Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS4637.roa
File:                     AS4637.roa (raw, json)
Hash identifier:          AqqQ7GtCEuVVmfwoOD/XYXwj9CcTIJqNivbENfqgp0w=
Subject key identifier:   2A:9F:00:DB:B9:DD:F6:BE:14:FC:D4:66:BD:1C:F6:F8:0B:49:17:4E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0BBBEBF42A5BC0A56C037B0B51C068F35631EF0D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS4637.roa
Signing time:             Thu 05 Feb 2026 14:45:52 +0000
ROA not before:           Thu 05 Feb 2026 14:40:52 +0000
ROA not after:            Thu 04 Feb 2027 14:45:52 +0000
asID:                     4637
IP address blocks:        185.139.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 01:06:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:bb:eb:f4:2a:5b:c0:a5:6c:03:7b:0b:51:c0:68:f3:56:31:ef:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  5 14:40:52 2026 GMT
            Not After : Feb  4 14:45:52 2027 GMT
        Subject: CN=2A9F00DBB9DDF6BE14FCD466BD1CF6F80B49174E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:92:68:52:35:0c:d0:4b:1e:11:9d:ec:f9:73:
                    18:8d:ae:9a:1c:1a:e2:bf:e0:28:b0:cd:5c:fe:be:
                    c9:ec:d8:a7:96:b9:72:82:ab:31:69:c5:33:60:c9:
                    40:63:b6:c9:36:1b:b1:15:d6:24:17:4b:dc:a4:a1:
                    20:71:f1:0f:a8:79:cc:29:ad:a5:0c:12:75:b1:4d:
                    99:de:bc:bd:07:dc:54:4a:4b:9c:a5:5c:d9:25:12:
                    5e:d5:6a:c5:43:10:0a:29:5e:89:cb:fb:98:7a:e4:
                    96:04:06:5f:ad:e7:9b:03:e7:4f:7e:fb:61:2f:c5:
                    2c:6a:40:8e:64:85:be:2b:d8:11:66:d0:2b:07:e0:
                    8a:d0:cb:5c:13:a6:92:3a:58:58:7b:c0:1a:19:0d:
                    54:5a:12:6e:d5:a3:8e:11:28:f8:6b:b8:f0:2e:83:
                    88:f9:17:7c:33:2c:de:36:08:32:17:68:db:c8:3c:
                    9e:40:10:53:1d:02:26:54:5b:b3:7c:6a:36:30:f4:
                    e7:81:9d:f0:20:33:be:dc:7a:e4:40:8e:89:f5:32:
                    74:2a:40:15:65:90:1c:4e:c4:c2:70:f4:6b:12:4f:
                    4f:7b:0d:87:e6:89:32:3a:5a:44:4f:3f:1c:61:bd:
                    51:5b:6e:39:3f:83:ce:3d:b8:02:78:d8:9c:db:07:
                    35:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9F:00:DB:B9:DD:F6:BE:14:FC:D4:66:BD:1C:F6:F8:0B:49:17:4E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS4637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:00:06:91:7c:b6:96:21:06:28:dc:50:52:a1:bd:f1:6a:91:
         60:fa:b2:68:b7:f4:a1:46:16:63:f6:45:8f:2c:5b:6a:f5:32:
         5d:4b:88:30:13:da:7d:c1:83:1e:1f:c8:61:80:50:48:51:f6:
         57:73:79:48:f5:d1:6f:c5:51:cd:ab:e4:33:43:50:df:93:78:
         40:0f:47:dd:26:70:08:1c:0c:e2:f9:b5:bf:5f:28:65:42:ab:
         2e:21:3e:ba:06:81:04:3c:97:80:7c:0c:d0:79:ac:b8:fc:1f:
         7b:7e:61:1a:1a:8b:70:4d:24:78:25:e4:70:9a:0a:75:18:3e:
         45:30:45:3f:04:a7:6a:d4:44:08:0f:a2:3f:fb:8b:38:60:66:
         30:7a:f4:9a:3d:dd:5a:0a:60:31:60:a2:b9:5e:2e:9d:02:87:
         50:5f:a2:66:be:af:f8:c2:52:db:6c:74:8f:e2:05:3a:28:e7:
         68:c7:f8:ff:cc:b3:42:5e:e3:5c:6b:30:23:1e:7e:1d:29:f9:
         65:e4:76:b3:52:96:1e:37:25:f8:09:9a:bb:6e:8e:02:16:00:
         79:b8:d9:e4:6c:8c:4c:2e:57:e1:93:04:2c:f5:94:d6:6c:b4:
         6e:79:84:66:c8:60:0a:be:cf:05:1b:20:e3:76:cd:8a:fa:70:
         43:7c:0d:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUC7vr9CpbwKVsA3sLUcBo81Yx7w0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMDUxNDQwNTJaFw0yNzAyMDQxNDQ1NTJaMDMxMTAvBgNV
BAMTKDJBOUYwMERCQjlEREY2QkUxNEZDRDQ2NkJEMUNGNkY4MEI0OTE3NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChkmhSNQzQSx4Rnez5cxiNrpoc
GuK/4CiwzVz+vsns2KeWuXKCqzFpxTNgyUBjtsk2G7EV1iQXS9ykoSBx8Q+oecwp
raUMEnWxTZnevL0H3FRKS5ylXNklEl7VasVDEAopXonL+5h65JYEBl+t55sD509+
+2EvxSxqQI5khb4r2BFm0CsH4IrQy1wTppI6WFh7wBoZDVRaEm7Vo44RKPhruPAu
g4j5F3wzLN42CDIXaNvIPJ5AEFMdAiZUW7N8ajYw9OeBnfAgM77ceuRAjon1MnQq
QBVlkBxOxMJw9GsST097DYfmiTI6WkRPPxxhvVFbbjk/g849uAJ42JzbBzVdAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUKp8A27nd9r4U/NRmvRz2+AtJF04wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDYzNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmL7jAN
BgkqhkiG9w0BAQsFAAOCAQEALgAGkXy2liEGKNxQUqG98WqRYPqyaLf0oUYWY/ZF
jyxbavUyXUuIMBPafcGDHh/IYYBQSFH2V3N5SPXRb8VRzavkM0NQ35N4QA9H3SZw
CBwM4vm1v18oZUKrLiE+ugaBBDyXgHwM0HmsuPwfe35hGhqLcE0keCXkcJoKdRg+
RTBFPwSnatRECA+iP/uLOGBmMHr0mj3dWgpgMWCiuV4unQKHUF+iZr6v+MJS22x0
j+IFOijnaMf4/8yzQl7jXGswIx5+HSn5ZeR2s1KWHjcl+Amau26OAhYAebjZ5GyM
TC5X4ZMELPWU1my0bnmEZshgCr7PBRsg43bNivpwQ3wNaQ==
-----END CERTIFICATE-----