Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS4637.roa
File:                     AS4637.roa (raw, json)
Hash identifier:          /ONqEdNMcjppA21+gcYMmi4UXwRjBWnXXme7j7fkuks=
Subject key identifier:   E6:61:62:12:1F:8A:50:46:88:DD:E5:BB:4D:78:92:BE:CE:A8:94:F3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0B509587E4FD1F48B9E4FCA403750E9DC0E09E63
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS4637.roa
Signing time:             Mon 07 Jul 2025 16:34:58 +0000
ROA not before:           Mon 07 Jul 2025 16:29:58 +0000
ROA not after:            Mon 06 Jul 2026 16:34:58 +0000
asID:                     4637
IP address blocks:        95.134.136.0/24 maxlen: 24
                          95.134.137.0/24 maxlen: 24
                          95.134.138.0/24 maxlen: 24
                          95.134.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:50:95:87:e4:fd:1f:48:b9:e4:fc:a4:03:75:0e:9d:c0:e0:9e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul  7 16:29:58 2025 GMT
            Not After : Jul  6 16:34:58 2026 GMT
        Subject: CN=E66162121F8A504688DDE5BB4D7892BECEA894F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bf:5d:75:0e:81:81:d7:2e:34:92:a0:42:ff:
                    2c:89:8a:e7:dc:9c:97:52:0f:50:c9:08:78:37:8b:
                    17:7f:25:d6:d6:33:e8:c3:c6:54:04:cb:70:ec:1a:
                    04:a6:83:f4:52:ac:9f:69:ce:b6:3e:03:f3:b5:db:
                    51:b0:63:49:88:63:a2:4f:2d:30:15:f6:5d:6b:0d:
                    6f:e5:dc:21:3c:89:a2:17:58:dd:ad:7b:3c:49:98:
                    0a:3b:6e:80:fc:ef:35:d3:d6:d7:36:c1:6b:7c:dc:
                    cb:9f:8c:bb:ab:2a:ed:d4:bf:a9:a0:a3:ce:82:06:
                    a1:1e:82:39:ed:55:5e:3d:8c:d5:ca:22:05:f1:37:
                    f1:08:e4:50:6b:a5:0c:9e:a0:fe:0f:b7:ac:55:9f:
                    92:61:49:80:d7:4c:ff:b3:3a:ef:20:6e:7c:4e:75:
                    d6:a0:ee:f4:e4:4b:f7:f4:13:9a:e4:c2:15:b9:94:
                    34:02:6e:35:cc:db:0d:ec:06:5b:98:1f:4a:86:50:
                    6a:88:8b:be:eb:53:58:d9:76:9b:b7:af:3c:a3:41:
                    77:fc:bd:0f:0d:78:bc:78:dc:4e:66:7a:d0:1c:e8:
                    00:18:1a:93:38:c5:5b:12:88:30:67:73:79:2c:de:
                    a2:3a:c3:b8:31:9c:98:83:2a:bb:6e:16:39:74:c8:
                    b1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:61:62:12:1F:8A:50:46:88:DD:E5:BB:4D:78:92:BE:CE:A8:94:F3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS4637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:0e:8e:c0:3f:f0:88:24:3b:33:69:ba:ed:92:cf:c2:3a:f3:
         69:82:cc:b8:c5:b8:23:30:50:c3:39:1f:6e:24:62:3a:16:65:
         9c:10:b6:c2:c6:9b:17:a1:4c:d3:b4:3b:4d:5b:a0:61:79:9c:
         10:15:08:67:3c:1f:d9:00:4a:9d:6b:ee:5e:53:6d:b1:57:16:
         fc:ab:af:03:4a:c2:71:6a:b4:94:a9:1c:83:5b:46:bf:26:5d:
         3e:f6:48:10:bc:4b:55:c8:37:5d:b8:cb:fa:27:6c:f5:3e:c1:
         51:c5:c9:42:f3:a9:eb:44:ee:dc:df:47:7c:15:90:ca:bd:80:
         57:a2:a4:75:d5:22:e4:f1:e8:cb:28:51:94:9e:ef:13:0c:a6:
         a2:ad:68:dc:12:ea:67:5a:17:85:27:9c:1b:56:49:5e:8d:f5:
         99:6e:1c:27:6a:a8:ff:90:f6:62:ec:0a:a9:91:bf:d6:93:b4:
         c5:56:99:bf:59:b3:4d:bc:e4:fd:ea:42:e6:78:65:fd:8d:35:
         4e:eb:1c:eb:2d:46:97:55:04:a4:30:0d:66:dc:45:57:1b:8f:
         8b:a9:80:95:99:83:cb:9d:9a:85:8c:98:9c:1e:8c:d8:89:5b:
         43:11:97:29:f8:90:75:9e:e7:08:2d:8d:29:95:8d:86:0c:49:
         95:2a:a2:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUC1CVh+T9H0i55PykA3UOncDgnmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MDcxNjI5NThaFw0yNjA3MDYxNjM0NThaMDMxMTAvBgNV
BAMTKEU2NjE2MjEyMUY4QTUwNDY4OERERTVCQjRENzg5MkJFQ0VBODk0RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIv111DoGB1y40kqBC/yyJiufc
nJdSD1DJCHg3ixd/JdbWM+jDxlQEy3DsGgSmg/RSrJ9pzrY+A/O121GwY0mIY6JP
LTAV9l1rDW/l3CE8iaIXWN2tezxJmAo7boD87zXT1tc2wWt83MufjLurKu3Uv6mg
o86CBqEegjntVV49jNXKIgXxN/EI5FBrpQyeoP4Pt6xVn5JhSYDXTP+zOu8gbnxO
ddag7vTkS/f0E5rkwhW5lDQCbjXM2w3sBluYH0qGUGqIi77rU1jZdpu3rzyjQXf8
vQ8NeLx43E5metAc6AAYGpM4xVsSiDBnc3ks3qI6w7gxnJiDKrtuFjl0yLGfAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU5mFiEh+KUEaI3eW7TXiSvs6olPMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDYzNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAl+GiDAN
BgkqhkiG9w0BAQsFAAOCAQEALg6OwD/wiCQ7M2m67ZLPwjrzaYLMuMW4IzBQwzkf
biRiOhZlnBC2wsabF6FM07Q7TVugYXmcEBUIZzwf2QBKnWvuXlNtsVcW/KuvA0rC
cWq0lKkcg1tGvyZdPvZIELxLVcg3XbjL+ids9T7BUcXJQvOp60Tu3N9HfBWQyr2A
V6KkddUi5PHoyyhRlJ7vEwymoq1o3BLqZ1oXhSecG1ZJXo31mW4cJ2qo/5D2YuwK
qZG/1pO0xVaZv1mzTbzk/epC5nhl/Y01Tusc6y1Gl1UEpDANZtxFVxuPi6mAlZmD
y52ahYyYnB6M2IlbQxGXKfiQdZ7nCC2NKZWNhgxJlSqibg==
-----END CERTIFICATE-----