Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS26737.roa
File:                     AS26737.roa (raw, json)
Hash identifier:          J1ZI5+PlZjtk1vn6xJu3iQt+6yjLRAkBFOaCAgXgaPc=
Subject key identifier:   FD:3E:57:82:D6:A2:DC:13:45:62:E7:B7:AB:BB:45:50:31:AE:93:61
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       568196C16C0FBEE0EEE4250E18141E6B026CC4FB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS26737.roa
Signing time:             Thu 04 Apr 2024 21:21:50 +0000
ROA not before:           Thu 04 Apr 2024 21:16:50 +0000
ROA not after:            Thu 03 Apr 2025 21:21:50 +0000
asID:                     26737
IP address blocks:        191.101.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:81:96:c1:6c:0f:be:e0:ee:e4:25:0e:18:14:1e:6b:02:6c:c4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  4 21:16:50 2024 GMT
            Not After : Apr  3 21:21:50 2025 GMT
        Subject: CN=FD3E5782D6A2DC134562E7B7ABBB455031AE9361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ca:47:f9:85:db:ac:39:f0:a4:1f:fb:d1:8c:
                    6f:d5:32:f7:cf:3a:83:b8:31:60:99:e1:2b:8c:c7:
                    b5:39:d2:43:6e:ea:a7:69:b7:70:d6:28:b0:bd:30:
                    d1:c9:7b:66:68:c4:df:68:f9:8f:bd:82:d0:4d:c1:
                    28:77:40:d9:5b:c4:bc:53:f6:35:c9:ab:75:6a:c2:
                    0f:73:bc:1b:cd:6a:29:53:5f:a5:d0:1e:ff:1f:31:
                    ab:7e:36:f1:87:33:e8:67:60:b6:22:d9:32:57:15:
                    18:89:61:e3:10:83:b1:da:ff:d2:94:3f:74:e6:fa:
                    ce:68:1f:35:10:39:03:96:93:6d:d0:41:44:a6:2d:
                    a6:e1:cb:16:51:7d:59:96:72:a8:8b:b4:1d:98:ea:
                    44:e2:14:a9:6f:9a:c4:01:4c:d8:6b:fd:24:e9:84:
                    a9:9d:e9:37:06:c7:31:45:26:0e:bb:62:0c:a4:d4:
                    af:04:bc:96:67:d8:76:3a:d9:83:00:81:70:c9:53:
                    be:98:da:ac:5d:8f:c2:f3:ac:6b:88:cd:fd:87:e4:
                    7e:78:8f:c7:a9:2e:57:93:91:18:76:fa:fb:36:ad:
                    d1:d0:86:62:31:eb:e6:5c:17:12:7f:ed:c4:62:c9:
                    bb:d3:36:22:5a:da:20:c9:35:29:6e:3e:4f:eb:aa:
                    1e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3E:57:82:D6:A2:DC:13:45:62:E7:B7:AB:BB:45:50:31:AE:93:61
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS26737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:f3:03:be:c8:4b:42:7a:5e:1a:1e:2e:06:60:cb:3f:89:6c:
         cc:df:24:c3:67:fc:4f:9c:d3:40:06:dd:61:ec:fe:cc:bc:21:
         d8:a8:94:65:38:a3:0a:c4:3a:a1:e4:eb:86:aa:cd:d2:46:dc:
         d3:8f:5f:47:47:83:46:b1:1e:74:01:a0:4b:ca:71:33:46:73:
         66:a6:02:9e:30:05:e8:17:c0:50:80:e0:36:0e:91:30:6a:ea:
         21:39:5f:cf:e8:1c:b1:17:d4:d8:68:cd:31:c0:9b:41:0e:2f:
         0c:4e:aa:47:6c:f2:1e:1d:3f:ae:a0:2d:44:76:cc:de:11:e7:
         14:e4:4e:10:66:12:1c:b6:3b:a5:db:d6:f7:4d:b9:6d:73:9b:
         84:54:10:41:a0:9d:73:55:b7:86:66:32:75:1b:af:5e:b9:52:
         7e:1b:13:a7:07:0f:22:61:03:28:0b:39:fe:99:c0:3b:b4:25:
         a0:22:d7:fe:89:19:32:f7:ac:4b:f7:0f:28:d5:b5:8f:b9:3f:
         6a:44:a0:90:2f:db:84:ff:03:32:a6:70:1a:c0:ce:26:7b:94:
         4e:17:35:e6:d3:4a:a7:d2:e8:9d:a5:f6:e7:b2:b6:f5:58:0f:
         ac:06:28:23:e9:35:13:d7:91:95:a5:d6:3b:33:85:3b:21:c8:
         6a:89:24:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVoGWwWwPvuDu5CUOGBQeawJsxPswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MDQyMTE2NTBaFw0yNTA0MDMyMTIxNTBaMDMxMTAvBgNV
BAMTKEZEM0U1NzgyRDZBMkRDMTM0NTYyRTdCN0FCQkI0NTUwMzFBRTkzNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgykf5hdusOfCkH/vRjG/VMvfP
OoO4MWCZ4SuMx7U50kNu6qdpt3DWKLC9MNHJe2ZoxN9o+Y+9gtBNwSh3QNlbxLxT
9jXJq3Vqwg9zvBvNailTX6XQHv8fMat+NvGHM+hnYLYi2TJXFRiJYeMQg7Ha/9KU
P3Tm+s5oHzUQOQOWk23QQUSmLabhyxZRfVmWcqiLtB2Y6kTiFKlvmsQBTNhr/STp
hKmd6TcGxzFFJg67Ygyk1K8EvJZn2HY62YMAgXDJU76Y2qxdj8LzrGuIzf2H5H54
j8epLleTkRh2+vs2rdHQhmIx6+ZcFxJ/7cRiybvTNiJa2iDJNSluPk/rqh5tAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU/T5Xgtai3BNFYue3q7tFUDGuk2EwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY3Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZSkw
DQYJKoZIhvcNAQELBQADggEBAIzzA77IS0J6XhoeLgZgyz+JbMzfJMNn/E+c00AG
3WHs/sy8IdiolGU4owrEOqHk64aqzdJG3NOPX0dHg0axHnQBoEvKcTNGc2amAp4w
BegXwFCA4DYOkTBq6iE5X8/oHLEX1NhozTHAm0EOLwxOqkds8h4dP66gLUR2zN4R
5xTkThBmEhy2O6Xb1vdNuW1zm4RUEEGgnXNVt4ZmMnUbr165Un4bE6cHDyJhAygL
Of6ZwDu0JaAi1/6JGTL3rEv3DyjVtY+5P2pEoJAv24T/AzKmcBrAziZ7lE4XNebT
SqfS6J2l9ueytvVYD6wGKCPpNRPXkZWl1jszhTshyGqJJII=
-----END CERTIFICATE-----