Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51791.roa
File:                     AS51791.roa (raw, json)
Hash identifier:          ZBEivjTQ8JL0Cfb8u5ar0csMCVaHBpWAdDgekQMk2tU=
Subject key identifier:   93:6A:1A:31:11:30:D7:D7:1C:68:6F:4E:7F:91:06:AA:1C:12:21:E0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       59D66E1DA5ACF7968EEDAC070A96C5D623DB644C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51791.roa
Signing time:             Tue 26 Aug 2025 22:54:58 +0000
ROA not before:           Tue 26 Aug 2025 22:49:58 +0000
ROA not after:            Tue 25 Aug 2026 22:54:58 +0000
asID:                     51791
IP address blocks:        181.215.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:d6:6e:1d:a5:ac:f7:96:8e:ed:ac:07:0a:96:c5:d6:23:db:64:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 26 22:49:58 2025 GMT
            Not After : Aug 25 22:54:58 2026 GMT
        Subject: CN=936A1A311130D7D71C686F4E7F9106AA1C1221E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d5:a0:39:36:cc:bd:63:55:bd:c0:49:e7:f4:
                    5b:23:10:e2:2c:a2:1f:52:61:39:bd:97:fd:0d:35:
                    60:d3:68:75:14:b2:53:21:66:0e:48:12:5a:63:e8:
                    2e:82:76:32:e5:60:d1:61:d6:2f:53:21:19:f1:d0:
                    a5:1c:95:34:33:fa:1f:f9:b1:88:0d:ff:6c:53:ca:
                    d6:bb:84:72:90:96:92:1d:b7:fe:81:9e:b1:1c:df:
                    de:e7:a0:fc:a5:e1:54:9c:60:f8:3b:be:61:b5:6d:
                    0a:70:13:99:51:23:d5:11:7a:3a:de:b1:eb:42:de:
                    18:de:a9:56:82:5d:48:1f:5f:c8:c8:1a:96:df:b4:
                    d4:c2:3c:bb:90:d1:ca:9a:88:bc:45:29:d7:de:7c:
                    21:62:46:23:e4:b7:b8:1e:0e:14:e5:71:44:ab:08:
                    34:48:dc:1b:8d:93:c3:d1:e8:11:11:49:5c:a4:2d:
                    96:68:10:f6:b9:bf:57:5a:ae:12:63:61:e5:08:ee:
                    cb:ff:e8:9e:04:95:07:53:f3:9e:b9:6a:30:19:de:
                    39:87:57:80:c3:1b:38:3a:a2:3e:36:86:13:c6:0f:
                    c7:7f:30:fc:0d:e6:8f:08:52:9f:4e:89:41:a8:12:
                    fb:d6:89:41:9b:e6:69:a6:78:57:cb:b4:02:4f:64:
                    8e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6A:1A:31:11:30:D7:D7:1C:68:6F:4E:7F:91:06:AA:1C:12:21:E0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:04:97:76:ba:21:06:0a:f1:8f:18:f3:23:2b:9b:78:2c:a9:
         43:91:22:9d:f4:f7:1b:15:77:bd:fc:23:2d:a6:38:86:5f:0c:
         4b:7f:34:80:9a:ed:26:0e:cb:b1:92:ba:d8:ab:8f:40:ad:14:
         90:5c:d7:dd:3a:47:b2:2f:8c:71:20:d3:42:56:17:2e:90:84:
         9f:7b:99:a6:a6:79:c6:83:a0:7d:98:00:b9:dd:50:ef:21:4e:
         f6:c2:1d:2c:b4:1a:15:fd:1e:f3:7a:f0:94:d0:8b:37:02:27:
         20:d6:fa:ba:fb:52:49:d3:ae:b4:c4:52:9d:30:52:b4:01:af:
         6d:28:ef:ca:40:3d:94:59:ee:2e:cf:d6:5f:8e:91:9f:18:e0:
         99:a9:74:2d:27:6e:fb:49:a6:85:ff:22:c5:7e:ff:60:66:4c:
         74:33:5d:4f:0f:df:9e:83:36:76:3d:d2:b9:7e:d3:0e:fc:f4:
         52:39:0c:fb:de:0a:8e:b6:ae:16:ae:4e:d1:32:49:cf:59:43:
         5b:af:8b:39:61:32:df:15:ea:8c:b5:d8:b5:8a:5e:a8:f4:b0:
         3b:d1:c5:27:75:9e:eb:29:41:77:bc:2c:7a:27:fc:f8:0a:30:
         67:a7:d2:0a:e4:ee:d9:dc:7a:0c:03:20:07:5d:be:4b:33:a1:
         d7:53:d2:9f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWdZuHaWs95aO7awHCpbF1iPbZEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjYyMjQ5NThaFw0yNjA4MjUyMjU0NThaMDMxMTAvBgNV
BAMTKDkzNkExQTMxMTEzMEQ3RDcxQzY4NkY0RTdGOTEwNkFBMUMxMjIxRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC11aA5Nsy9Y1W9wEnn9FsjEOIs
oh9SYTm9l/0NNWDTaHUUslMhZg5IElpj6C6CdjLlYNFh1i9TIRnx0KUclTQz+h/5
sYgN/2xTyta7hHKQlpIdt/6BnrEc397noPyl4VScYPg7vmG1bQpwE5lRI9URejre
setC3hjeqVaCXUgfX8jIGpbftNTCPLuQ0cqaiLxFKdfefCFiRiPkt7geDhTlcUSr
CDRI3BuNk8PR6BERSVykLZZoEPa5v1darhJjYeUI7sv/6J4ElQdT8565ajAZ3jmH
V4DDGzg6oj42hhPGD8d/MPwN5o8IUp9OiUGoEvvWiUGb5mmmeFfLtAJPZI4lAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUk2oaMREw19ccaG9Of5EGqhwSIeAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTE3OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC118Ew
DQYJKoZIhvcNAQELBQADggEBAF8El3a6IQYK8Y8Y8yMrm3gsqUORIp309xsVd738
Iy2mOIZfDEt/NICa7SYOy7GSutirj0CtFJBc1906R7IvjHEg00JWFy6QhJ97maam
ecaDoH2YALndUO8hTvbCHSy0GhX9HvN68JTQizcCJyDW+rr7UknTrrTEUp0wUrQB
r20o78pAPZRZ7i7P1l+OkZ8Y4JmpdC0nbvtJpoX/IsV+/2BmTHQzXU8P356DNnY9
0rl+0w789FI5DPveCo62rhauTtEySc9ZQ1uvizlhMt8V6oy12LWKXqj0sDvRxSd1
nuspQXe8LHon/PgKMGen0grk7tncegwDIAddvkszoddT0p8=
-----END CERTIFICATE-----