Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57974.roa
File:                     AS57974.roa (raw, json)
Hash identifier:          IMDWgp1jAk/P7zLbJROPUsKI/KQP6BBkpqYYE/I5T2E=
Subject key identifier:   44:7D:5D:AF:EB:4A:6E:01:2C:73:A5:5C:AC:6F:50:0C:73:AD:34:2C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       74E0DE931FF66E2E2A1E8A321E5B8F2A21388263
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57974.roa
Signing time:             Tue 21 Oct 2025 20:28:49 +0000
ROA not before:           Tue 21 Oct 2025 20:23:49 +0000
ROA not after:            Tue 20 Oct 2026 20:28:49 +0000
asID:                     57974
IP address blocks:        191.101.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Oct 2025 18:43:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:e0:de:93:1f:f6:6e:2e:2a:1e:8a:32:1e:5b:8f:2a:21:38:82:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 21 20:23:49 2025 GMT
            Not After : Oct 20 20:28:49 2026 GMT
        Subject: CN=447D5DAFEB4A6E012C73A55CAC6F500C73AD342C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2d:93:70:ae:be:7c:53:44:b4:93:58:2a:70:
                    38:dd:97:ae:12:e6:84:b0:90:68:35:7c:e7:6a:96:
                    bc:5e:a8:e7:2c:d6:c1:17:46:38:b5:4c:cc:b6:54:
                    0c:9b:8a:08:a6:ce:be:2f:f1:4c:34:2c:a3:78:e5:
                    5a:28:35:bf:a4:c0:c3:0d:ff:40:b9:44:98:eb:5b:
                    d4:fd:50:be:8d:eb:91:4c:17:9e:0c:19:41:45:eb:
                    d2:88:f7:62:e2:0f:5f:90:21:af:ea:d4:90:bc:47:
                    58:8e:05:74:28:ca:07:26:45:a0:0f:e8:0f:59:e0:
                    d5:bb:53:7f:75:b4:d4:21:d1:ea:6e:55:07:9b:86:
                    e8:8e:95:2b:bf:8d:2d:15:82:96:c9:fc:78:cc:37:
                    89:e8:7e:9d:30:9e:1b:eb:63:d0:5b:22:24:be:5d:
                    fd:c2:c2:db:06:9c:29:d2:5c:5f:66:e5:69:15:a6:
                    ec:22:3c:00:a7:5f:14:d1:e5:72:aa:18:27:db:cd:
                    e1:60:6d:f2:cb:d1:7e:bf:9f:4c:d6:81:85:37:e1:
                    bf:a3:65:ab:6c:c9:4c:08:06:bc:dc:d4:39:f7:28:
                    9e:70:9d:1d:6b:ea:46:23:18:c3:71:56:b4:be:3b:
                    03:ff:70:d0:48:fc:7f:25:23:ef:f5:be:05:b4:d4:
                    0a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7D:5D:AF:EB:4A:6E:01:2C:73:A5:5C:AC:6F:50:0C:73:AD:34:2C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57974.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:68:db:41:66:44:22:53:03:c6:0a:0e:b0:ae:de:51:e4:59:
         68:de:58:06:a5:bd:93:fe:97:10:33:a5:d2:e1:e4:ca:b5:c9:
         f1:ea:02:33:a5:a2:10:09:0b:d1:de:49:34:ec:e4:ca:57:ad:
         53:4b:0f:69:c2:d0:c5:90:7d:f1:cd:f6:aa:a0:dc:80:19:3a:
         6d:06:29:ac:60:31:46:36:00:91:85:c8:d1:06:be:d9:8c:e3:
         91:9d:a8:7f:7c:cb:b4:03:b4:4b:3d:38:7e:e5:9e:31:a8:2c:
         d4:0f:95:a0:a7:5c:d4:f1:50:c2:ab:43:02:06:bd:73:ba:6c:
         00:34:b6:75:68:7f:d4:cc:16:0d:73:c8:a0:44:ca:5a:51:32:
         fb:45:f8:95:fd:4f:50:9f:cf:a6:e4:f2:ba:44:89:ab:86:57:
         62:5d:7d:71:c6:f7:48:52:68:fe:66:3f:8d:34:bb:82:23:bb:
         c9:6f:3f:71:74:2a:2a:d7:37:1a:69:71:2a:57:09:d7:37:4b:
         cd:c0:b7:82:bd:e0:17:d7:a8:53:b0:0f:e5:50:f0:41:fd:a2:
         03:3b:fd:11:39:f5:fd:58:14:16:c7:ab:18:86:99:0c:97:74:
         3d:71:df:44:93:93:28:8b:d6:27:67:e2:4e:77:f0:c1:e8:06:
         39:82:3b:a9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdODekx/2bi4qHooyHluPKiE4gmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMjEyMDIzNDlaFw0yNjEwMjAyMDI4NDlaMDMxMTAvBgNV
BAMTKDQ0N0Q1REFGRUI0QTZFMDEyQzczQTU1Q0FDNkY1MDBDNzNBRDM0MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7LZNwrr58U0S0k1gqcDjdl64S
5oSwkGg1fOdqlrxeqOcs1sEXRji1TMy2VAybigimzr4v8Uw0LKN45VooNb+kwMMN
/0C5RJjrW9T9UL6N65FMF54MGUFF69KI92LiD1+QIa/q1JC8R1iOBXQoygcmRaAP
6A9Z4NW7U391tNQh0epuVQebhuiOlSu/jS0VgpbJ/HjMN4nofp0wnhvrY9BbIiS+
Xf3CwtsGnCnSXF9m5WkVpuwiPACnXxTR5XKqGCfbzeFgbfLL0X6/n0zWgYU34b+j
ZatsyUwIBrzc1Dn3KJ5wnR1r6kYjGMNxVrS+OwP/cNBI/H8lI+/1vgW01Ao9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQURH1dr+tKbgEsc6VcrG9QDHOtNCwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTc5NzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/Zfsw
DQYJKoZIhvcNAQELBQADggEBAIJo20FmRCJTA8YKDrCu3lHkWWjeWAalvZP+lxAz
pdLh5Mq1yfHqAjOlohAJC9HeSTTs5MpXrVNLD2nC0MWQffHN9qqg3IAZOm0GKaxg
MUY2AJGFyNEGvtmM45GdqH98y7QDtEs9OH7lnjGoLNQPlaCnXNTxUMKrQwIGvXO6
bAA0tnVof9TMFg1zyKBEylpRMvtF+JX9T1Cfz6bk8rpEiauGV2JdfXHG90hSaP5m
P400u4Iju8lvP3F0KirXNxppcSpXCdc3S83At4K94BfXqFOwD+VQ8EH9ogM7/RE5
9f1YFBbHqxiGmQyXdD1x30STkyiL1idn4k538MHoBjmCO6k=
-----END CERTIFICATE-----