Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3320.roa
File:                     AS3320.roa (raw, json)
Hash identifier:          /JPXovthvaURGEBFZ5wjUI1MuhtBdpBVlnBa0etCmKk=
Subject key identifier:   4A:66:CC:9E:73:1D:F8:CE:26:BE:E7:68:83:C9:BF:D5:4D:48:D6:8B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       571A9C9D8D0A62DFD7A7FEEFC8E2BA83352B9162
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3320.roa
Signing time:             Sat 23 May 2026 17:51:15 +0000
ROA not before:           Sat 23 May 2026 17:46:15 +0000
ROA not after:            Sat 22 May 2027 17:51:15 +0000
asID:                     3320
IP address blocks:        181.215.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:1a:9c:9d:8d:0a:62:df:d7:a7:fe:ef:c8:e2:ba:83:35:2b:91:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 23 17:46:15 2026 GMT
            Not After : May 22 17:51:15 2027 GMT
        Subject: CN=4A66CC9E731DF8CE26BEE76883C9BFD54D48D68B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f7:b5:b7:a7:e1:32:a8:54:6d:13:26:64:7d:
                    59:5c:9b:02:c1:d4:d9:b0:71:73:31:91:82:2d:ba:
                    5f:ce:5d:b7:8f:11:8e:4a:97:0e:f0:0e:2e:a6:56:
                    71:2d:75:50:1d:3d:32:78:5c:bc:3d:21:9b:f8:d8:
                    73:dd:39:9e:0d:81:54:dc:fb:26:df:be:20:43:e3:
                    2f:ae:74:33:5e:91:a8:77:e2:27:0e:2f:04:92:f0:
                    af:b7:01:2c:38:03:9c:4e:dc:b3:9b:14:a7:25:25:
                    d8:7e:e4:b0:73:7b:e2:be:9d:46:57:65:11:2b:b4:
                    70:99:14:c7:50:1c:98:ed:4e:f9:72:5d:e4:12:39:
                    f9:ef:bc:1d:3a:95:10:70:4d:bc:b6:5c:7f:57:48:
                    cc:87:6b:34:61:12:68:fc:75:7e:65:75:86:d2:51:
                    0b:77:01:02:8e:bf:fb:c7:9e:04:91:85:15:b4:cc:
                    48:a3:46:cf:0d:df:37:4a:38:3c:ae:bc:b8:d3:b4:
                    bc:6a:36:77:e0:b7:d0:07:e9:2b:8b:34:f1:33:a0:
                    f7:b4:52:0a:98:16:c4:92:e3:f3:ef:61:14:6c:c4:
                    b9:7e:67:f5:00:82:8c:c4:0c:6c:65:f5:3b:ca:0e:
                    e6:16:fe:d4:48:ad:77:da:59:09:c4:21:68:ef:51:
                    5a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:66:CC:9E:73:1D:F8:CE:26:BE:E7:68:83:C9:BF:D5:4D:48:D6:8B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:34:d9:ad:9c:98:b4:1d:bb:61:a4:42:75:43:20:5d:62:e1:
         c1:6b:a9:6a:8b:bf:99:08:c3:17:77:8d:43:91:8b:80:ac:a8:
         f5:47:50:47:29:66:02:cc:b4:07:7d:cd:32:5e:6c:b4:cc:67:
         aa:aa:2c:d2:de:c7:29:98:9e:ce:69:7a:c4:05:ab:7a:58:26:
         e5:b9:2b:3d:46:6a:9b:11:b0:3a:36:85:af:cc:06:50:c6:ce:
         08:4c:7f:13:d1:98:1f:25:81:b5:3d:bf:8b:93:39:ac:0e:c9:
         d4:82:2c:25:74:52:77:46:9f:89:8e:2e:3c:33:c0:eb:3c:65:
         4f:a2:54:56:e6:93:ec:95:00:89:2b:ea:ca:76:21:6b:5d:42:
         61:8d:c2:e3:87:19:e8:a3:2d:42:03:7c:b8:ba:f1:03:79:b1:
         4a:c7:8c:5c:0b:1e:29:25:f7:49:9f:5e:61:24:0f:07:ef:1a:
         b7:36:6e:54:25:2d:1d:a5:e1:f0:c0:d5:d2:71:de:4e:8c:b6:
         4d:b3:48:2a:ca:d5:36:90:75:45:61:33:69:81:42:a1:62:b4:
         b9:4c:3e:dc:5a:1a:0d:ad:4c:02:b9:a3:bf:ad:2d:9f:46:0d:
         f5:cc:7e:30:ab:1a:63:3f:9a:e0:85:f4:16:9b:ff:85:5f:17:
         88:70:81:fe
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUVxqcnY0KYt/Xp/7vyOK6gzUrkWIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjMxNzQ2MTVaFw0yNzA1MjIxNzUxMTVaMDMxMTAvBgNV
BAMTKDRBNjZDQzlFNzMxREY4Q0UyNkJFRTc2ODgzQzlCRkQ1NEQ0OEQ2OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg97W3p+EyqFRtEyZkfVlcmwLB
1NmwcXMxkYItul/OXbePEY5Klw7wDi6mVnEtdVAdPTJ4XLw9IZv42HPdOZ4NgVTc
+ybfviBD4y+udDNekah34icOLwSS8K+3ASw4A5xO3LObFKclJdh+5LBze+K+nUZX
ZRErtHCZFMdQHJjtTvlyXeQSOfnvvB06lRBwTby2XH9XSMyHazRhEmj8dX5ldYbS
UQt3AQKOv/vHngSRhRW0zEijRs8N3zdKODyuvLjTtLxqNnfgt9AH6SuLNPEzoPe0
UgqYFsSS4/PvYRRsxLl+Z/UAgozEDGxl9TvKDuYW/tRIrXfaWQnEIWjvUVpBAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUSmbMnnMd+M4mvudog8m/1U1I1oswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzMyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALXX7TAN
BgkqhkiG9w0BAQsFAAOCAQEAHzTZrZyYtB27YaRCdUMgXWLhwWupaou/mQjDF3eN
Q5GLgKyo9UdQRylmAsy0B33NMl5stMxnqqos0t7HKZiezml6xAWrelgm5bkrPUZq
mxGwOjaFr8wGUMbOCEx/E9GYHyWBtT2/i5M5rA7J1IIsJXRSd0afiY4uPDPA6zxl
T6JUVuaT7JUAiSvqynYha11CYY3C44cZ6KMtQgN8uLrxA3mxSseMXAseKSX3SZ9e
YSQPB+8atzZuVCUtHaXh8MDV0nHeToy2TbNIKsrVNpB1RWEzaYFCoWK0uUw+3Foa
Da1MArmjv60tn0YN9cx+MKsaYz+a4IX0Fpv/hV8XiHCB/g==
-----END CERTIFICATE-----