Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS37191.roa
File:                     AS37191.roa (raw, json)
Hash identifier:          rY9RmzDxLrsjj1+HDoSlDlsMYEeBtoFc8fG4iORRDp0=
Subject key identifier:   4E:7C:13:8A:59:BB:C6:B6:B6:43:27:5A:2E:AD:EB:98:CF:D7:4B:A1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       608481A51032924C4645EFE609C25359DA7A5796
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS37191.roa
Signing time:             Tue 08 Apr 2025 18:54:01 +0000
ROA not before:           Tue 08 Apr 2025 18:49:01 +0000
ROA not after:            Tue 07 Apr 2026 18:54:01 +0000
asID:                     37191
IP address blocks:        146.103.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 14:05:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:84:81:a5:10:32:92:4c:46:45:ef:e6:09:c2:53:59:da:7a:57:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  8 18:49:01 2025 GMT
            Not After : Apr  7 18:54:01 2026 GMT
        Subject: CN=4E7C138A59BBC6B6B643275A2EADEB98CFD74BA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:46:7a:d8:89:a4:6e:ae:98:64:9b:02:23:90:
                    e8:29:9b:b2:3d:23:95:0b:56:05:9a:17:7f:fd:41:
                    ef:32:cf:28:8f:3a:3e:6c:7f:11:57:aa:26:72:61:
                    01:62:fa:1a:1f:8b:17:f1:d4:82:82:6f:27:7d:d9:
                    c8:f9:c5:c9:16:88:a7:b4:cf:4f:96:84:05:a6:bc:
                    14:82:f3:ae:33:3b:59:22:ea:ea:ab:d7:66:83:d8:
                    f5:8c:d0:fb:41:be:cd:90:e4:e9:a0:73:0e:87:5e:
                    ad:b4:7b:5f:c1:ab:c8:e7:0f:c1:03:93:27:ba:1b:
                    39:4b:73:8f:93:e4:11:f1:a8:4d:0c:74:27:91:82:
                    f4:b4:06:89:a2:f6:4c:b1:00:1b:4a:b3:33:a4:ee:
                    2b:5e:47:1e:bd:0a:49:14:87:23:58:1a:0c:2b:f7:
                    6f:f7:b8:8d:d2:49:bd:9f:0f:86:97:73:6c:23:d5:
                    05:01:b5:cb:ab:0f:88:e6:36:33:a1:24:a5:83:b4:
                    d6:b9:87:1a:c5:0b:98:e8:7e:7d:d0:41:18:4e:2f:
                    a6:0a:11:35:6e:23:d3:e4:d4:d9:ed:a1:77:74:4f:
                    57:b3:13:b4:69:ad:fb:34:c8:c5:4f:7b:9d:0c:89:
                    84:a2:58:14:b7:37:71:74:4c:aa:7f:bc:ab:73:a3:
                    13:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:7C:13:8A:59:BB:C6:B6:B6:43:27:5A:2E:AD:EB:98:CF:D7:4B:A1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS37191.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:a8:17:e1:5f:87:46:fd:6b:d0:a9:d3:f8:9a:52:c1:1d:88:
         47:82:3c:b7:58:f5:5a:36:8e:e1:d6:97:11:11:04:0a:c5:dd:
         81:47:ab:5a:eb:a3:5f:ec:2f:54:79:0a:b7:da:ea:96:18:81:
         ec:be:48:78:47:d5:07:be:c6:32:45:b1:49:12:16:9a:37:86:
         18:97:ba:df:9c:ae:55:8c:86:91:88:bc:8f:fb:9e:95:ed:e3:
         f2:60:0d:a6:a6:37:46:2c:b0:6a:d7:c2:0c:ac:c6:ac:19:f3:
         ca:fd:d4:84:ee:a0:9b:ee:c4:2f:e9:14:0f:b7:c5:a7:a6:e6:
         a9:97:6f:24:2d:24:04:d0:46:b8:7c:8b:b2:be:b6:c1:36:bb:
         62:b2:c9:bd:fa:1b:dc:ba:06:d5:80:a8:ba:8d:d3:97:e8:37:
         a4:0e:ad:35:66:38:96:14:76:a6:d7:a0:2e:ba:d5:d8:53:fb:
         35:df:02:26:00:b9:5f:de:c3:eb:fd:1c:a6:37:f5:d1:14:b9:
         56:c7:20:e5:22:cb:72:8f:f3:27:b9:b8:53:9f:aa:21:3e:00:
         da:d2:4b:11:e1:16:fa:0c:2c:4c:2d:38:78:5a:89:32:f3:f0:
         c5:bf:1b:b7:1e:07:27:8d:8e:40:0b:b4:51:42:8a:77:45:20:
         18:b0:ca:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYISBpRAykkxGRe/mCcJTWdp6V5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MDgxODQ5MDFaFw0yNjA0MDcxODU0MDFaMDMxMTAvBgNV
BAMTKDRFN0MxMzhBNTlCQkM2QjZCNjQzMjc1QTJFQURFQjk4Q0ZENzRCQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqRnrYiaRurphkmwIjkOgpm7I9
I5ULVgWaF3/9Qe8yzyiPOj5sfxFXqiZyYQFi+hofixfx1IKCbyd92cj5xckWiKe0
z0+WhAWmvBSC864zO1ki6uqr12aD2PWM0PtBvs2Q5Omgcw6HXq20e1/Bq8jnD8ED
kye6GzlLc4+T5BHxqE0MdCeRgvS0Bomi9kyxABtKszOk7iteRx69CkkUhyNYGgwr
92/3uI3SSb2fD4aXc2wj1QUBtcurD4jmNjOhJKWDtNa5hxrFC5jofn3QQRhOL6YK
ETVuI9Pk1NntoXd0T1ezE7Rprfs0yMVPe50MiYSiWBS3N3F0TKp/vKtzoxNFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUTnwTilm7xra2QydaLq3rmM/XS6EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzcxOTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZyAw
DQYJKoZIhvcNAQELBQADggEBAImoF+Ffh0b9a9Cp0/iaUsEdiEeCPLdY9Vo2juHW
lxERBArF3YFHq1rro1/sL1R5Crfa6pYYgey+SHhH1Qe+xjJFsUkSFpo3hhiXut+c
rlWMhpGIvI/7npXt4/JgDaamN0YssGrXwgysxqwZ88r91ITuoJvuxC/pFA+3xaem
5qmXbyQtJATQRrh8i7K+tsE2u2Kyyb36G9y6BtWAqLqN05foN6QOrTVmOJYUdqbX
oC661dhT+zXfAiYAuV/ew+v9HKY39dEUuVbHIOUiy3KP8ye5uFOfqiE+ANrSSxHh
FvoMLEwtOHhaiTLz8MW/G7ceByeNjkALtFFCindFIBiwyiU=
-----END CERTIFICATE-----