Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa
File:                     AS205361.roa (raw, json)
Hash identifier:          ooVjzWAy494XVsrJKgl+IW8XJ9B0/RvP2iVYIQBu310=
Subject key identifier:   68:52:DB:8A:1A:A8:78:77:FF:EC:A6:53:3F:D2:9C:E4:3E:97:F0:4C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5107FFE3D6E4BEEE2E5790C9A5589DE70EDCACC6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa
Signing time:             Tue 20 Jan 2026 15:55:34 +0000
ROA not before:           Tue 20 Jan 2026 15:50:34 +0000
ROA not after:            Tue 19 Jan 2027 15:55:34 +0000
asID:                     205361
IP address blocks:        185.135.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 15:25:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:07:ff:e3:d6:e4:be:ee:2e:57:90:c9:a5:58:9d:e7:0e:dc:ac:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 20 15:50:34 2026 GMT
            Not After : Jan 19 15:55:34 2027 GMT
        Subject: CN=6852DB8A1AA87877FFECA6533FD29CE43E97F04C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:12:8f:54:5d:96:0d:43:06:53:a0:a0:14:cc:
                    81:42:44:96:26:84:6a:a7:4c:bf:2f:85:b1:56:2a:
                    4b:2b:54:e7:e7:ab:82:b9:75:a2:4f:10:cb:16:7d:
                    2c:c8:f7:e4:e7:fe:62:60:7b:93:46:a8:e9:d6:73:
                    c7:7d:3c:5e:40:d4:1d:1b:2a:57:e4:c7:87:7e:ff:
                    b0:77:e4:ea:cb:74:e2:59:66:06:76:42:56:84:07:
                    1c:aa:ba:01:b7:c3:cd:00:62:26:a3:e1:18:f8:46:
                    d0:aa:7c:77:e9:09:1b:97:a6:0f:23:c5:b3:39:25:
                    fa:42:7e:c0:3e:a3:cf:23:7f:31:4d:32:8b:f3:0a:
                    86:26:dd:35:30:dc:a2:9b:56:e1:da:a9:f9:25:8c:
                    05:12:f7:d5:11:81:2d:e7:bb:77:e1:41:b6:24:cd:
                    b7:83:ba:a0:62:b6:06:1b:a0:1c:0f:3a:90:cd:ac:
                    c7:b3:94:ba:bd:fa:45:5c:61:16:90:2f:f2:eb:20:
                    60:6f:38:f3:01:39:ec:f2:20:aa:ac:94:15:10:f3:
                    d8:4a:2e:9a:3d:06:41:bb:6c:be:5e:ed:d0:58:62:
                    0c:a9:d2:1e:cb:13:d4:bd:8d:84:10:53:bd:5c:b9:
                    e7:84:5a:80:60:c7:61:26:58:54:a0:df:b2:3c:4e:
                    2e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:52:DB:8A:1A:A8:78:77:FF:EC:A6:53:3F:D2:9C:E4:3E:97:F0:4C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:b7:42:e0:c2:03:4e:2a:87:b7:5f:d5:a3:44:0c:6b:42:86:
         81:c3:03:71:be:ed:fe:42:ea:2b:c4:6d:29:92:3b:f3:0f:c1:
         b5:d8:9d:65:6f:c6:b2:0a:46:c1:7c:ca:56:be:b5:ee:78:dc:
         27:5c:77:d1:03:2f:76:cf:4f:e6:fe:f2:57:6d:18:b3:b2:6f:
         89:20:17:dd:b3:6a:6a:39:3e:79:91:71:5a:25:db:86:d8:b1:
         52:49:e3:af:b2:44:c9:d5:a9:77:8d:8d:80:bf:c9:46:23:67:
         c5:6f:73:7b:77:0d:22:93:64:37:8a:ff:d5:ce:5f:ad:76:d5:
         ce:81:a1:6e:5a:01:74:50:74:37:49:5b:04:f2:60:e5:b6:5b:
         19:80:a9:81:f4:89:11:71:37:93:cb:c8:f1:4c:6f:1e:cc:be:
         4c:fb:1c:57:83:3c:ed:08:e9:4d:36:ee:e2:e9:8c:80:8a:70:
         96:44:67:6c:8d:62:8b:6c:30:09:01:25:9c:24:f9:d0:55:11:
         ea:49:43:3f:c4:f0:a4:df:21:5e:b3:98:d3:1b:bc:45:d4:c8:
         b9:4f:64:59:ab:90:9a:f3:12:09:a5:cf:4e:c7:8e:76:6c:21:
         8a:1c:90:cf:6b:a3:69:d6:6c:34:27:74:40:9b:9a:18:30:9f:
         3c:52:f0:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUQf/49bkvu4uV5DJpVid5w7crMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAxMjAxNTUwMzRaFw0yNzAxMTkxNTU1MzRaMDMxMTAvBgNV
BAMTKDY4NTJEQjhBMUFBODc4NzdGRkVDQTY1MzNGRDI5Q0U0M0U5N0YwNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPEo9UXZYNQwZToKAUzIFCRJYm
hGqnTL8vhbFWKksrVOfnq4K5daJPEMsWfSzI9+Tn/mJge5NGqOnWc8d9PF5A1B0b
Klfkx4d+/7B35OrLdOJZZgZ2QlaEBxyqugG3w80AYiaj4Rj4RtCqfHfpCRuXpg8j
xbM5JfpCfsA+o88jfzFNMovzCoYm3TUw3KKbVuHaqfkljAUS99URgS3nu3fhQbYk
zbeDuqBitgYboBwPOpDNrMezlLq9+kVcYRaQL/LrIGBvOPMBOezyIKqslBUQ89hK
Lpo9BkG7bL5e7dBYYgyp0h7LE9S9jYQQU71cueeEWoBgx2EmWFSg37I8Ti67AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaFLbihqoeHf/7KZTP9Kc5D6X8EwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1MzYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQAQt0LgwgNOKoe3X9WjRAxrQoaBwwNxvu3+Quor
xG0pkjvzD8G12J1lb8ayCkbBfMpWvrXueNwnXHfRAy92z0/m/vJXbRizsm+JIBfd
s2pqOT55kXFaJduG2LFSSeOvskTJ1al3jY2Av8lGI2fFb3N7dw0ik2Q3iv/Vzl+t
dtXOgaFuWgF0UHQ3SVsE8mDltlsZgKmB9IkRcTeTy8jxTG8ezL5M+xxXgzztCOlN
Nu7i6YyAinCWRGdsjWKLbDAJASWcJPnQVRHqSUM/xPCk3yFes5jTG7xF1Mi5T2RZ
q5Ca8xIJpc9Ox452bCGKHJDPa6Np1mw0J3RAm5oYMJ88UvDC
-----END CERTIFICATE-----