Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
File:                     AS202673.roa (raw, json)
Hash identifier:          CvEBeQ2lSAo5+Mk3GY1aMIAZZMgbuhwTPoQT9hK/pkE=
Subject key identifier:   1A:15:EA:C5:72:87:2A:1D:13:2D:63:AD:C9:BB:72:2C:DC:D8:D3:DA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0878899F7AB2C6259120C4BF20BC11CB8D8C49DC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
Signing time:             Mon 02 Mar 2026 00:02:47 +0000
ROA not before:           Sun 01 Mar 2026 23:57:47 +0000
ROA not after:            Mon 01 Mar 2027 00:02:47 +0000
asID:                     202673
IP address blocks:        5.181.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:78:89:9f:7a:b2:c6:25:91:20:c4:bf:20:bc:11:cb:8d:8c:49:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  1 23:57:47 2026 GMT
            Not After : Mar  1 00:02:47 2027 GMT
        Subject: CN=1A15EAC572872A1D132D63ADC9BB722CDCD8D3DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:20:92:c9:f0:47:cb:f6:67:89:01:42:7c:aa:
                    f8:67:fb:d9:28:6b:ec:fc:f2:31:8e:dc:6c:af:33:
                    3e:bb:ed:e8:b0:73:12:3e:7f:53:c5:fc:42:07:28:
                    f5:6c:fa:1e:93:a5:b7:8c:47:94:86:1c:16:46:85:
                    b4:f8:c7:03:c9:b3:61:f3:e9:83:c1:26:70:0d:08:
                    78:ad:7c:4e:4c:60:a8:f8:03:b2:d3:45:f9:58:bb:
                    3e:6c:74:36:3c:79:50:6c:bf:c7:34:c2:f7:43:0b:
                    49:ba:11:a2:7f:4b:82:e1:f2:f8:b0:40:b0:cc:8e:
                    d7:35:3f:0a:5f:2c:43:a3:30:84:3f:9c:e5:6f:06:
                    98:a0:2a:cb:58:0b:fe:5b:fb:9d:a5:29:92:28:e0:
                    a6:3d:3c:8d:51:80:1e:6b:de:8a:db:b4:a6:bc:c8:
                    3a:39:e5:5e:8a:8c:b1:ec:83:50:de:b2:92:9e:ab:
                    a1:60:b4:04:39:ac:70:a7:47:a9:7a:ad:01:f2:81:
                    bf:7e:93:b9:c1:52:66:40:1d:17:9d:9e:f4:59:cf:
                    2b:dd:36:dd:c4:26:75:8d:28:b9:e5:ac:c0:db:44:
                    15:73:18:fc:8b:9b:b1:7b:50:c6:bd:96:1f:47:b1:
                    27:55:38:7a:bc:df:9b:51:a9:49:f2:71:47:99:1e:
                    1b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:15:EA:C5:72:87:2A:1D:13:2D:63:AD:C9:BB:72:2C:DC:D8:D3:DA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:74:e4:51:12:9c:9e:a3:71:de:3f:bc:39:64:ee:65:5c:59:
         7d:9a:df:af:bc:79:db:e9:a3:24:34:89:14:65:aa:e3:fc:6a:
         b1:30:3e:4a:0c:4c:ac:8e:92:a2:1b:c9:6c:9e:3b:bc:73:5a:
         84:a1:3d:3e:06:57:08:33:30:8d:4d:8e:04:f6:56:94:e1:a4:
         f3:b8:92:46:a2:e0:1d:50:57:2c:4b:de:9f:8b:30:50:56:b4:
         98:c2:f4:00:10:2e:b2:21:92:03:19:2d:51:60:15:d8:95:f8:
         53:da:95:5d:a1:b3:b1:56:44:83:af:35:7f:ab:ec:86:0b:b0:
         c7:50:fd:c7:3e:d2:bc:1a:93:a1:c8:69:6f:b7:3e:d4:95:0b:
         77:16:2c:c4:0c:e6:e4:c5:b9:dc:d0:d1:f5:d9:a7:22:90:ae:
         7a:57:57:8f:fd:79:ef:b8:54:fa:5f:a2:c7:c4:2f:34:d0:6f:
         af:4c:1e:83:dd:90:61:d4:2d:57:a7:80:80:df:3e:2d:ee:c3:
         3f:d6:da:f9:6f:0e:1c:24:db:95:95:5f:a6:ac:df:92:a6:5f:
         35:81:4f:f8:73:ef:90:60:a0:b8:b6:65:9e:7e:7e:db:20:45:
         81:5c:5c:68:6f:52:99:95:66:a7:52:62:72:51:4a:0c:33:d6:
         f7:c3:da:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCHiJn3qyxiWRIMS/ILwRy42MSdwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMDEyMzU3NDdaFw0yNzAzMDEwMDAyNDdaMDMxMTAvBgNV
BAMTKDFBMTVFQUM1NzI4NzJBMUQxMzJENjNBREM5QkI3MjJDRENEOEQzREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAIJLJ8EfL9meJAUJ8qvhn+9ko
a+z88jGO3GyvMz677eiwcxI+f1PF/EIHKPVs+h6TpbeMR5SGHBZGhbT4xwPJs2Hz
6YPBJnANCHitfE5MYKj4A7LTRflYuz5sdDY8eVBsv8c0wvdDC0m6EaJ/S4Lh8viw
QLDMjtc1PwpfLEOjMIQ/nOVvBpigKstYC/5b+52lKZIo4KY9PI1RgB5r3orbtKa8
yDo55V6KjLHsg1DespKeq6FgtAQ5rHCnR6l6rQHygb9+k7nBUmZAHRednvRZzyvd
Nt3EJnWNKLnlrMDbRBVzGPyLm7F7UMa9lh9HsSdVOHq835tRqUnycUeZHhuJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGhXqxXKHKh0TLWOtybtyLNzY09owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWH
MA0GCSqGSIb3DQEBCwUAA4IBAQCydORREpyeo3HeP7w5ZO5lXFl9mt+vvHnb6aMk
NIkUZarj/GqxMD5KDEysjpKiG8lsnju8c1qEoT0+BlcIMzCNTY4E9laU4aTzuJJG
ouAdUFcsS96fizBQVrSYwvQAEC6yIZIDGS1RYBXYlfhT2pVdobOxVkSDrzV/q+yG
C7DHUP3HPtK8GpOhyGlvtz7UlQt3FizEDObkxbnc0NH12acikK56V1eP/XnvuFT6
X6LHxC800G+vTB6D3ZBh1C1Xp4CA3z4t7sM/1tr5bw4cJNuVlV+mrN+Spl81gU/4
c++QYKC4tmWefn7bIEWBXFxob1KZlWanUmJyUUoMM9b3w9pM
-----END CERTIFICATE-----