Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa
File:                     AS13627.roa (raw, json)
Hash identifier:          JKKbfemk0Hsk90WYB2c7/jNT7zPnGuA+4BXGpWodTR4=
Subject key identifier:   B6:60:2F:DC:1B:D3:62:9C:19:2A:AD:BE:94:E6:89:00:87:4E:D8:62
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2CC923690223283F6A9979608331645AA169E33C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa
Signing time:             Sun 12 Apr 2026 17:20:25 +0000
ROA not before:           Sun 12 Apr 2026 17:15:25 +0000
ROA not after:            Sun 11 Apr 2027 17:20:25 +0000
asID:                     13627
IP address blocks:        185.137.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:c9:23:69:02:23:28:3f:6a:99:79:60:83:31:64:5a:a1:69:e3:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 12 17:15:25 2026 GMT
            Not After : Apr 11 17:20:25 2027 GMT
        Subject: CN=B6602FDC1BD3629C192AADBE94E68900874ED862
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:77:29:ef:34:84:a4:89:f3:70:8a:30:fb:c4:
                    6f:0b:08:33:be:59:d7:34:38:4e:88:a0:d5:40:f9:
                    82:36:1a:52:9f:62:5c:f9:c8:44:bf:bc:74:f9:8f:
                    23:cb:b7:a5:cc:a0:b1:22:58:5c:28:0e:6f:e6:7d:
                    68:e8:15:35:16:48:f6:76:a0:dd:24:93:30:f6:97:
                    91:87:b6:5c:b5:c8:67:d0:ee:ab:43:b0:46:bc:0a:
                    a2:bb:ea:4d:2f:2d:7f:60:73:68:c9:75:24:3b:d7:
                    22:05:e0:c0:52:b0:c6:bc:90:2b:e9:e2:06:68:6d:
                    a0:c0:92:89:1d:f3:40:a7:3a:c6:90:a6:24:97:00:
                    00:bc:25:16:1b:46:87:8a:67:ce:0d:1f:96:f5:38:
                    c7:38:8f:00:da:ff:f9:62:c6:71:4e:14:5f:13:f4:
                    3e:34:fc:00:8b:15:60:7a:1f:dc:93:76:85:c6:a1:
                    59:e1:9d:e5:81:e2:92:83:3d:a2:78:83:71:74:33:
                    b6:25:21:4d:69:fd:7e:b5:13:e0:a6:3f:b5:f4:3a:
                    db:71:41:ee:b4:a8:9d:26:7d:c8:07:7e:59:5d:48:
                    8d:ed:50:61:39:46:6f:9c:56:3f:6f:fa:e6:fc:02:
                    45:16:b4:9f:30:6b:11:37:e4:8c:1e:aa:34:b8:f2:
                    18:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:60:2F:DC:1B:D3:62:9C:19:2A:AD:BE:94:E6:89:00:87:4E:D8:62
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c2:ad:1c:83:9d:ac:72:69:96:67:79:e4:dc:21:62:60:97:
         7c:2e:6e:d8:fc:d4:46:18:fb:b0:3e:87:6b:1a:b8:ff:30:52:
         34:9a:3e:af:92:83:a6:48:1f:b2:bf:5e:1f:af:d5:4e:8b:68:
         8a:a7:ea:55:27:49:f7:67:31:8f:8c:8e:9b:49:b0:58:0c:67:
         0b:58:6e:e1:7d:60:4f:72:d0:87:31:0a:c2:fc:40:9a:9b:47:
         15:c4:84:0f:ce:68:57:06:cc:61:3e:4d:d7:a7:ee:1d:df:f0:
         8a:fb:e0:c5:ba:97:f1:c0:9f:a9:a6:6b:29:d7:41:38:61:ed:
         1b:00:3c:a6:48:30:52:4b:d4:0f:77:ed:d8:8e:6e:c7:69:87:
         61:06:5b:4c:15:f0:91:ed:e9:d1:32:8c:8f:0f:5f:7d:bc:a9:
         c2:a4:d8:05:1e:c4:99:84:8a:3f:14:78:f1:f5:4c:68:86:2c:
         55:1f:d9:5c:ca:3d:4c:1d:68:03:b3:0f:e7:d9:8f:57:a0:0b:
         ba:f3:b3:ac:37:bf:1c:20:ee:f4:61:a0:b2:43:70:07:2f:21:
         a7:6d:28:6d:b0:46:17:d5:40:bb:f0:dd:b5:ea:b6:df:28:c0:
         7b:01:10:e2:bb:5f:55:e4:db:bb:f3:78:67:08:ce:98:c6:1e:
         45:50:6c:c0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULMkjaQIjKD9qmXlggzFkWqFp4zwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTIxNzE1MjVaFw0yNzA0MTExNzIwMjVaMDMxMTAvBgNV
BAMTKEI2NjAyRkRDMUJEMzYyOUMxOTJBQURCRTk0RTY4OTAwODc0RUQ4NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYdynvNISkifNwijD7xG8LCDO+
Wdc0OE6IoNVA+YI2GlKfYlz5yES/vHT5jyPLt6XMoLEiWFwoDm/mfWjoFTUWSPZ2
oN0kkzD2l5GHtly1yGfQ7qtDsEa8CqK76k0vLX9gc2jJdSQ71yIF4MBSsMa8kCvp
4gZobaDAkokd80CnOsaQpiSXAAC8JRYbRoeKZ84NH5b1OMc4jwDa//lixnFOFF8T
9D40/ACLFWB6H9yTdoXGoVnhneWB4pKDPaJ4g3F0M7YlIU1p/X61E+CmP7X0Ottx
Qe60qJ0mfcgHflldSI3tUGE5Rm+cVj9v+ub8AkUWtJ8waxE35IweqjS48hi3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUtmAv3BvTYpwZKq2+lOaJAIdO2GIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM2Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5iV4w
DQYJKoZIhvcNAQELBQADggEBABTCrRyDnaxyaZZneeTcIWJgl3wubtj81EYY+7A+
h2sauP8wUjSaPq+Sg6ZIH7K/Xh+v1U6LaIqn6lUnSfdnMY+MjptJsFgMZwtYbuF9
YE9y0IcxCsL8QJqbRxXEhA/OaFcGzGE+Tden7h3f8Ir74MW6l/HAn6mmaynXQThh
7RsAPKZIMFJL1A937diObsdph2EGW0wV8JHt6dEyjI8PX328qcKk2AUexJmEij8U
ePH1TGiGLFUf2VzKPUwdaAOzD+fZj1egC7rzs6w3vxwg7vRhoLJDcAcvIadtKG2w
RhfVQLvw3bXqtt8owHsBEOK7X1Xk27vzeGcIzpjGHkVQbMA=
-----END CERTIFICATE-----