Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS37988.roa
File:                     AS37988.roa (raw, json)
Hash identifier:          CVrMG1+7pz5+OzqhxjgTk0OsCUKjKeQqHLALAGM7Jzk=
Subject key identifier:   37:FD:80:8E:CD:D4:5F:3E:76:68:F5:E3:F7:5C:D5:39:F4:A7:2F:EE
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       4DCDF849B0F6510E3CC89514F8B42C8B975ED87E
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS37988.roa
Signing time:             Tue 06 Jan 2026 01:00:46 +0000
ROA not before:           Tue 06 Jan 2026 00:55:46 +0000
ROA not after:            Tue 05 Jan 2027 01:00:46 +0000
asID:                     37988
IP address blocks:        2a14:7581:d000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 00:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:cd:f8:49:b0:f6:51:0e:3c:c8:95:14:f8:b4:2c:8b:97:5e:d8:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan  6 00:55:46 2026 GMT
            Not After : Jan  5 01:00:46 2027 GMT
        Subject: CN=37FD808ECDD45F3E7668F5E3F75CD539F4A72FEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2a:17:78:68:2f:2f:fa:00:71:d4:c6:06:bb:
                    e1:fe:68:c5:fb:cb:da:4d:71:3e:70:69:9c:09:99:
                    9f:64:f5:63:45:f2:cd:9b:f5:5a:58:ce:dd:66:b4:
                    29:c4:6e:ec:3e:17:b6:c7:f5:75:5c:e2:dd:53:e2:
                    67:b4:e5:66:aa:d2:8a:c7:4c:9f:87:91:0d:99:b4:
                    97:51:29:c8:52:3b:46:23:e7:4c:47:43:e4:26:22:
                    e2:c9:c3:fa:e5:b7:b9:f9:bd:35:5a:9b:be:40:f5:
                    e8:bd:16:2d:9d:0b:16:8c:ea:c5:ec:f7:fe:b3:cc:
                    24:ab:c1:a7:42:74:88:f0:1e:9e:3f:d4:dc:6b:1b:
                    16:b7:07:5b:d6:19:c5:03:4c:28:0e:21:0f:24:95:
                    30:6b:28:0d:32:f4:cf:19:f6:ce:8f:1f:ed:cb:2a:
                    33:a5:af:c5:c1:64:66:a0:d2:0b:0d:1f:38:4b:36:
                    c9:39:75:ee:05:e9:5c:50:fc:16:6c:ec:ac:66:25:
                    f0:73:18:91:13:61:6f:8a:b1:54:44:31:52:18:dd:
                    7c:89:a7:33:c2:8f:fd:db:8f:75:cc:4b:94:3f:10:
                    f5:8f:6c:85:db:e2:b6:0a:aa:1d:29:c5:d4:40:6d:
                    32:1e:40:31:45:1d:de:fc:6f:cf:c6:dc:d1:c8:a1:
                    54:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:FD:80:8E:CD:D4:5F:3E:76:68:F5:E3:F7:5C:D5:39:F4:A7:2F:EE
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS37988.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:d000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8d:d3:d6:cd:75:34:f5:9d:65:89:a0:f7:7d:e9:a4:72:77:3f:
         57:e7:37:b0:60:96:48:99:f2:8a:7b:17:d4:bf:ba:d1:de:34:
         26:80:96:07:18:38:e2:87:c2:7f:46:c1:b0:86:8c:0d:16:2d:
         af:98:9b:cb:88:80:e2:12:41:e6:b7:8b:e9:b5:a1:f3:54:b9:
         f5:07:29:8b:83:1d:87:f4:b0:16:97:fc:6d:75:e1:18:0d:91:
         04:2c:db:4a:3e:d0:58:35:69:4d:d3:75:a9:f5:af:ef:61:76:
         a4:ad:9d:5d:fa:8b:5e:e6:cd:53:31:20:cb:68:ac:6b:4d:af:
         29:68:c8:1c:d2:3d:8c:31:8b:16:57:04:3b:97:08:39:85:c0:
         47:68:41:9c:ec:37:f3:db:38:87:29:b2:b1:1f:98:db:1e:35:
         03:ad:12:6e:53:c6:18:53:4d:e6:78:b6:37:66:26:34:23:08:
         30:c8:62:63:57:2d:5e:35:72:e9:8f:40:db:6c:5b:60:a3:4f:
         96:62:a7:3d:d1:11:ed:09:7f:d8:46:ed:a1:b0:8a:49:9b:71:
         96:6d:88:3b:5a:25:21:b7:2f:7b:fb:0a:9c:5c:9a:87:40:cb:
         be:61:fc:a9:06:40:56:c4:64:47:87:38:78:b3:6f:6e:96:76:
         17:0b:3f:f4
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUTc34SbD2UQ48yJUU+LQsi5de2H4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMDYwMDU1NDZaFw0yNzAxMDUwMTAwNDZaMDMxMTAvBgNV
BAMTKDM3RkQ4MDhFQ0RENDVGM0U3NjY4RjVFM0Y3NUNENTM5RjRBNzJGRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrKhd4aC8v+gBx1MYGu+H+aMX7
y9pNcT5waZwJmZ9k9WNF8s2b9VpYzt1mtCnEbuw+F7bH9XVc4t1T4me05Waq0orH
TJ+HkQ2ZtJdRKchSO0Yj50xHQ+QmIuLJw/rlt7n5vTVam75A9ei9Fi2dCxaM6sXs
9/6zzCSrwadCdIjwHp4/1NxrGxa3B1vWGcUDTCgOIQ8klTBrKA0y9M8Z9s6PH+3L
KjOlr8XBZGag0gsNHzhLNsk5de4F6VxQ/BZs7KxmJfBzGJETYW+KsVREMVIY3XyJ
pzPCj/3bj3XMS5Q/EPWPbIXb4rYKqh0pxdRAbTIeQDFFHd78b8/G3NHIoVTVAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUN/2Ajs3UXz52aPXj91zVOfSnL+4wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMzc5ODgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqFHWB
0DANBgkqhkiG9w0BAQsFAAOCAQEAjdPWzXU09Z1liaD3femkcnc/V+c3sGCWSJny
insX1L+60d40JoCWBxg44ofCf0bBsIaMDRYtr5iby4iA4hJB5reL6bWh81S59Qcp
i4Mdh/SwFpf8bXXhGA2RBCzbSj7QWDVpTdN1qfWv72F2pK2dXfqLXubNUzEgy2is
a02vKWjIHNI9jDGLFlcEO5cIOYXAR2hBnOw389s4hymysR+Y2x41A60SblPGGFNN
5ni2N2YmNCMIMMhiY1ctXjVy6Y9A22xbYKNPlmKnPdER7Ql/2EbtobCKSZtxlm2I
O1olIbcve/sKnFyah0DLvmH8qQZAVsRkR4c4eLNvbpZ2Fws/9A==
-----END CERTIFICATE-----