Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa
File:                     AS26737.roa (raw, json)
Hash identifier:          B7//lJgk5IwmjUlbHmkj5SicQz9s1QVwdgn3w30MhEM=
Subject key identifier:   52:49:12:17:68:50:B8:33:B1:17:A4:C8:FF:4D:C9:67:79:F0:8C:64
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0A19272309C0411C9B2D9EC4466E9AEFD60539E7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa
Signing time:             Mon 16 Mar 2026 00:46:48 +0000
ROA not before:           Mon 16 Mar 2026 00:41:48 +0000
ROA not after:            Mon 15 Mar 2027 00:46:48 +0000
asID:                     26737
IP address blocks:        150.241.216.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:19:27:23:09:c0:41:1c:9b:2d:9e:c4:46:6e:9a:ef:d6:05:39:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 16 00:41:48 2026 GMT
            Not After : Mar 15 00:46:48 2027 GMT
        Subject: CN=524912176850B833B117A4C8FF4DC96779F08C64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:82:64:62:c6:0c:48:0a:35:43:9a:0e:52:22:
                    72:59:ee:f4:dc:aa:dd:1d:aa:08:cf:76:d0:6b:83:
                    b0:bc:af:80:bd:6b:ae:b8:10:24:f2:3e:a3:c5:9e:
                    1e:7d:c9:cf:63:5b:04:20:06:84:9f:8d:ea:b9:71:
                    a9:a0:99:f9:f8:a9:7b:a0:0e:b4:64:4c:22:f7:12:
                    c7:e8:22:81:a1:a5:42:4e:ab:bf:29:97:71:30:3d:
                    36:50:c0:9f:85:d1:24:e9:12:26:ea:31:80:c6:fa:
                    ab:bb:9c:bd:d5:2d:b9:37:74:79:ce:29:d2:0f:22:
                    f0:37:91:18:46:db:13:4a:1a:dd:64:91:d6:e6:4b:
                    27:eb:31:fd:c7:51:52:2a:5c:80:6f:78:d9:db:9b:
                    57:bc:0a:87:06:f7:9d:83:e3:84:43:4c:2e:7e:dd:
                    3e:33:29:7f:5d:b9:48:d4:00:b5:6e:39:11:7a:41:
                    00:01:13:88:87:d7:5e:15:d9:6c:4a:74:61:87:1e:
                    f9:cc:e3:01:65:8f:90:41:d0:a6:60:9e:b1:ca:d0:
                    23:7e:ee:58:e0:cd:cc:54:1e:86:64:6a:0c:b0:35:
                    bc:ae:d1:10:95:52:93:d4:3f:7e:e7:dd:af:cd:a8:
                    b0:b9:97:db:29:90:53:d2:72:42:b9:c2:24:49:d2:
                    cb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:49:12:17:68:50:B8:33:B1:17:A4:C8:FF:4D:C9:67:79:F0:8C:64
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a1:e0:41:38:ca:2d:c9:16:24:35:7a:2d:b3:f6:7a:50:13:30:
         bf:96:d4:48:ee:d7:86:3c:77:b9:1e:ec:50:89:05:d3:9f:cb:
         aa:32:3d:0a:d6:e2:71:71:bf:7a:00:bc:45:c2:5f:82:1a:f0:
         39:e5:61:5d:2c:95:87:03:45:43:cd:c9:2b:df:99:a4:b4:7d:
         22:e9:06:62:23:fa:37:fb:0b:9a:1b:03:48:bb:25:dd:4a:1f:
         f4:8c:09:af:3a:79:5a:29:34:7a:3b:8e:47:21:5d:40:ca:f1:
         7a:9a:09:a6:3e:a2:9c:52:d3:93:b6:88:06:9b:82:d6:46:10:
         ff:29:fc:a8:4a:b5:20:cd:f3:72:7b:04:15:6c:16:61:b0:59:
         9c:7e:b2:5d:d7:f6:89:45:1a:10:6b:56:36:0b:6c:f7:8b:ce:
         c2:17:bb:22:e3:b3:40:23:d9:ab:28:b4:85:3b:8d:f1:56:b0:
         36:2e:50:9c:83:6a:51:df:00:12:94:85:c6:ab:28:c3:b8:8c:
         0a:35:66:31:9d:fd:b5:9f:96:5f:76:25:06:71:b9:91:ce:26:
         8a:a6:4c:38:bf:05:50:1f:1b:3d:47:18:9c:c0:48:2f:78:45:
         f7:99:e2:74:f7:14:ba:fd:ec:92:17:60:23:c1:41:dd:30:ba:
         a2:a6:2d:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUChknIwnAQRybLZ7ERm6a79YFOecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTYwMDQxNDhaFw0yNzAzMTUwMDQ2NDhaMDMxMTAvBgNV
BAMTKDUyNDkxMjE3Njg1MEI4MzNCMTE3QTRDOEZGNERDOTY3NzlGMDhDNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJgmRixgxICjVDmg5SInJZ7vTc
qt0dqgjPdtBrg7C8r4C9a664ECTyPqPFnh59yc9jWwQgBoSfjeq5camgmfn4qXug
DrRkTCL3EsfoIoGhpUJOq78pl3EwPTZQwJ+F0STpEibqMYDG+qu7nL3VLbk3dHnO
KdIPIvA3kRhG2xNKGt1kkdbmSyfrMf3HUVIqXIBveNnbm1e8CocG952D44RDTC5+
3T4zKX9duUjUALVuORF6QQABE4iH114V2WxKdGGHHvnM4wFlj5BB0KZgnrHK0CN+
7ljgzcxUHoZkagywNbyu0RCVUpPUP37n3a/NqLC5l9spkFPSckK5wiRJ0ssTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUUkkSF2hQuDOxF6TI/03JZ3nwjGQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY3Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOW8dgw
DQYJKoZIhvcNAQELBQADggEBAKHgQTjKLckWJDV6LbP2elATML+W1Eju14Y8d7ke
7FCJBdOfy6oyPQrW4nFxv3oAvEXCX4Ia8DnlYV0slYcDRUPNySvfmaS0fSLpBmIj
+jf7C5obA0i7Jd1KH/SMCa86eVopNHo7jkchXUDK8XqaCaY+opxS05O2iAabgtZG
EP8p/KhKtSDN83J7BBVsFmGwWZx+sl3X9olFGhBrVjYLbPeLzsIXuyLjs0Aj2aso
tIU7jfFWsDYuUJyDalHfABKUhcarKMO4jAo1ZjGd/bWfll92JQZxuZHOJoqmTDi/
BVAfGz1HGJzASC94RfeZ4nT3FLr97JIXYCPBQd0wuqKmLeY=
-----END CERTIFICATE-----