Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398779.roa
File:                     AS398779.roa (raw, json)
Hash identifier:          qUGDPjnJUJmN26+zDXVzY/Sr5x7530ZcHirKWDOPNic=
Subject key identifier:   63:62:CD:AF:61:B0:A8:94:AC:65:29:A8:9F:2E:C7:9B:D8:73:F3:01
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3A18A1FF8A1F49E9DFE2B45CE2995B43D80E940F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398779.roa
Signing time:             Tue 26 Aug 2025 07:54:58 +0000
ROA not before:           Tue 26 Aug 2025 07:49:58 +0000
ROA not after:            Tue 25 Aug 2026 07:54:58 +0000
asID:                     398779
IP address blocks:        191.96.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:18:a1:ff:8a:1f:49:e9:df:e2:b4:5c:e2:99:5b:43:d8:0e:94:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 26 07:49:58 2025 GMT
            Not After : Aug 25 07:54:58 2026 GMT
        Subject: CN=6362CDAF61B0A894AC6529A89F2EC79BD873F301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f9:98:73:d7:9b:43:91:6a:14:0e:84:ca:98:
                    9d:69:d1:71:d9:5d:62:a4:ce:fc:e1:9f:45:d1:83:
                    1f:ff:f3:1f:02:a2:1b:31:cd:7f:f1:50:13:b8:59:
                    84:9f:01:62:e0:d9:bb:74:0b:35:b2:6a:33:2b:6b:
                    e0:51:fd:5a:7e:37:a5:d6:ee:70:23:41:ae:7d:60:
                    01:36:23:14:0f:0d:df:19:ad:08:b5:cc:b9:b7:f5:
                    da:d4:d2:00:39:b5:72:67:86:e7:70:3b:00:3d:4b:
                    f7:87:de:9f:ea:6a:db:c8:46:c1:b4:4a:37:86:1d:
                    e6:03:9e:de:39:de:a9:29:5c:33:ee:5b:1b:a0:cf:
                    5c:e1:db:03:b2:dc:57:b2:59:d4:ce:eb:16:af:7d:
                    3a:8f:e9:12:1c:8c:36:4c:21:6e:0e:fd:5c:42:e8:
                    c7:e3:5a:6d:b3:7a:5e:0a:2f:14:da:64:2a:09:28:
                    cf:21:76:d3:2a:77:db:f0:08:dd:8b:ca:30:34:eb:
                    d3:b2:f7:30:ca:7f:0a:c1:54:18:cd:3b:d9:bf:5a:
                    38:e2:40:ea:9e:b5:4c:4d:55:b4:36:0c:7f:48:71:
                    bf:bb:bd:63:6d:f4:c8:d2:a8:c2:cd:01:d1:4a:5f:
                    98:b3:59:c8:2b:00:fb:41:5e:5b:8b:6e:6a:81:f5:
                    74:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:62:CD:AF:61:B0:A8:94:AC:65:29:A8:9F:2E:C7:9B:D8:73:F3:01
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398779.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:88:01:15:2d:bc:d6:cb:ec:6e:2e:27:25:77:88:b8:76:52:
         5d:f6:62:e4:a9:61:0e:ae:9c:ce:85:d1:df:bd:24:27:65:df:
         82:b5:e4:14:91:85:5e:d1:5e:53:49:12:04:34:c9:27:8d:14:
         04:85:99:fc:ce:68:30:8a:7a:5b:b7:43:59:a2:f1:5a:65:25:
         f1:0c:c2:25:09:74:9e:38:6f:bb:b6:6a:aa:cd:ac:07:92:74:
         65:b5:76:f9:97:ab:22:93:ac:22:c5:a2:f2:4a:93:a0:88:40:
         86:12:a2:94:f2:93:53:ee:56:07:29:62:db:c3:e0:60:2f:ed:
         62:38:e6:50:fa:36:dd:b9:36:ae:e2:ef:89:ac:f8:9d:43:87:
         36:0e:22:eb:b4:6a:6c:e3:00:18:b0:5d:85:ec:3a:8f:7b:ea:
         2a:f1:b2:08:6f:0a:c2:ae:17:b5:f6:7c:6b:66:fd:0b:a3:9d:
         80:5a:ca:8c:33:2b:e1:31:32:00:5b:47:3a:dd:36:ef:d2:0b:
         3d:a0:09:0c:48:83:b0:38:2b:44:86:f2:82:e2:b9:b7:fc:1b:
         54:ef:1c:c0:a4:e3:35:b9:eb:c6:05:c5:af:af:99:2f:8a:29:
         cc:b7:29:99:e5:14:33:69:fc:50:dc:61:be:f6:44:64:ee:72:
         71:67:54:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOhih/4ofSenf4rRc4plbQ9gOlA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjYwNzQ5NThaFw0yNjA4MjUwNzU0NThaMDMxMTAvBgNV
BAMTKDYzNjJDREFGNjFCMEE4OTRBQzY1MjlBODlGMkVDNzlCRDg3M0YzMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/+Zhz15tDkWoUDoTKmJ1p0XHZ
XWKkzvzhn0XRgx//8x8CohsxzX/xUBO4WYSfAWLg2bt0CzWyajMra+BR/Vp+N6XW
7nAjQa59YAE2IxQPDd8ZrQi1zLm39drU0gA5tXJnhudwOwA9S/eH3p/qatvIRsG0
SjeGHeYDnt453qkpXDPuWxugz1zh2wOy3FeyWdTO6xavfTqP6RIcjDZMIW4O/VxC
6MfjWm2zel4KLxTaZCoJKM8hdtMqd9vwCN2LyjA069Oy9zDKfwrBVBjNO9m/Wjji
QOqetUxNVbQ2DH9Icb+7vWNt9MjSqMLNAdFKX5izWcgrAPtBXluLbmqB9XTjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUY2LNr2GwqJSsZSmony7Hm9hz8wEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk4Nzc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ax
MA0GCSqGSIb3DQEBCwUAA4IBAQAMiAEVLbzWy+xuLicld4i4dlJd9mLkqWEOrpzO
hdHfvSQnZd+CteQUkYVe0V5TSRIENMknjRQEhZn8zmgwinpbt0NZovFaZSXxDMIl
CXSeOG+7tmqqzawHknRltXb5l6sik6wixaLySpOgiECGEqKU8pNT7lYHKWLbw+Bg
L+1iOOZQ+jbduTau4u+JrPidQ4c2DiLrtGps4wAYsF2F7DqPe+oq8bIIbwrCrhe1
9nxrZv0Lo52AWsqMMyvhMTIAW0c63Tbv0gs9oAkMSIOwOCtEhvKC4rm3/BtU7xzA
pOM1uevGBcWvr5kviinMtymZ5RQzafxQ3GG+9kRk7nJxZ1RD
-----END CERTIFICATE-----