Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS197537.roa
File:                     AS197537.roa (raw, json)
Hash identifier:          kvmAPPruLwX9Bee5emEHITpCvW3DtDfmd064ELEdRSQ=
Subject key identifier:   7B:B8:72:6F:99:F5:4C:C6:09:58:81:53:43:17:4B:96:FF:67:48:03
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1F6287E82214FE5C5768AD266DB7459263647638
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS197537.roa
Signing time:             Mon 17 Mar 2025 06:01:15 +0000
ROA not before:           Mon 17 Mar 2025 05:56:15 +0000
ROA not after:            Mon 16 Mar 2026 06:01:15 +0000
asID:                     197537
IP address blocks:        96.62.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:62:87:e8:22:14:fe:5c:57:68:ad:26:6d:b7:45:92:63:64:76:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 17 05:56:15 2025 GMT
            Not After : Mar 16 06:01:15 2026 GMT
        Subject: CN=7BB8726F99F54CC60958815343174B96FF674803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c0:48:21:6a:73:1e:9f:56:90:fb:94:14:27:
                    b2:a6:b7:51:74:1e:0e:16:a2:2d:b2:8b:08:85:35:
                    7c:75:61:96:d1:20:4d:3e:5d:76:04:67:d0:ad:a5:
                    04:29:80:4f:d3:cd:9f:f8:ee:95:a0:35:fe:41:1a:
                    8a:0c:2b:b0:38:b4:05:6e:6c:c2:8a:d1:87:95:cd:
                    b8:0e:74:c3:36:d1:ad:b0:ea:f4:1d:38:07:de:01:
                    1e:e8:25:86:aa:4a:da:8f:36:53:7a:5c:d8:be:83:
                    a7:44:16:ce:36:83:94:fa:c3:90:03:47:1b:82:ad:
                    41:0b:70:a1:9e:95:b3:b8:b6:0f:9f:e5:11:5a:44:
                    0a:c6:7f:81:d1:cc:1b:39:51:87:4d:c9:61:be:f9:
                    fa:0b:15:26:0e:9e:bb:6c:1b:c3:63:fd:23:dc:ce:
                    14:48:e4:de:00:1b:ab:4d:bc:4e:b5:c3:78:35:12:
                    97:6f:af:28:c5:87:9c:5d:3e:b6:c0:d8:80:fa:c3:
                    5f:bb:8d:72:56:3a:d4:f5:ff:0b:7d:8d:1b:4c:99:
                    f7:ce:e2:e6:02:d5:67:f8:66:29:30:1b:10:44:f2:
                    2a:23:6c:2a:be:1b:23:a9:41:a8:0f:cf:73:03:81:
                    61:d0:8c:99:e6:cb:d6:43:bd:f1:c2:32:ea:df:10:
                    27:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:B8:72:6F:99:F5:4C:C6:09:58:81:53:43:17:4B:96:FF:67:48:03
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS197537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:0f:98:2b:4d:6a:3c:32:26:8f:83:ad:c7:05:7f:e3:34:f8:
         6d:d9:8a:99:e1:0c:2c:22:8b:56:7c:57:3f:b0:0d:bd:77:e6:
         e0:56:80:98:f8:ba:ca:01:7c:7d:f7:2f:2f:6f:a5:f6:19:82:
         37:52:2f:66:40:57:dc:39:f1:2b:29:f2:9b:6a:5d:56:f2:62:
         82:76:7c:28:8b:a0:27:f5:f8:67:ae:09:dd:f7:b8:3d:05:62:
         07:72:26:28:15:83:7c:37:0c:49:56:ad:1e:be:d9:2a:9c:4f:
         04:f7:c4:bc:de:28:7a:7c:8d:f9:81:11:40:fb:00:fb:89:e2:
         56:3d:84:98:d6:33:e3:de:89:81:a1:29:c1:77:98:5e:f2:a2:
         31:1c:15:97:3b:8e:a5:98:3b:7b:5e:08:0c:9d:e3:f9:ef:f6:
         81:6c:6d:5f:d6:2b:36:68:59:d0:f8:fb:f3:44:52:ea:70:c4:
         a6:1e:90:2d:63:bf:eb:89:60:3a:f9:71:68:68:4c:32:63:1c:
         bb:10:3f:09:af:96:c9:c7:84:2e:54:c7:68:18:75:86:b9:5f:
         0f:38:2a:cb:4c:05:96:c3:dc:5d:6c:bd:a5:c1:62:aa:97:82:
         7f:2f:0a:70:df:09:ec:fd:a5:90:17:eb:30:99:fc:8d:ec:71:
         aa:0f:66:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH2KH6CIU/lxXaK0mbbdFkmNkdjgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMTcwNTU2MTVaFw0yNjAzMTYwNjAxMTVaMDMxMTAvBgNV
BAMTKDdCQjg3MjZGOTlGNTRDQzYwOTU4ODE1MzQzMTc0Qjk2RkY2NzQ4MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgwEghanMen1aQ+5QUJ7Kmt1F0
Hg4Woi2yiwiFNXx1YZbRIE0+XXYEZ9CtpQQpgE/TzZ/47pWgNf5BGooMK7A4tAVu
bMKK0YeVzbgOdMM20a2w6vQdOAfeAR7oJYaqStqPNlN6XNi+g6dEFs42g5T6w5AD
RxuCrUELcKGelbO4tg+f5RFaRArGf4HRzBs5UYdNyWG++foLFSYOnrtsG8Nj/SPc
zhRI5N4AG6tNvE61w3g1EpdvryjFh5xdPrbA2ID6w1+7jXJWOtT1/wt9jRtMmffO
4uYC1Wf4ZikwGxBE8iojbCq+GyOpQagPz3MDgWHQjJnmy9ZDvfHCMurfECdtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUe7hyb5n1TMYJWIFTQxdLlv9nSAMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk3NTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYD5n
MA0GCSqGSIb3DQEBCwUAA4IBAQCJD5grTWo8MiaPg63HBX/jNPht2YqZ4QwsIotW
fFc/sA29d+bgVoCY+LrKAXx99y8vb6X2GYI3Ui9mQFfcOfErKfKbal1W8mKCdnwo
i6An9fhnrgnd97g9BWIHciYoFYN8NwxJVq0evtkqnE8E98S83ih6fI35gRFA+wD7
ieJWPYSY1jPj3omBoSnBd5he8qIxHBWXO46lmDt7XggMneP57/aBbG1f1is2aFnQ
+PvzRFLqcMSmHpAtY7/riWA6+XFoaEwyYxy7ED8Jr5bJx4QuVMdoGHWGuV8POCrL
TAWWw9xdbL2lwWKql4J/Lwpw3wns/aWQF+swmfyN7HGqD2Ya
-----END CERTIFICATE-----