeszqHkfW8bSBZtlHMm6by+ulMFKceFRMD1x7nOHghQdMEEYWVFL5AgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUIWaGgMe8ccIfoPT/UTn6J83h5ywwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNDk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgp6
AAMFACoKpgUwDQYJKoZIhvcNAQELBQADggEBAJS9ADsvb4owT47VDTIwz8uCMQqg
69Jr4NiuFoAna4rfGToDIftUIw9L9/UwBxRg2iNWK8LGyfcplxeaf9+jruIn/Tyb
NkCFALelQIZ8fXN8UXwTbATmt47WCJaA4P2YxnaaPKZriy2Po5M4r03Ls9mfVe7O
dTRJ9aY+mpasqLY0fn9wNIlKxdOT1SD9vLO0KPWmoOrmqJBnZpzswC9Y0DyJT29V
ek87jomwSwQXLgISWP677AzBkOhCREOpJUpg0v9IVjnwdGkfX0m7C76gt/o7bQ5V
bcv90ghY6LHSfZdHahsWLUrtaDxMmxwRypakSTbvcQCJoOQ3RMjSYTPIYU0=
-----END CERTIFICATE-----