Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS61254.roa
File:                     AS61254.roa (raw, json)
Hash identifier:          WuAVl+97gvwbEIdhmG91VzYrTF74Gkux5bWlv36XoTY=
Subject key identifier:   0A:C4:1E:DC:FF:C1:6D:B4:20:91:4C:F8:FD:A7:8B:A9:2F:9F:2C:87
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5B05A67ABF0587589BFF60D904C82140E823CCC8
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS61254.roa
Signing time:             Sun 21 Sep 2025 08:48:47 +0000
ROA not before:           Sun 21 Sep 2025 08:43:47 +0000
ROA not after:            Sun 20 Sep 2026 08:48:47 +0000
asID:                     61254
IP address blocks:        143.20.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:05:a6:7a:bf:05:87:58:9b:ff:60:d9:04:c8:21:40:e8:23:cc:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 21 08:43:47 2025 GMT
            Not After : Sep 20 08:48:47 2026 GMT
        Subject: CN=0AC41EDCFFC16DB420914CF8FDA78BA92F9F2C87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:59:06:0f:b5:d3:cb:ed:4e:f2:6e:2c:5b:92:
                    cc:fa:6c:74:12:f6:35:b0:91:6c:a4:24:63:c3:bf:
                    ee:e9:e6:ec:ec:98:f1:6a:e1:33:3c:e9:fb:8e:8b:
                    df:ad:fe:23:45:ef:ca:1c:09:63:c2:2c:1a:e7:0c:
                    b8:55:15:39:33:bc:00:5e:cf:ad:c1:66:62:4e:a5:
                    70:94:c4:ee:3d:77:ea:13:22:57:b3:8a:28:5e:85:
                    02:f0:f5:e6:de:35:f9:5e:64:a3:b7:ff:aa:c6:de:
                    54:2d:a6:2c:4c:8a:63:b7:90:cb:38:2e:51:22:fc:
                    48:df:cd:62:6e:01:8d:61:b7:2d:55:74:94:18:b5:
                    a8:b9:4d:00:b8:a6:c9:04:32:85:7a:91:51:cb:c1:
                    8b:4d:7f:c2:c7:bb:6d:eb:fb:14:da:9a:47:92:97:
                    c7:64:3c:ed:69:6e:3a:e9:f8:9b:7b:5d:d9:fa:0a:
                    82:3b:8e:38:8f:c9:ef:d0:52:37:d1:11:a0:e5:d3:
                    4f:5b:c2:e5:ad:b2:c0:91:9e:39:0e:6f:e6:df:e5:
                    34:34:0a:35:63:da:8b:cf:bd:c8:1b:c4:ff:65:07:
                    6b:6a:af:73:03:e7:c3:a2:19:b9:f0:b0:09:1f:08:
                    a6:4e:3a:f4:1a:50:de:2e:51:63:ca:4c:0a:80:74:
                    2a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:C4:1E:DC:FF:C1:6D:B4:20:91:4C:F8:FD:A7:8B:A9:2F:9F:2C:87
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS61254.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:92:39:23:e4:b9:24:b2:c4:4b:01:73:9c:be:08:18:4b:80:
         78:dd:8e:17:cb:4a:e9:46:04:44:48:d8:5f:ce:76:b4:34:d5:
         a7:eb:1e:1d:44:fe:ba:b5:64:24:4d:ee:00:43:4d:be:34:51:
         4c:5f:73:c4:d3:35:35:73:f0:ec:2f:b1:d4:e9:48:f1:1a:f2:
         5b:f8:d9:46:64:76:18:14:d6:04:31:16:b8:6d:e8:14:f6:8c:
         69:4f:1b:b7:70:6a:06:7c:93:22:40:66:5a:cb:71:ff:68:41:
         68:d6:b0:26:0d:d5:aa:6d:48:35:9d:e0:f1:6d:77:79:76:b7:
         ea:4c:84:e6:c2:42:5f:69:ca:40:74:b5:38:ff:ca:b6:2d:c5:
         61:f3:63:d1:55:5c:12:65:20:4d:d8:b7:9f:5c:ce:18:88:7a:
         08:a9:d8:0b:b3:83:d9:36:74:8d:7a:6b:8b:46:c6:cc:a1:c6:
         0f:ed:15:99:97:db:85:0a:ed:38:16:72:f2:ee:6d:b1:b5:53:
         e2:42:b4:7c:06:8b:77:8d:98:ef:f3:96:7d:73:24:4d:6b:e4:
         79:bd:5c:8d:b8:ac:4f:5d:6c:b2:81:79:72:6f:72:09:98:22:
         c9:af:c8:a2:87:6b:96:ed:96:d1:ea:e2:9d:de:3a:09:3f:c9:
         61:5b:90:8f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWwWmer8Fh1ib/2DZBMghQOgjzMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjEwODQzNDdaFw0yNjA5MjAwODQ4NDdaMDMxMTAvBgNV
BAMTKDBBQzQxRURDRkZDMTZEQjQyMDkxNENGOEZEQTc4QkE5MkY5RjJDODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKWQYPtdPL7U7ybixbksz6bHQS
9jWwkWykJGPDv+7p5uzsmPFq4TM86fuOi9+t/iNF78ocCWPCLBrnDLhVFTkzvABe
z63BZmJOpXCUxO49d+oTIleziihehQLw9ebeNfleZKO3/6rG3lQtpixMimO3kMs4
LlEi/EjfzWJuAY1hty1VdJQYtai5TQC4pskEMoV6kVHLwYtNf8LHu23r+xTamkeS
l8dkPO1pbjrp+Jt7Xdn6CoI7jjiPye/QUjfREaDl009bwuWtssCRnjkOb+bf5TQ0
CjVj2ovPvcgbxP9lB2tqr3MD58OiGbnwsAkfCKZOOvQaUN4uUWPKTAqAdCrlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUCsQe3P/BbbQgkUz4/aeLqS+fLIcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjEyNTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFI8w
DQYJKoZIhvcNAQELBQADggEBAEmSOSPkuSSyxEsBc5y+CBhLgHjdjhfLSulGBERI
2F/OdrQ01afrHh1E/rq1ZCRN7gBDTb40UUxfc8TTNTVz8OwvsdTpSPEa8lv42UZk
dhgU1gQxFrht6BT2jGlPG7dwagZ8kyJAZlrLcf9oQWjWsCYN1aptSDWd4PFtd3l2
t+pMhObCQl9pykB0tTj/yrYtxWHzY9FVXBJlIE3Yt59czhiIegip2Auzg9k2dI16
a4tGxsyhxg/tFZmX24UK7TgWcvLubbG1U+JCtHwGi3eNmO/zln1zJE1r5Hm9XI24
rE9dbLKBeXJvcgmYIsmvyKKHa5btltHq4p3eOgk/yWFbkI8=
-----END CERTIFICATE-----