Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397968.roa
File:                     AS397968.roa (raw, json)
Hash identifier:          q16eNU/JUsQME7CLkqQDfQd1fB9ILjRRf4ZKjYOUGHo=
Subject key identifier:   E3:F7:D0:DE:DB:5B:E0:B5:F5:27:70:D8:3F:2A:90:EE:F6:FE:9F:5F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       24B6F5252519B186197DABEBA289B4844CF0FF0A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397968.roa
Signing time:             Tue 19 May 2026 11:12:03 +0000
ROA not before:           Tue 19 May 2026 11:07:03 +0000
ROA not after:            Tue 18 May 2027 11:12:03 +0000
asID:                     397968
IP address blocks:        191.101.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:b6:f5:25:25:19:b1:86:19:7d:ab:eb:a2:89:b4:84:4c:f0:ff:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 19 11:07:03 2026 GMT
            Not After : May 18 11:12:03 2027 GMT
        Subject: CN=E3F7D0DEDB5BE0B5F52770D83F2A90EEF6FE9F5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e6:a5:be:aa:ac:9b:67:b6:b0:04:72:e4:f0:
                    37:53:33:a9:b5:66:ef:9b:99:da:b1:8f:0a:ed:f7:
                    83:e6:2d:36:0a:dc:89:89:d0:c7:0b:bf:d7:6a:ac:
                    08:00:48:b9:ce:b6:b2:60:d4:ad:15:6a:24:fd:88:
                    5e:e3:ce:30:b6:6a:22:af:2a:01:0f:2f:ba:5c:ac:
                    20:49:33:5d:ee:0f:af:d8:81:92:64:62:40:08:63:
                    96:df:45:ce:50:4c:93:f1:39:ea:ed:bd:b9:e0:71:
                    82:04:29:55:03:e4:63:48:36:db:05:ed:4f:ef:59:
                    aa:ba:d2:9c:7e:5e:06:05:39:e0:6d:e4:77:6c:2e:
                    72:18:ac:ad:02:7e:93:14:b0:03:02:c6:21:8b:2c:
                    97:8f:37:3b:18:7b:cc:b3:a2:78:e3:e3:46:b9:18:
                    0e:bb:7c:37:3e:21:a5:5d:d8:3c:df:16:cf:93:e1:
                    86:2d:0c:28:e8:d9:39:32:43:8a:30:3d:8a:54:f1:
                    54:dc:46:10:07:81:af:ce:67:6f:c9:c4:7e:c9:cf:
                    2f:a5:2b:49:92:60:39:82:b2:53:59:8f:2c:6a:33:
                    a0:d7:27:97:22:3a:86:6f:0a:4c:aa:a2:08:a7:2d:
                    aa:1c:a6:fc:92:c8:8f:88:3d:83:a4:0f:cc:79:42:
                    a7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F7:D0:DE:DB:5B:E0:B5:F5:27:70:D8:3F:2A:90:EE:F6:FE:9F:5F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:3b:ec:05:ea:ba:22:f1:88:26:af:60:64:f1:4b:d2:c4:9d:
         de:f5:61:fb:ed:c1:c9:bb:67:92:cd:62:74:48:6c:dc:4c:58:
         24:ea:fe:6a:f2:f3:14:52:8b:e1:4f:2a:7a:97:15:e0:28:0b:
         a7:84:2f:d6:79:30:66:42:85:fd:34:b1:99:e4:b5:99:48:e2:
         a2:77:d0:62:73:eb:39:eb:dd:e6:68:5e:fc:90:4a:04:cc:9b:
         36:30:26:f1:65:6e:67:12:49:7b:3c:ea:fc:60:e9:bd:df:9e:
         ed:27:27:5b:8b:00:55:10:29:ae:e0:c6:dc:24:dc:13:c5:10:
         6e:2a:86:93:94:68:f8:55:ec:42:de:cf:fe:a7:34:56:86:ac:
         e4:47:5b:ee:05:44:e8:01:6e:c8:75:5d:89:18:32:3d:80:42:
         38:df:f9:6a:0e:c2:dd:e8:f1:6b:be:e9:cf:ed:a4:c5:07:10:
         e1:44:16:1d:15:db:c8:e8:cc:2a:f8:57:60:1e:29:fc:da:ae:
         a5:73:99:51:59:50:71:0a:25:bf:d7:08:02:9e:b1:29:0c:a4:
         9f:98:f6:48:e0:fa:5d:20:26:11:21:60:a7:74:da:aa:35:00:
         67:31:02:29:96:c7:ab:eb:3d:f7:b9:42:75:a3:9a:45:1f:bc:
         ce:5d:64:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJLb1JSUZsYYZfavroom0hEzw/wowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MTkxMTA3MDNaFw0yNzA1MTgxMTEyMDNaMDMxMTAvBgNV
BAMTKEUzRjdEMERFREI1QkUwQjVGNTI3NzBEODNGMkE5MEVFRjZGRTlGNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS5qW+qqybZ7awBHLk8DdTM6m1
Zu+bmdqxjwrt94PmLTYK3ImJ0McLv9dqrAgASLnOtrJg1K0VaiT9iF7jzjC2aiKv
KgEPL7pcrCBJM13uD6/YgZJkYkAIY5bfRc5QTJPxOertvbngcYIEKVUD5GNINtsF
7U/vWaq60px+XgYFOeBt5HdsLnIYrK0CfpMUsAMCxiGLLJePNzsYe8yzonjj40a5
GA67fDc+IaVd2DzfFs+T4YYtDCjo2TkyQ4owPYpU8VTcRhAHga/OZ2/JxH7Jzy+l
K0mSYDmCslNZjyxqM6DXJ5ciOoZvCkyqoginLaocpvySyI+IPYOkD8x5QqcjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4/fQ3ttb4LX1J3DYPyqQ7vb+n18wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk3OTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2VS
MA0GCSqGSIb3DQEBCwUAA4IBAQCRO+wF6roi8Ygmr2Bk8UvSxJ3e9WH77cHJu2eS
zWJ0SGzcTFgk6v5q8vMUUovhTyp6lxXgKAunhC/WeTBmQoX9NLGZ5LWZSOKid9Bi
c+s5693maF78kEoEzJs2MCbxZW5nEkl7POr8YOm9357tJydbiwBVECmu4MbcJNwT
xRBuKoaTlGj4VexC3s/+pzRWhqzkR1vuBUToAW7IdV2JGDI9gEI43/lqDsLd6PFr
vunP7aTFBxDhRBYdFdvI6Mwq+FdgHin82q6lc5lRWVBxCiW/1wgCnrEpDKSfmPZI
4PpdICYRIWCndNqqNQBnMQIplser6z33uUJ1o5pFH7zOXWS4
-----END CERTIFICATE-----