Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa
File:                     AS26737.roa (raw, json)
Hash identifier:          ncONDz9trScJ+9MdlZtypRc/Xufa+PAEnk8FEPhl3ug=
Subject key identifier:   88:9C:64:25:A0:CF:99:A4:A1:47:0A:C0:42:C7:20:F3:92:55:F9:F5
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0C4BB9936503B467799359FE4779478AA7BF1947
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa
Signing time:             Fri 14 Mar 2025 10:36:01 +0000
ROA not before:           Fri 14 Mar 2025 10:31:01 +0000
ROA not after:            Fri 13 Mar 2026 10:36:01 +0000
asID:                     26737
IP address blocks:        150.241.192.0/22 maxlen: 24
                          150.241.216.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:4b:b9:93:65:03:b4:67:79:93:59:fe:47:79:47:8a:a7:bf:19:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 14 10:31:01 2025 GMT
            Not After : Mar 13 10:36:01 2026 GMT
        Subject: CN=889C6425A0CF99A4A1470AC042C720F39255F9F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:63:76:36:45:3b:aa:7d:04:12:5e:66:55:ec:
                    14:3d:88:44:32:79:67:06:e6:3f:01:c4:1b:9a:9d:
                    dd:88:7c:99:b9:34:0e:8c:c8:ca:9b:ba:24:bd:8f:
                    23:4b:e9:e6:6a:6e:5a:90:0e:6c:83:45:2a:0c:d0:
                    16:50:7e:f4:d1:bd:8c:78:24:df:b9:c3:80:4c:cd:
                    0c:1e:5b:e1:79:97:6a:26:66:a8:79:70:4e:62:de:
                    86:f4:40:fa:e1:c7:2f:7d:a2:42:b9:c7:1d:d1:0a:
                    70:8c:cb:41:8f:a9:d5:60:20:0e:39:bd:f4:26:08:
                    ef:a5:40:49:20:46:75:ea:13:52:4d:20:00:5e:90:
                    71:c9:62:66:b5:de:d1:4c:1d:74:0a:c0:7e:93:85:
                    e4:44:4b:04:67:99:29:26:d0:19:cf:ce:cf:f8:67:
                    0e:56:37:be:ca:a6:40:47:da:d2:69:13:64:8e:74:
                    44:29:48:ec:f1:cf:7f:46:f8:c4:da:16:09:ed:ab:
                    6f:fb:ff:92:47:bb:a3:fd:02:9c:8c:4d:08:87:20:
                    5c:5e:b9:cf:fe:cc:bb:f5:cb:84:5b:63:13:63:7c:
                    37:d1:7c:1d:a9:15:81:c7:78:af:56:04:5f:b5:e3:
                    93:d9:a6:ea:ef:6b:6e:03:75:b2:fe:e0:71:ca:6e:
                    19:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:9C:64:25:A0:CF:99:A4:A1:47:0A:C0:42:C7:20:F3:92:55:F9:F5
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.192.0/22
                  150.241.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         01:58:93:f3:80:21:6b:a8:41:16:e1:52:c5:78:e1:a0:de:fe:
         00:0b:5b:2b:2e:ad:d3:b2:46:b0:bf:38:80:54:be:ea:3a:7d:
         5e:9d:ed:51:e2:69:55:46:c1:8b:7d:8e:06:cd:2a:95:0d:fa:
         5e:8a:36:ba:e0:f5:ef:26:fa:ad:17:91:76:36:11:01:2f:a5:
         c1:03:01:f1:66:70:23:58:cb:f1:82:d7:68:a0:d4:b4:0c:ec:
         45:a0:aa:dc:a3:41:29:8a:5d:47:88:88:e1:97:5b:66:6f:c6:
         bc:64:a0:2e:83:a3:bd:f8:da:e1:13:8c:04:33:f0:b6:26:66:
         f3:c1:cd:8c:19:b4:2b:1c:e5:09:43:16:03:61:9b:b6:54:8c:
         df:c4:41:12:c0:e3:7b:26:1b:d1:f9:8e:08:97:8d:d5:6f:db:
         f3:52:a4:7b:c8:b1:06:74:c2:0c:b7:45:f3:d5:9f:16:d6:16:
         6b:ee:ff:50:b1:7c:89:06:69:8a:d0:ef:dc:aa:10:90:12:21:
         38:80:58:eb:2b:4e:f2:55:2e:df:50:c5:0d:79:9c:7f:94:9b:
         52:27:92:ea:b8:87:b6:73:f8:2c:bc:2e:c2:47:28:eb:20:46:
         f5:98:8a:ae:99:7c:f3:03:8d:fc:a5:75:72:bd:59:1b:71:d2:
         cb:70:b7:3c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUDEu5k2UDtGd5k1n+R3lHiqe/GUcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMTQxMDMxMDFaFw0yNjAzMTMxMDM2MDFaMDMxMTAvBgNV
BAMTKDg4OUM2NDI1QTBDRjk5QTRBMTQ3MEFDMDQyQzcyMEYzOTI1NUY5RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8Y3Y2RTuqfQQSXmZV7BQ9iEQy
eWcG5j8BxBuand2IfJm5NA6MyMqbuiS9jyNL6eZqblqQDmyDRSoM0BZQfvTRvYx4
JN+5w4BMzQweW+F5l2omZqh5cE5i3ob0QPrhxy99okK5xx3RCnCMy0GPqdVgIA45
vfQmCO+lQEkgRnXqE1JNIABekHHJYma13tFMHXQKwH6TheRESwRnmSkm0BnPzs/4
Zw5WN77KpkBH2tJpE2SOdEQpSOzxz39G+MTaFgntq2/7/5JHu6P9ApyMTQiHIFxe
uc/+zLv1y4RbYxNjfDfRfB2pFYHHeK9WBF+145PZpurva24DdbL+4HHKbhlPAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUiJxkJaDPmaShRwrAQscg85JV+fUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY3Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKW8cAD
BAOW8dgwDQYJKoZIhvcNAQELBQADggEBAAFYk/OAIWuoQRbhUsV44aDe/gALWysu
rdOyRrC/OIBUvuo6fV6d7VHiaVVGwYt9jgbNKpUN+l6KNrrg9e8m+q0XkXY2EQEv
pcEDAfFmcCNYy/GC12ig1LQM7EWgqtyjQSmKXUeIiOGXW2ZvxrxkoC6Do7342uET
jAQz8LYmZvPBzYwZtCsc5QlDFgNhm7ZUjN/EQRLA43smG9H5jgiXjdVv2/NSpHvI
sQZ0wgy3RfPVnxbWFmvu/1CxfIkGaYrQ79yqEJASITiAWOsrTvJVLt9QxQ15nH+U
m1Inkuq4h7Zz+Cy8LsJHKOsgRvWYiq6ZfPMDjfyldXK9WRtx0stwtzw=
-----END CERTIFICATE-----