Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207158.roa
File:                     AS207158.roa (raw, json)
Hash identifier:          gpmTZj+1qaL3xE1r/7utK1seBJYBJPtsayHKfE/yfW4=
Subject key identifier:   E6:04:63:7A:39:E8:0E:E0:87:D6:C5:2B:06:09:39:32:D9:7D:77:37
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0ED411ED22EBC3B613EFEDBEEDE7F99B779096C5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207158.roa
Signing time:             Fri 05 Jun 2026 09:50:49 +0000
ROA not before:           Fri 05 Jun 2026 09:45:49 +0000
ROA not after:            Fri 04 Jun 2027 09:50:49 +0000
asID:                     207158
IP address blocks:        179.61.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:d4:11:ed:22:eb:c3:b6:13:ef:ed:be:ed:e7:f9:9b:77:90:96:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  5 09:45:49 2026 GMT
            Not After : Jun  4 09:50:49 2027 GMT
        Subject: CN=E604637A39E80EE087D6C52B06093932D97D7737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:97:a4:a3:ad:b1:e5:f5:4a:30:aa:08:53:05:
                    05:13:42:04:b3:5a:60:3f:e2:9e:7d:b2:09:ce:02:
                    11:4a:46:89:4f:74:e5:91:26:e7:1b:37:78:a5:80:
                    3c:8c:59:39:67:78:01:da:9d:37:75:8c:17:2d:e8:
                    b0:32:ee:2b:88:af:8e:a0:e8:7b:1a:5d:8a:14:a8:
                    8c:df:bc:68:ba:41:84:bf:44:c0:4d:e8:6f:b8:b6:
                    d2:4d:ad:5d:5e:8a:40:8f:05:8d:5f:96:53:ea:b2:
                    3b:d1:d7:77:c3:89:7a:b5:ad:07:3f:ae:ca:5c:aa:
                    28:86:62:63:44:7c:c0:f5:3b:81:82:c6:fd:37:ef:
                    56:f4:af:12:04:cb:89:28:ab:95:09:9f:37:5c:50:
                    5f:32:d5:96:c0:fa:21:ad:ad:72:42:9b:f3:cf:f8:
                    af:0b:d7:11:f4:d8:1e:29:74:17:e8:f6:97:0b:e9:
                    b8:37:8f:06:63:ce:ee:5a:37:9b:b1:af:e2:32:0d:
                    92:ca:aa:13:4b:70:c1:70:a2:33:bf:7f:5e:8e:07:
                    68:bf:ec:f3:ec:04:c0:77:17:2f:45:5d:b9:be:1b:
                    a9:c2:ab:72:6b:88:d5:fb:8e:91:ef:1f:a3:5b:b7:
                    88:88:7a:fe:a8:87:60:2b:32:73:de:38:92:01:82:
                    ce:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:04:63:7A:39:E8:0E:E0:87:D6:C5:2B:06:09:39:32:D9:7D:77:37
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:6f:e4:85:08:7f:80:93:40:d8:40:4d:54:d6:5f:c2:82:a0:
         bc:df:76:5e:61:4d:6d:79:20:ac:28:f8:7a:63:f1:5e:a9:f0:
         02:62:7f:83:ed:e1:b2:67:b9:56:43:e1:68:1f:e0:0b:7c:a0:
         a0:5b:0c:b4:8f:82:c4:a2:df:f6:8b:38:5a:e2:6b:06:c5:38:
         10:6c:11:97:8d:af:19:45:f0:a0:38:d7:9c:87:8c:9b:90:ef:
         65:50:59:e9:9f:c8:b8:3f:1c:48:e6:73:08:bf:d1:34:0b:6e:
         be:0a:90:ba:bf:77:5d:a4:a5:38:bd:34:d9:72:cc:3d:a3:38:
         c3:a6:c4:9c:4e:95:7a:7b:be:d3:44:57:2c:63:b9:20:87:dd:
         be:33:b9:6c:fc:1d:9b:34:d0:32:92:85:52:77:0e:20:0d:7c:
         62:36:f4:bd:bd:83:1a:52:16:dd:16:f0:45:93:1b:b3:7c:df:
         93:3e:d4:9b:06:62:8f:d1:a9:d3:2c:6c:d7:f6:e6:1c:c6:a0:
         22:e2:da:64:4d:62:84:20:25:79:50:c7:a1:b3:e9:22:22:5f:
         c6:2a:0c:61:75:b8:9b:52:8f:4f:cf:b5:96:0d:77:ad:54:52:
         1a:21:ee:57:35:fe:60:40:b2:c9:b9:ec:58:78:0a:cb:de:df:
         13:5d:5a:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDtQR7SLrw7YT7+2+7ef5m3eQlsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDUwOTQ1NDlaFw0yNzA2MDQwOTUwNDlaMDMxMTAvBgNV
BAMTKEU2MDQ2MzdBMzlFODBFRTA4N0Q2QzUyQjA2MDkzOTMyRDk3RDc3MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhl6SjrbHl9UowqghTBQUTQgSz
WmA/4p59sgnOAhFKRolPdOWRJucbN3ilgDyMWTlneAHanTd1jBct6LAy7iuIr46g
6HsaXYoUqIzfvGi6QYS/RMBN6G+4ttJNrV1eikCPBY1fllPqsjvR13fDiXq1rQc/
rspcqiiGYmNEfMD1O4GCxv0371b0rxIEy4koq5UJnzdcUF8y1ZbA+iGtrXJCm/PP
+K8L1xH02B4pdBfo9pcL6bg3jwZjzu5aN5uxr+IyDZLKqhNLcMFwojO/f16OB2i/
7PPsBMB3Fy9FXbm+G6nCq3JriNX7jpHvH6Nbt4iIev6oh2ArMnPeOJIBgs4pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5gRjejnoDuCH1sUrBgk5Mtl9dzcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA3MTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz3P
MA0GCSqGSIb3DQEBCwUAA4IBAQBAb+SFCH+Ak0DYQE1U1l/CgqC833ZeYU1teSCs
KPh6Y/FeqfACYn+D7eGyZ7lWQ+FoH+ALfKCgWwy0j4LEot/2izha4msGxTgQbBGX
ja8ZRfCgONech4ybkO9lUFnpn8i4PxxI5nMIv9E0C26+CpC6v3ddpKU4vTTZcsw9
ozjDpsScTpV6e77TRFcsY7kgh92+M7ls/B2bNNAykoVSdw4gDXxiNvS9vYMaUhbd
FvBFkxuzfN+TPtSbBmKP0anTLGzX9uYcxqAi4tpkTWKEICV5UMehs+kiIl/GKgxh
dbibUo9Pz7WWDXetVFIaIe5XNf5gQLLJuexYeArL3t8TXVpp
-----END CERTIFICATE-----