Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270014.roa
File:                     AS270014.roa (raw, json)
Hash identifier:          KNHOmPexz+pFGb+2CSN1sRMxjqFYaKvFUltCV1/ADr8=
Subject key identifier:   F0:1C:EF:FC:82:9A:F3:6B:F5:80:5E:A4:95:A3:C0:D6:C0:F4:E7:8F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       21B2480A755B25519DFB714F374BEBF77130D270
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270014.roa
Signing time:             Wed 27 May 2026 13:15:12 +0000
ROA not before:           Wed 27 May 2026 13:10:12 +0000
ROA not after:            Wed 26 May 2027 13:15:12 +0000
asID:                     270014
IP address blocks:        191.96.184.0/24 maxlen: 24
                          191.101.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b2:48:0a:75:5b:25:51:9d:fb:71:4f:37:4b:eb:f7:71:30:d2:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 27 13:10:12 2026 GMT
            Not After : May 26 13:15:12 2027 GMT
        Subject: CN=F01CEFFC829AF36BF5805EA495A3C0D6C0F4E78F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:23:02:a8:d0:4d:b0:21:8d:74:8f:94:8f:68:
                    5e:a4:dc:c2:81:aa:29:62:af:73:54:b7:ab:bd:4a:
                    de:bf:5f:f4:79:c4:f4:4b:3c:e1:8b:4b:ed:ee:50:
                    54:cb:17:42:85:a2:57:28:48:d8:29:c0:ec:18:df:
                    df:09:05:80:42:bc:8c:c2:72:c7:84:31:db:29:5d:
                    19:fc:cc:fb:92:00:7c:32:ab:8a:84:84:86:2c:38:
                    bc:69:50:4e:ee:5f:e2:5b:fe:93:68:30:dd:dd:60:
                    f4:6e:a1:90:c3:2a:d2:91:3d:fc:8b:1a:31:61:5a:
                    c3:ac:8a:7e:dc:0d:25:76:de:01:84:b6:d5:39:1c:
                    f2:26:04:ee:a1:4c:16:ba:d2:12:06:02:ca:6f:c4:
                    a6:8e:4b:d9:43:19:db:03:08:9a:b7:75:12:6a:ba:
                    df:33:60:59:4d:8a:43:10:ff:2e:6a:76:3e:05:43:
                    97:fd:46:fd:35:a2:80:32:53:6e:c0:a6:34:34:24:
                    8d:d8:d0:88:eb:cd:bc:d4:31:e6:cd:54:9d:00:14:
                    e6:27:81:25:7b:ea:54:e4:35:1e:50:12:3f:6b:53:
                    d1:2e:02:8d:7b:14:05:59:14:e9:9a:19:9e:58:31:
                    77:56:2a:89:d0:1c:2e:f7:3c:8b:86:70:9c:de:a1:
                    3f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:1C:EF:FC:82:9A:F3:6B:F5:80:5E:A4:95:A3:C0:D6:C0:F4:E7:8F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270014.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.184.0/24
                  191.101.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:2e:99:73:f7:18:69:43:76:bb:3f:1c:de:50:b5:85:06:8e:
         7c:f3:b4:c8:26:91:e5:d0:8b:10:6b:b3:8b:32:74:28:6b:af:
         79:66:3d:69:b4:ca:26:5c:00:88:be:40:9b:35:c0:82:bb:fb:
         4f:04:59:25:c2:c8:20:64:62:82:c3:f2:24:cf:d8:0c:c3:37:
         83:c4:92:7e:56:bd:41:95:00:7f:fa:1d:17:b6:49:e1:92:a4:
         93:6e:1d:5b:64:80:70:a8:69:e7:58:61:1f:8b:01:29:9f:2f:
         f4:37:a5:a0:2a:c4:b6:d0:2c:ef:ad:67:c5:56:a4:31:69:86:
         c9:dc:c4:2d:6a:a0:99:fc:44:c5:3a:0f:c7:76:90:53:39:04:
         bd:e2:8f:c0:72:22:25:07:b1:06:bc:7b:d2:e5:5d:76:99:b5:
         b7:a1:36:7a:96:1a:da:80:03:c7:82:80:1e:e6:1d:34:e9:45:
         a5:f5:f0:b7:a8:f8:2d:03:d8:b2:66:fd:77:ec:56:6e:de:02:
         65:25:85:08:30:f0:48:9c:a0:41:9b:f1:db:a0:26:f1:fe:6c:
         69:52:fc:39:5f:5a:d5:fa:20:e1:0b:ab:f6:55:fb:46:fb:df:
         fa:46:ac:0d:25:72:f1:12:b5:ab:53:0d:2b:4c:1e:5d:3e:71:
         c8:13:f7:b2
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUIbJICnVbJVGd+3FPN0vr93Ew0nAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjcxMzEwMTJaFw0yNzA1MjYxMzE1MTJaMDMxMTAvBgNV
BAMTKEYwMUNFRkZDODI5QUYzNkJGNTgwNUVBNDk1QTNDMEQ2QzBGNEU3OEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuIwKo0E2wIY10j5SPaF6k3MKB
qilir3NUt6u9St6/X/R5xPRLPOGLS+3uUFTLF0KFolcoSNgpwOwY398JBYBCvIzC
cseEMdspXRn8zPuSAHwyq4qEhIYsOLxpUE7uX+Jb/pNoMN3dYPRuoZDDKtKRPfyL
GjFhWsOsin7cDSV23gGEttU5HPImBO6hTBa60hIGAspvxKaOS9lDGdsDCJq3dRJq
ut8zYFlNikMQ/y5qdj4FQ5f9Rv01ooAyU27ApjQ0JI3Y0IjrzbzUMebNVJ0AFOYn
gSV76lTkNR5QEj9rU9EuAo17FAVZFOmaGZ5YMXdWKonQHC73PIuGcJzeoT8bAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU8Bzv/IKa82v1gF6klaPA1sD0548wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcwMDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2C4
AwQAv2XBMA0GCSqGSIb3DQEBCwUAA4IBAQCQLplz9xhpQ3a7PxzeULWFBo5887TI
JpHl0IsQa7OLMnQoa695Zj1ptMomXACIvkCbNcCCu/tPBFklwsggZGKCw/Ikz9gM
wzeDxJJ+Vr1BlQB/+h0XtknhkqSTbh1bZIBwqGnnWGEfiwEpny/0N6WgKsS20Czv
rWfFVqQxaYbJ3MQtaqCZ/ETFOg/HdpBTOQS94o/AciIlB7EGvHvS5V12mbW3oTZ6
lhragAPHgoAe5h006UWl9fC3qPgtA9iyZv137FZu3gJlJYUIMPBInKBBm/HboCbx
/mxpUvw5X1rV+iDhC6v2VftG+9/6RqwNJXLxErWrUw0rTB5dPnHIE/ey
-----END CERTIFICATE-----