Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS197537.roa
File:                     AS197537.roa (raw, json)
Hash identifier:          0UIuT+YgbE4jWzeeflmxR7NvJjePp2xXWYLG/1RP1hE=
Subject key identifier:   2C:73:9B:65:1D:0F:73:93:95:ED:31:66:A5:91:7C:86:33:01:E5:90
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7E4D7675CB1521E721B4D4B3CB60A12DB5E1EC55
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS197537.roa
Signing time:             Sun 01 Jun 2025 18:46:36 +0000
ROA not before:           Sun 01 Jun 2025 18:41:36 +0000
ROA not after:            Sun 31 May 2026 18:46:36 +0000
asID:                     197537
IP address blocks:        96.62.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:4d:76:75:cb:15:21:e7:21:b4:d4:b3:cb:60:a1:2d:b5:e1:ec:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  1 18:41:36 2025 GMT
            Not After : May 31 18:46:36 2026 GMT
        Subject: CN=2C739B651D0F739395ED3166A5917C863301E590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:74:2b:b6:cd:bd:bc:4b:7c:53:08:d3:d0:f7:
                    4f:32:91:6a:7d:a1:08:85:1e:71:53:e3:64:3f:ae:
                    24:b8:80:2f:ab:eb:fb:4f:a4:31:b8:fa:c4:ed:c6:
                    5f:1a:9a:d3:19:7b:e4:da:fb:b6:fd:29:d1:1a:96:
                    6e:29:a9:25:f3:8a:11:99:5d:6a:00:aa:2e:1b:65:
                    53:dc:21:03:60:03:2c:0d:bb:a9:f4:ba:ee:de:8c:
                    41:aa:08:b2:73:ff:62:71:ef:25:b7:f9:37:09:e3:
                    5d:2b:4f:10:aa:ce:b3:dd:3e:2c:4b:06:1d:ee:4e:
                    fc:f2:f5:4f:20:84:61:a4:b6:d8:ad:0f:d7:70:47:
                    1a:6f:a3:94:92:58:36:f6:63:d1:7e:1b:06:fe:83:
                    69:35:98:ed:60:38:f5:47:83:21:17:d3:01:be:df:
                    11:b1:71:0c:98:de:cd:5b:9e:d3:e2:c8:0f:7f:e4:
                    d6:54:6f:70:67:3b:55:6f:94:60:f1:be:66:86:0e:
                    ac:4b:21:d1:2f:63:19:6d:39:f0:35:23:94:14:c8:
                    a6:b9:ab:89:ac:ab:dc:25:61:46:72:f4:4f:4e:ef:
                    ea:7a:be:d5:a8:af:0f:c8:a9:57:bb:ce:21:e0:b2:
                    6a:06:a8:f7:bc:97:5c:f4:3d:c1:b0:7f:b4:4b:d0:
                    de:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:73:9B:65:1D:0F:73:93:95:ED:31:66:A5:91:7C:86:33:01:E5:90
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS197537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a5:bb:b8:9c:4f:7b:19:71:26:77:b4:f4:04:8b:cb:49:9f:9b:
         7e:65:8c:1e:fc:0b:ec:20:2b:8c:d7:8b:c9:bd:bc:5c:9b:6c:
         80:47:8a:66:00:38:f0:9c:14:31:97:db:f7:3f:b9:40:f9:44:
         b7:a5:77:3b:1f:f4:b2:bf:d6:76:99:f9:2f:41:92:b3:f1:08:
         28:22:79:72:d6:dc:de:76:2e:52:18:54:b3:71:29:76:d2:cb:
         f0:ed:b2:7b:fb:07:07:b4:36:e5:bc:10:c4:77:49:f3:9a:af:
         c8:03:df:e7:ab:3c:23:5f:ba:d9:87:93:8f:f1:0f:76:3c:4a:
         fd:c2:38:3f:53:43:93:e4:fa:77:ed:e3:1f:34:83:ea:e1:c1:
         72:15:0f:26:0a:80:5d:3d:0d:fb:36:7c:96:af:19:3c:45:57:
         4e:8f:50:f0:b0:85:81:cd:01:0b:65:e2:6c:c6:ad:7c:19:5e:
         96:15:08:ef:8e:18:84:f9:ad:50:14:c5:9a:fd:88:96:b9:de:
         cc:67:6d:ea:61:17:8b:39:cf:ca:52:35:ae:d0:57:a4:ce:17:
         46:38:06:51:87:19:dc:c5:f9:b4:bc:70:3c:2d:72:b6:c9:5b:
         f5:b8:19:a7:7d:3b:f8:6d:7d:f8:b9:3b:b6:f8:09:ed:14:6d:
         e9:71:89:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfk12dcsVIechtNSzy2ChLbXh7FUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDExODQxMzZaFw0yNjA1MzExODQ2MzZaMDMxMTAvBgNV
BAMTKDJDNzM5QjY1MUQwRjczOTM5NUVEMzE2NkE1OTE3Qzg2MzMwMUU1OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjdCu2zb28S3xTCNPQ908ykWp9
oQiFHnFT42Q/riS4gC+r6/tPpDG4+sTtxl8amtMZe+Ta+7b9KdEalm4pqSXzihGZ
XWoAqi4bZVPcIQNgAywNu6n0uu7ejEGqCLJz/2Jx7yW3+TcJ410rTxCqzrPdPixL
Bh3uTvzy9U8ghGGkttitD9dwRxpvo5SSWDb2Y9F+Gwb+g2k1mO1gOPVHgyEX0wG+
3xGxcQyY3s1bntPiyA9/5NZUb3BnO1VvlGDxvmaGDqxLIdEvYxltOfA1I5QUyKa5
q4msq9wlYUZy9E9O7+p6vtWorw/IqVe7ziHgsmoGqPe8l1z0PcGwf7RL0N6FAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULHObZR0Pc5OV7TFmpZF8hjMB5ZAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk3NTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFYD4A
MA0GCSqGSIb3DQEBCwUAA4IBAQClu7icT3sZcSZ3tPQEi8tJn5t+ZYwe/AvsICuM
14vJvbxcm2yAR4pmADjwnBQxl9v3P7lA+US3pXc7H/Syv9Z2mfkvQZKz8QgoInly
1tzedi5SGFSzcSl20svw7bJ7+wcHtDblvBDEd0nzmq/IA9/nqzwjX7rZh5OP8Q92
PEr9wjg/U0OT5Pp37eMfNIPq4cFyFQ8mCoBdPQ37NnyWrxk8RVdOj1DwsIWBzQEL
ZeJsxq18GV6WFQjvjhiE+a1QFMWa/YiWud7MZ23qYReLOc/KUjWu0FekzhdGOAZR
hxncxfm0vHA8LXK2yVv1uBmnfTv4bX34uTu2+AntFG3pcYl9
-----END CERTIFICATE-----