Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS37191.roa
File:                     AS37191.roa (raw, json)
Hash identifier:          HMpE8YoQABY5JPOKSXX2irzi5n9wKwn0soiQFa9+Cec=
Subject key identifier:   B9:6A:21:61:C3:08:D0:77:B6:AD:77:11:D4:29:C3:91:2C:B5:E5:D4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       75665701E7BBC1862D20472E388AD071D20A583E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS37191.roa
Signing time:             Tue 10 Feb 2026 07:13:38 +0000
ROA not before:           Tue 10 Feb 2026 07:08:38 +0000
ROA not after:            Tue 09 Feb 2027 07:13:38 +0000
asID:                     37191
IP address blocks:        146.103.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:66:57:01:e7:bb:c1:86:2d:20:47:2e:38:8a:d0:71:d2:0a:58:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 10 07:08:38 2026 GMT
            Not After : Feb  9 07:13:38 2027 GMT
        Subject: CN=B96A2161C308D077B6AD7711D429C3912CB5E5D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:16:69:b5:35:ad:e5:ee:68:9b:82:c0:d5:d3:
                    e6:f1:c3:02:88:c1:0b:40:25:24:8d:86:28:65:3c:
                    33:41:bc:1d:6b:93:4a:b4:4d:60:13:b0:14:cc:55:
                    48:34:44:2a:74:41:3d:fc:8c:ba:b5:1f:83:ba:d0:
                    0f:d1:99:e5:ff:07:c6:d3:a0:d7:b7:95:f3:ce:c2:
                    7b:48:7c:40:d2:f1:1d:4e:7a:2e:ce:82:6f:1e:73:
                    7d:d4:f3:c9:4a:75:77:ae:7f:3d:cd:32:dc:7c:ff:
                    77:37:9e:7f:30:7f:61:bd:18:01:4c:03:e5:9c:c5:
                    dc:1a:4b:69:e4:c5:da:fc:b7:f7:e0:11:fb:80:9e:
                    8f:6b:d8:72:c3:f9:60:34:7f:73:d3:9b:eb:44:74:
                    64:71:d6:14:3b:5f:24:0a:0d:2a:1e:26:48:ed:d3:
                    77:1d:6e:28:3f:42:12:24:52:de:64:b1:54:43:20:
                    8a:91:98:77:2e:4c:6e:b0:53:f2:cf:94:a3:83:94:
                    e3:00:cd:cf:89:2b:c6:fa:c9:d3:51:71:69:1c:77:
                    43:68:51:db:e7:a0:22:54:1c:e1:c0:94:47:de:c8:
                    e4:29:6b:cb:b5:a0:e1:3d:00:84:85:cb:43:25:6d:
                    cb:63:61:fa:77:53:5a:c1:62:9b:79:14:d8:73:5f:
                    be:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6A:21:61:C3:08:D0:77:B6:AD:77:11:D4:29:C3:91:2C:B5:E5:D4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS37191.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:48:b6:c1:54:c9:f0:aa:a0:af:c2:cf:06:77:a8:46:39:cc:
         f9:53:bb:6e:94:b8:70:59:f7:15:d0:1c:18:46:7d:44:e5:59:
         65:e3:20:6f:33:15:e1:16:6b:7e:b9:e3:81:f1:79:4b:3e:73:
         7f:5c:9c:83:a8:3c:a6:6b:6e:32:a7:94:4a:c6:05:65:ee:1b:
         38:30:b0:84:7c:89:b7:bb:fa:7c:c0:ef:90:2d:10:68:16:51:
         51:25:cd:9c:31:32:5e:64:4e:9d:0c:86:f2:91:f6:cc:a0:ce:
         02:01:d1:54:19:b7:dc:14:49:35:4c:c1:c7:66:b1:c0:9b:ba:
         0d:9c:8d:e3:c7:0c:60:e6:ad:c8:e6:49:0e:46:8a:72:f9:3a:
         00:6e:9d:8d:fa:9b:57:a6:1c:88:d5:3b:be:fa:bc:34:4e:31:
         0e:9c:c2:6f:6c:e7:8d:08:a3:48:ce:f0:cd:7b:7e:03:73:b8:
         d8:9d:d1:17:12:36:c7:cd:4d:ef:ca:78:70:6c:f4:6e:e7:b4:
         f8:08:f0:d5:10:40:25:79:14:34:b6:b5:23:d2:35:bf:7d:6b:
         54:0d:7a:65:cd:84:ee:ea:cb:2a:f9:78:d9:f7:74:b5:e5:84:
         1b:4b:66:f9:b1:6b:5a:23:3f:fa:06:00:06:e2:cd:71:cb:82:
         fc:c6:32:bc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdWZXAee7wYYtIEcuOIrQcdIKWD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTAwNzA4MzhaFw0yNzAyMDkwNzEzMzhaMDMxMTAvBgNV
BAMTKEI5NkEyMTYxQzMwOEQwNzdCNkFENzcxMUQ0MjlDMzkxMkNCNUU1RDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Fmm1Na3l7mibgsDV0+bxwwKI
wQtAJSSNhihlPDNBvB1rk0q0TWATsBTMVUg0RCp0QT38jLq1H4O60A/RmeX/B8bT
oNe3lfPOwntIfEDS8R1Oei7Ogm8ec33U88lKdXeufz3NMtx8/3c3nn8wf2G9GAFM
A+WcxdwaS2nkxdr8t/fgEfuAno9r2HLD+WA0f3PTm+tEdGRx1hQ7XyQKDSoeJkjt
03cdbig/QhIkUt5ksVRDIIqRmHcuTG6wU/LPlKODlOMAzc+JK8b6ydNRcWkcd0No
UdvnoCJUHOHAlEfeyOQpa8u1oOE9AISFy0MlbctjYfp3U1rBYpt5FNhzX77LAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUuWohYcMI0He2rXcR1CnDkSy15dQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzcxOTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZyAw
DQYJKoZIhvcNAQELBQADggEBABpItsFUyfCqoK/CzwZ3qEY5zPlTu26UuHBZ9xXQ
HBhGfUTlWWXjIG8zFeEWa36544HxeUs+c39cnIOoPKZrbjKnlErGBWXuGzgwsIR8
ibe7+nzA75AtEGgWUVElzZwxMl5kTp0MhvKR9sygzgIB0VQZt9wUSTVMwcdmscCb
ug2cjePHDGDmrcjmSQ5GinL5OgBunY36m1emHIjVO776vDROMQ6cwm9s540Io0jO
8M17fgNzuNid0RcSNsfNTe/KeHBs9G7ntPgI8NUQQCV5FDS2tSPSNb99a1QNemXN
hO7qyyr5eNn3dLXlhBtLZvmxa1ojP/oGAAbizXHLgvzGMrw=
-----END CERTIFICATE-----