Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa
File:                     AS53356.roa (raw, json)
Hash identifier:          ywTWmO1wLmEGvOLm+kM8wgjIDSPwgt8lthwPjdzS7cU=
Subject key identifier:   C4:9F:70:38:68:7F:CE:A9:FE:22:C3:D3:22:B3:1D:67:F7:E1:12:D3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       676CEA59BF8B099C8DB2D5B14CD321CD0F156216
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa
Signing time:             Fri 22 May 2026 00:47:15 +0000
ROA not before:           Fri 22 May 2026 00:42:15 +0000
ROA not after:            Fri 21 May 2027 00:47:15 +0000
asID:                     53356
IP address blocks:        181.214.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 02:20:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:6c:ea:59:bf:8b:09:9c:8d:b2:d5:b1:4c:d3:21:cd:0f:15:62:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 22 00:42:15 2026 GMT
            Not After : May 21 00:47:15 2027 GMT
        Subject: CN=C49F7038687FCEA9FE22C3D322B31D67F7E112D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c5:ca:9b:b7:8f:d1:75:89:11:b9:c2:c6:e0:
                    ff:a6:9d:32:82:13:24:cc:1e:03:68:ef:4a:86:f6:
                    5f:1a:7f:1c:00:dd:32:b1:a8:f4:02:97:22:b7:3e:
                    ab:6a:d6:08:ed:98:18:38:30:3a:49:c1:2b:f7:1c:
                    32:8e:b1:d7:3e:c5:0b:86:c4:e5:15:a9:39:be:1f:
                    21:f4:8d:a0:2e:33:24:12:fc:cf:8d:b3:3a:f5:1e:
                    6e:4d:bf:48:59:89:f2:db:dd:ba:44:93:73:37:fc:
                    96:59:d8:c6:b7:d6:0a:13:32:0e:6c:3e:60:8a:ef:
                    58:e0:d4:92:38:cc:b6:ee:34:78:a9:77:f7:90:99:
                    2b:45:1e:38:13:75:f8:e0:29:62:25:05:23:26:0e:
                    de:95:a4:74:5b:86:f0:e8:d3:67:dd:79:a3:3a:a6:
                    62:03:32:6d:d7:68:71:9c:85:ec:ac:78:07:06:26:
                    08:1d:65:b6:92:86:db:64:7f:d1:b1:bb:07:86:b2:
                    c1:21:23:8f:54:f5:72:67:0e:1d:19:9c:0b:fa:90:
                    01:ee:b6:9b:62:0a:32:c2:51:ca:73:e4:a9:48:e4:
                    76:9e:7a:fd:49:ff:0b:32:4a:9f:85:5d:78:dd:0a:
                    97:9d:15:8e:84:7e:d2:1f:b8:7b:c0:16:11:71:db:
                    3d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:9F:70:38:68:7F:CE:A9:FE:22:C3:D3:22:B3:1D:67:F7:E1:12:D3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:0f:23:66:e0:20:ca:5f:8a:09:19:5c:9f:14:3a:5d:b3:c1:
         5b:0b:ce:81:89:2d:bc:e3:94:42:ba:fa:4b:f3:bb:4d:27:d5:
         52:22:55:b0:c7:06:c9:7b:fc:82:d0:cd:d6:bf:cb:66:ac:0d:
         d3:7e:6a:4d:04:1a:ff:c3:45:56:17:5e:b2:2a:de:49:a7:13:
         4b:71:ac:ac:c3:73:e3:ad:30:8d:cb:1c:6d:9c:dd:d5:99:92:
         4a:b8:a3:8b:29:1c:61:91:95:08:6e:36:cb:58:37:66:c3:73:
         52:f0:6d:9d:0c:bc:0f:cb:fd:67:50:88:9a:a9:7d:86:18:49:
         e8:31:02:04:9b:72:cb:5b:8e:e7:bb:af:5d:15:63:f3:13:d0:
         a0:b7:a5:34:a9:e3:5c:c6:6b:af:27:d9:ff:ca:ab:a1:b4:5f:
         60:e2:fe:4c:be:7d:fc:88:bd:10:ab:8d:17:41:dd:2c:c3:3d:
         db:42:64:e0:9e:4f:cf:39:77:9a:9a:d2:dc:d2:42:75:60:b8:
         29:97:7c:8a:9f:af:84:13:36:c1:1c:7c:22:b8:72:49:2b:53:
         2d:b3:44:f5:06:0e:a6:e6:94:2b:f0:71:8d:b8:da:a6:09:57:
         ac:be:3f:7f:00:28:34:f8:60:3e:15:68:ec:50:5f:a6:6a:8d:
         a5:61:12:33
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZ2zqWb+LCZyNstWxTNMhzQ8VYhYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjIwMDQyMTVaFw0yNzA1MjEwMDQ3MTVaMDMxMTAvBgNV
BAMTKEM0OUY3MDM4Njg3RkNFQTlGRTIyQzNEMzIyQjMxRDY3RjdFMTEyRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkxcqbt4/RdYkRucLG4P+mnTKC
EyTMHgNo70qG9l8afxwA3TKxqPQClyK3Pqtq1gjtmBg4MDpJwSv3HDKOsdc+xQuG
xOUVqTm+HyH0jaAuMyQS/M+Nszr1Hm5Nv0hZifLb3bpEk3M3/JZZ2Ma31goTMg5s
PmCK71jg1JI4zLbuNHipd/eQmStFHjgTdfjgKWIlBSMmDt6VpHRbhvDo02fdeaM6
pmIDMm3XaHGcheyseAcGJggdZbaShttkf9GxuweGssEhI49U9XJnDh0ZnAv6kAHu
tptiCjLCUcpz5KlI5Haeev1J/wsySp+FXXjdCpedFY6EftIfuHvAFhFx2z3XAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUxJ9wOGh/zqn+IsPTIrMdZ/fhEtMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTMzNTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11icw
DQYJKoZIhvcNAQELBQADggEBALUPI2bgIMpfigkZXJ8UOl2zwVsLzoGJLbzjlEK6
+kvzu00n1VIiVbDHBsl7/ILQzda/y2asDdN+ak0EGv/DRVYXXrIq3kmnE0txrKzD
c+OtMI3LHG2c3dWZkkq4o4spHGGRlQhuNstYN2bDc1LwbZ0MvA/L/WdQiJqpfYYY
SegxAgSbcstbjue7r10VY/MT0KC3pTSp41zGa68n2f/Kq6G0X2Di/ky+ffyIvRCr
jRdB3SzDPdtCZOCeT885d5qa0tzSQnVguCmXfIqfr4QTNsEcfCK4ckkrUy2zRPUG
DqbmlCvwcY242qYJV6y+P38AKDT4YD4VaOxQX6ZqjaVhEjM=
-----END CERTIFICATE-----