Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS37191.roa
File:                     AS37191.roa (raw, json)
Hash identifier:          KhtDsrK/tX2g05UsE11UCSHeIIXREVck4jP0vWkK09E=
Subject key identifier:   05:80:D0:92:A0:16:06:21:2F:BE:33:D5:74:1A:97:35:0A:42:95:04
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0ECFCAC32EDD75A36CBCEDB1FADFD7A353BA2503
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS37191.roa
Signing time:             Thu 09 Apr 2026 11:29:25 +0000
ROA not before:           Thu 09 Apr 2026 11:24:25 +0000
ROA not after:            Thu 08 Apr 2027 11:29:25 +0000
asID:                     37191
IP address blocks:        82.41.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:cf:ca:c3:2e:dd:75:a3:6c:bc:ed:b1:fa:df:d7:a3:53:ba:25:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  9 11:24:25 2026 GMT
            Not After : Apr  8 11:29:25 2027 GMT
        Subject: CN=0580D092A01606212FBE33D5741A97350A429504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e9:51:d0:42:b0:5c:c9:a1:5e:5d:a3:d4:f4:
                    85:36:4a:e8:2b:dc:ba:44:69:f3:07:f0:65:06:46:
                    57:83:26:be:fc:c6:94:16:7d:5c:83:b5:3c:2a:07:
                    d0:73:28:49:71:84:d0:94:39:1a:b7:46:55:a2:22:
                    40:d1:35:df:62:23:54:49:cd:35:7c:09:d5:ed:14:
                    45:21:9e:1f:05:24:4a:ef:b7:1f:b3:17:46:19:fe:
                    69:af:93:77:a3:6a:a3:0c:d6:da:df:66:8c:29:f0:
                    0a:60:c3:fe:a7:59:58:67:fa:f5:aa:57:b1:59:5c:
                    b6:16:95:f0:9f:92:39:da:d6:ff:43:e8:9e:6b:da:
                    51:f3:eb:3c:87:0b:a5:e5:7d:8e:a0:08:4c:38:db:
                    24:bd:74:a7:76:b5:d4:78:4c:fd:d9:d7:f6:a9:31:
                    b0:29:ed:c4:a5:bb:51:6b:b6:ad:fa:6b:7d:a4:5b:
                    e6:cc:59:39:eb:15:09:31:55:f5:9c:4b:41:49:bd:
                    52:89:eb:69:da:66:64:5c:1d:58:2b:e3:6b:41:cc:
                    6f:40:a0:bc:96:a0:7f:21:e3:4e:0b:20:1e:e8:9d:
                    c0:b4:1d:f9:1b:98:1e:85:9c:90:9b:90:0e:73:ca:
                    e4:18:42:93:13:27:ab:91:04:4d:bd:ed:ea:86:f8:
                    24:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:80:D0:92:A0:16:06:21:2F:BE:33:D5:74:1A:97:35:0A:42:95:04
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS37191.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d0:f2:91:fb:e0:a4:77:9b:b8:90:7c:9f:dd:04:d8:1b:96:
         29:d2:56:b3:08:cf:28:33:69:5f:91:51:b7:fe:f8:dc:66:33:
         81:f9:90:7e:3a:8f:50:7d:5f:25:ec:64:9b:e8:c0:a6:3b:9f:
         d1:2c:1b:69:c1:bc:e9:ea:dc:d1:01:82:94:75:f7:e7:2b:6e:
         f2:65:21:ac:8d:c8:55:04:e9:db:3a:c4:75:0d:63:f5:47:6f:
         f4:3e:1c:ba:fc:d4:6c:44:fd:04:9d:61:86:1f:10:da:06:0d:
         2b:04:8b:86:6e:99:e3:1c:1a:80:66:cf:5b:5f:8a:91:83:89:
         7e:42:0d:71:88:13:b1:49:14:22:5d:2b:05:ed:38:eb:17:39:
         65:24:21:43:02:e7:13:69:13:a1:c0:8a:e6:74:86:7f:43:e5:
         14:19:3a:b0:84:b5:d6:3a:75:ba:4f:14:38:a6:99:d0:f6:45:
         63:79:53:3f:5c:d3:35:da:f1:ab:11:e1:c2:fe:a3:35:48:0d:
         6a:cb:d6:a8:17:53:66:cc:ba:3c:70:c4:08:d2:99:bf:38:c6:
         97:30:be:eb:c6:df:bd:c1:c8:24:fc:80:ea:c8:24:1e:19:0c:
         72:ad:95:db:81:93:c5:1d:1b:04:55:9d:8a:d8:d1:75:0a:4f:
         94:f5:ef:53
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDs/Kwy7ddaNsvO2x+t/Xo1O6JQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDkxMTI0MjVaFw0yNzA0MDgxMTI5MjVaMDMxMTAvBgNV
BAMTKDA1ODBEMDkyQTAxNjA2MjEyRkJFMzNENTc0MUE5NzM1MEE0Mjk1MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA6VHQQrBcyaFeXaPU9IU2Sugr
3LpEafMH8GUGRleDJr78xpQWfVyDtTwqB9BzKElxhNCUORq3RlWiIkDRNd9iI1RJ
zTV8CdXtFEUhnh8FJErvtx+zF0YZ/mmvk3ejaqMM1trfZowp8Apgw/6nWVhn+vWq
V7FZXLYWlfCfkjna1v9D6J5r2lHz6zyHC6XlfY6gCEw42yS9dKd2tdR4TP3Z1/ap
MbAp7cSlu1Frtq36a32kW+bMWTnrFQkxVfWcS0FJvVKJ62naZmRcHVgr42tBzG9A
oLyWoH8h404LIB7oncC0HfkbmB6FnJCbkA5zyuQYQpMTJ6uRBE297eqG+CQTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUBYDQkqAWBiEvvjPVdBqXNQpClQQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzcxOTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSKY4w
DQYJKoZIhvcNAQELBQADggEBABbQ8pH74KR3m7iQfJ/dBNgblinSVrMIzygzaV+R
Ubf++NxmM4H5kH46j1B9XyXsZJvowKY7n9EsG2nBvOnq3NEBgpR19+crbvJlIayN
yFUE6ds6xHUNY/VHb/Q+HLr81GxE/QSdYYYfENoGDSsEi4ZumeMcGoBmz1tfipGD
iX5CDXGIE7FJFCJdKwXtOOsXOWUkIUMC5xNpE6HAiuZ0hn9D5RQZOrCEtdY6dbpP
FDimmdD2RWN5Uz9c0zXa8asR4cL+ozVIDWrL1qgXU2bMujxwxAjSmb84xpcwvuvG
373ByCT8gOrIJB4ZDHKtlduBk8UdGwRVnYrY0XUKT5T171M=
-----END CERTIFICATE-----