Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS4637.roa
File:                     AS4637.roa (raw, json)
Hash identifier:          RTc98x1U0nAy0MN8fCA7LdqOFosZAS+wlo4nfNPtzj4=
Subject key identifier:   D9:0F:EE:11:D1:9F:07:48:48:72:BD:3F:70:01:94:92:89:39:48:06
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       024C9B98B799F366CBFEA8C71A7BF1A5891F0031
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS4637.roa
Signing time:             Mon 08 Jun 2026 16:47:30 +0000
ROA not before:           Mon 08 Jun 2026 16:42:30 +0000
ROA not after:            Mon 07 Jun 2027 16:47:30 +0000
asID:                     4637
IP address blocks:        95.134.136.0/24 maxlen: 24
                          95.134.137.0/24 maxlen: 24
                          95.134.138.0/24 maxlen: 24
                          95.134.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:4c:9b:98:b7:99:f3:66:cb:fe:a8:c7:1a:7b:f1:a5:89:1f:00:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  8 16:42:30 2026 GMT
            Not After : Jun  7 16:47:30 2027 GMT
        Subject: CN=D90FEE11D19F07484872BD3F7001949289394806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:45:b4:6a:35:ad:72:82:2d:a2:3d:71:42:a2:
                    af:c8:dd:36:22:c2:67:e0:37:43:e4:6f:0d:33:f0:
                    f8:37:c6:ed:99:ae:1b:33:c3:64:0d:2e:7b:56:e7:
                    5c:66:68:b7:ab:12:a4:40:ae:01:0e:f7:84:41:b8:
                    47:d3:e9:ba:ef:a6:29:8b:51:e2:18:92:10:46:a6:
                    a1:0e:b6:d8:03:50:6c:92:1f:5b:1a:38:bb:dd:76:
                    58:fb:a4:66:9b:02:c1:46:63:6b:26:0d:4f:10:47:
                    46:30:b9:69:a9:34:66:65:50:bc:a2:a9:9c:5e:4b:
                    54:b5:a3:53:2c:0b:82:52:89:02:38:07:66:e1:48:
                    bf:7c:de:10:12:4e:7d:f2:7e:af:59:21:c7:2a:8d:
                    d6:97:d0:ba:cc:cf:54:ea:af:b7:21:49:eb:47:0a:
                    3c:eb:27:5e:90:3c:71:13:b1:00:a1:e0:18:5f:f1:
                    54:da:73:53:56:eb:62:09:31:4d:32:81:02:09:80:
                    8b:d0:e0:80:70:03:f8:57:a3:00:4f:eb:f2:37:81:
                    c9:69:7d:63:cb:08:0f:75:bd:3b:18:48:99:90:66:
                    54:48:f5:16:c7:57:24:d9:70:cd:73:0d:fb:1e:fd:
                    f6:fe:7f:4e:bc:5a:61:20:12:58:11:d9:8c:9d:b5:
                    cd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:0F:EE:11:D1:9F:07:48:48:72:BD:3F:70:01:94:92:89:39:48:06
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS4637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:61:e2:b4:a1:5a:83:b4:dd:a6:d1:3b:70:14:30:b4:5b:2a:
         db:3d:19:64:26:da:d3:41:62:1b:9f:cb:ad:3f:34:07:3a:95:
         b7:bc:41:1f:0d:04:cf:cd:ca:67:2a:de:ad:09:75:80:f6:e6:
         a4:a8:35:d9:e7:3d:51:13:88:05:36:7a:82:6a:87:2f:1d:61:
         1d:4b:8d:67:fd:4b:8f:9f:61:6c:f1:1f:6e:0a:37:a2:f6:af:
         3a:0c:49:6f:bf:a9:5a:6d:20:3c:d3:02:a1:51:ba:ec:90:9f:
         61:7e:b4:ce:f6:26:d6:35:c7:f5:9d:f0:44:42:18:45:16:de:
         a5:2a:b7:84:e3:b6:87:0d:72:58:57:df:1b:f7:0c:31:e2:89:
         e7:b7:85:7a:e1:fd:7d:8c:af:11:b0:55:e9:e5:aa:61:19:77:
         e6:22:a9:6f:8c:27:63:11:d8:14:0f:5e:f8:df:cb:4c:21:f8:
         c9:79:16:f7:6c:2a:61:96:40:20:9c:d6:fe:a7:57:2d:7d:24:
         6c:93:d1:f0:34:1f:99:5d:23:91:6b:17:b7:1c:d0:2f:af:b3:
         11:42:17:6d:7b:2c:80:51:39:e1:73:87:91:73:03:5d:86:3f:
         8a:1d:48:77:ad:db:41:b0:d3:e0:9e:f1:b9:6b:af:fc:27:74:
         f8:9c:74:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUAkybmLeZ82bL/qjHGnvxpYkfADEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDgxNjQyMzBaFw0yNzA2MDcxNjQ3MzBaMDMxMTAvBgNV
BAMTKEQ5MEZFRTExRDE5RjA3NDg0ODcyQkQzRjcwMDE5NDkyODkzOTQ4MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjRbRqNa1ygi2iPXFCoq/I3TYi
wmfgN0Pkbw0z8Pg3xu2Zrhszw2QNLntW51xmaLerEqRArgEO94RBuEfT6brvpimL
UeIYkhBGpqEOttgDUGySH1saOLvddlj7pGabAsFGY2smDU8QR0YwuWmpNGZlULyi
qZxeS1S1o1MsC4JSiQI4B2bhSL983hASTn3yfq9ZIccqjdaX0LrMz1Tqr7chSetH
CjzrJ16QPHETsQCh4Bhf8VTac1NW62IJMU0ygQIJgIvQ4IBwA/hXowBP6/I3gclp
fWPLCA91vTsYSJmQZlRI9RbHVyTZcM1zDfse/fb+f068WmEgElgR2Yydtc1XAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU2Q/uEdGfB0hIcr0/cAGUkok5SAYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDYzNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAl+GiDAN
BgkqhkiG9w0BAQsFAAOCAQEAQmHitKFag7TdptE7cBQwtFsq2z0ZZCba00FiG5/L
rT80BzqVt7xBHw0Ez83KZyrerQl1gPbmpKg12ec9UROIBTZ6gmqHLx1hHUuNZ/1L
j59hbPEfbgo3ovavOgxJb7+pWm0gPNMCoVG67JCfYX60zvYm1jXH9Z3wREIYRRbe
pSq3hOO2hw1yWFffG/cMMeKJ57eFeuH9fYyvEbBV6eWqYRl35iKpb4wnYxHYFA9e
+N/LTCH4yXkW92wqYZZAIJzW/qdXLX0kbJPR8DQfmV0jkWsXtxzQL6+zEUIXbXss
gFE54XOHkXMDXYY/ih1Id63bQbDT4J7xuWuv/Cd0+Jx0lQ==
-----END CERTIFICATE-----