Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa
File:                     AS26737.roa (raw, json)
Hash identifier:          v8CuFEAhXzvHdvVCaupTijz20gdmebT9xt+rAH0H6Oc=
Subject key identifier:   26:43:13:8E:3C:B9:79:17:6F:5D:DE:9A:33:DD:0A:DD:BE:37:43:A1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5F799CEEA860A14F0674B4A947B47F5CFBD83A87
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa
Signing time:             Mon 14 Apr 2025 00:00:35 +0000
ROA not before:           Sun 13 Apr 2025 23:55:35 +0000
ROA not after:            Mon 13 Apr 2026 00:00:35 +0000
asID:                     26737
IP address blocks:        150.241.216.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:79:9c:ee:a8:60:a1:4f:06:74:b4:a9:47:b4:7f:5c:fb:d8:3a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 13 23:55:35 2025 GMT
            Not After : Apr 13 00:00:35 2026 GMT
        Subject: CN=2643138E3CB979176F5DDE9A33DD0ADDBE3743A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d5:33:93:43:89:f3:09:61:5a:62:0b:c2:98:
                    81:99:a1:9e:76:32:67:37:44:ec:43:22:ae:c2:7b:
                    f4:1e:53:ba:44:fe:70:6f:d3:9b:1c:ac:62:23:96:
                    85:11:4c:36:72:18:6a:98:b9:40:68:ec:9d:5c:25:
                    8d:64:87:43:ea:b9:6e:d8:bd:b2:48:59:5c:53:d8:
                    70:0e:eb:87:f5:a2:ff:3f:66:3c:98:91:04:36:ac:
                    e5:67:b8:96:05:27:28:b4:5f:23:59:34:e2:75:12:
                    37:a0:af:a3:1c:a6:44:76:16:5e:73:96:07:f8:94:
                    21:84:83:fc:43:86:48:92:95:cc:7d:9a:76:33:01:
                    22:6b:f5:f8:38:7d:8c:fe:48:3d:d9:ec:a0:99:83:
                    04:2a:04:30:b4:a3:b5:fd:bc:e9:d1:7d:01:62:c7:
                    83:a3:37:30:55:63:78:57:ff:80:19:b6:12:4a:1c:
                    48:18:63:72:6c:26:1a:4f:b5:95:8a:d3:7f:84:bb:
                    56:21:eb:10:ef:eb:bd:c1:2f:0b:46:51:f1:e6:d6:
                    8b:f4:7f:64:1b:20:8f:fd:7e:60:5a:9c:b2:ca:49:
                    48:f0:10:6f:5b:10:85:64:48:11:1f:f1:8b:56:dd:
                    5a:26:ba:38:1c:d1:3d:9b:c0:e7:c2:26:b9:81:b6:
                    36:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:43:13:8E:3C:B9:79:17:6F:5D:DE:9A:33:DD:0A:DD:BE:37:43:A1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:f8:bc:de:81:f8:6c:6a:27:94:de:56:cf:5c:fc:63:86:2b:
         ee:99:bf:5a:05:5f:be:63:e1:9e:ad:ce:f1:43:48:c8:51:3a:
         1b:83:db:62:9b:e2:37:0e:e6:e0:73:df:4f:3f:24:c2:08:db:
         97:e6:4d:f5:de:7d:2f:ba:bc:bf:02:44:ac:7b:f6:c4:bc:3d:
         68:59:14:d7:49:de:f6:de:13:e6:e6:f5:b7:3a:91:5c:0a:c0:
         f9:ac:15:f6:2a:ff:bb:85:fb:5b:30:d0:3e:c9:23:39:d0:fa:
         de:3c:21:ea:59:84:a2:3c:10:4f:75:09:8f:34:86:bd:54:2d:
         7f:80:e2:a1:0e:fc:1e:90:ff:f0:0a:b3:9d:6c:ac:d3:46:ee:
         5a:60:32:2d:cc:f4:e2:39:bc:68:65:3e:b1:c7:2d:b5:f4:ab:
         77:9b:8b:0a:38:95:c0:41:fa:a0:e4:97:f8:7a:73:3f:d5:09:
         65:98:18:aa:8c:c0:6d:de:89:75:46:68:74:67:04:fd:bb:cc:
         b8:7c:5d:7d:c4:bc:f1:cb:35:66:0e:8c:98:fe:04:78:7a:2b:
         a9:ef:eb:48:ee:0e:01:31:98:32:d0:54:c8:73:f2:c8:45:4b:
         1c:e5:31:43:49:e1:19:2c:6d:a5:0f:2b:f3:dc:b1:f1:5a:e7:
         be:0f:fa:b6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUX3mc7qhgoU8GdLSpR7R/XPvYOocwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MTMyMzU1MzVaFw0yNjA0MTMwMDAwMzVaMDMxMTAvBgNV
BAMTKDI2NDMxMzhFM0NCOTc5MTc2RjVEREU5QTMzREQwQUREQkUzNzQzQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO1TOTQ4nzCWFaYgvCmIGZoZ52
Mmc3ROxDIq7Ce/QeU7pE/nBv05scrGIjloURTDZyGGqYuUBo7J1cJY1kh0PquW7Y
vbJIWVxT2HAO64f1ov8/ZjyYkQQ2rOVnuJYFJyi0XyNZNOJ1Ejegr6McpkR2Fl5z
lgf4lCGEg/xDhkiSlcx9mnYzASJr9fg4fYz+SD3Z7KCZgwQqBDC0o7X9vOnRfQFi
x4OjNzBVY3hX/4AZthJKHEgYY3JsJhpPtZWK03+Eu1Yh6xDv673BLwtGUfHm1ov0
f2QbII/9fmBanLLKSUjwEG9bEIVkSBEf8YtW3Vomujgc0T2bwOfCJrmBtjbxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUJkMTjjy5eRdvXd6aM90K3b43Q6EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY3Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOW8dgw
DQYJKoZIhvcNAQELBQADggEBADz4vN6B+GxqJ5TeVs9c/GOGK+6Zv1oFX75j4Z6t
zvFDSMhROhuD22Kb4jcO5uBz308/JMII25fmTfXefS+6vL8CRKx79sS8PWhZFNdJ
3vbeE+bm9bc6kVwKwPmsFfYq/7uF+1sw0D7JIznQ+t48IepZhKI8EE91CY80hr1U
LX+A4qEO/B6Q//AKs51srNNG7lpgMi3M9OI5vGhlPrHHLbX0q3ebiwo4lcBB+qDk
l/h6cz/VCWWYGKqMwG3eiXVGaHRnBP27zLh8XX3EvPHLNWYOjJj+BHh6K6nv60ju
DgExmDLQVMhz8shFSxzlMUNJ4RksbaUPK/PcsfFa574P+rY=
-----END CERTIFICATE-----