Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46841.roa
File:                     AS46841.roa (raw, json)
Hash identifier:          5isMDsugleMkvuwUgjZipucEeMrI0fddU3uZd/+RJW8=
Subject key identifier:   94:79:68:C3:62:4F:50:7B:17:0B:B9:5F:39:D7:D2:D8:D7:B6:75:6E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       69DDDF241D5925BC41F94DC91A658B7C208E1EE0
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46841.roa
Signing time:             Fri 03 Apr 2026 09:11:01 +0000
ROA not before:           Fri 03 Apr 2026 09:06:01 +0000
ROA not after:            Fri 02 Apr 2027 09:11:01 +0000
asID:                     46841
IP address blocks:        91.206.2.0/24 maxlen: 24
                          193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:dd:df:24:1d:59:25:bc:41:f9:4d:c9:1a:65:8b:7c:20:8e:1e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  3 09:06:01 2026 GMT
            Not After : Apr  2 09:11:01 2027 GMT
        Subject: CN=947968C3624F507B170BB95F39D7D2D8D7B6756E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7d:ad:89:de:0d:a3:8d:88:61:b3:0b:37:d3:
                    e6:fb:3c:81:64:26:8a:35:ac:00:91:b3:92:91:64:
                    14:89:ea:4d:a9:b2:22:cc:71:95:a7:f1:1a:20:5a:
                    94:e4:de:87:69:58:b2:ad:a1:ad:73:5a:eb:71:52:
                    af:86:33:7a:d4:f1:dc:6c:3a:1f:0f:db:4f:1e:5a:
                    02:dc:6f:d7:68:c5:56:6d:4a:6d:4f:60:f9:70:97:
                    c6:c4:c3:2a:87:a1:dc:3c:fe:de:fe:5a:54:92:92:
                    62:ae:50:a7:eb:e6:23:72:11:a6:a1:d3:11:f9:36:
                    94:c5:b4:f4:35:3d:be:6e:91:3e:19:a8:36:f9:09:
                    3d:4b:22:cf:8d:8c:de:41:9e:5c:e1:4f:78:c3:20:
                    0a:9f:59:40:31:e1:ad:2e:24:59:a4:91:af:7e:71:
                    80:35:d7:14:d9:1f:69:72:8b:bd:3c:de:42:44:d6:
                    41:fe:1d:e5:fc:a5:e6:ca:53:fb:cb:c2:05:a5:6f:
                    07:0f:77:c0:f0:07:a1:f1:e3:c2:24:af:1c:6c:4a:
                    1d:cd:d4:66:fc:e6:2a:aa:a2:89:60:e1:9c:8a:9a:
                    11:d0:6b:fd:9c:6f:3f:c3:1d:50:8c:ca:ee:1f:d2:
                    c9:77:c3:94:79:7d:97:52:1f:02:97:26:ca:60:7d:
                    b9:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:79:68:C3:62:4F:50:7B:17:0B:B9:5F:39:D7:D2:D8:D7:B6:75:6E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46841.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.2.0/24
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a7:9b:0d:94:46:79:f6:c0:0d:c3:ed:d6:14:93:5b:b6:d3:
         47:55:07:2b:78:62:9e:f3:86:48:04:ce:3b:35:28:78:14:34:
         35:1f:c5:00:a0:77:61:b3:65:63:a0:da:24:f6:9b:60:0f:ab:
         6a:9d:3c:4f:db:c3:e7:81:ac:30:04:9e:86:e2:5d:7a:79:ed:
         a8:20:b0:d2:c7:25:02:d3:67:3d:54:76:13:56:c6:da:f3:67:
         4a:37:99:ef:83:3a:88:dc:a8:ed:b9:42:a6:a1:0d:22:1b:8e:
         5a:e5:54:70:47:af:6b:b9:bf:ae:f1:94:ac:99:dc:e4:33:52:
         f2:f2:24:8d:d6:d8:de:35:7a:00:b9:25:cd:d4:6b:48:d9:4a:
         7d:71:da:27:10:5b:dc:91:9a:c8:e1:35:d9:d6:fa:69:83:ef:
         da:d3:11:9b:43:68:65:b1:8d:a2:fd:34:69:f7:db:18:ea:3b:
         88:2b:93:9b:1b:17:16:37:79:86:55:1d:48:12:a7:65:31:cc:
         14:6e:60:c2:82:7a:00:b9:3c:c4:56:78:6e:6d:d7:54:3a:76:
         b0:55:57:e6:1a:a4:51:a8:25:df:91:c7:2d:cd:ad:cf:27:5c:
         43:aa:d4:f5:78:fe:8e:5f:d4:83:64:2c:a0:72:14:a3:02:2a:
         0d:c7:a7:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUad3fJB1ZJbxB+U3JGmWLfCCOHuAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MDMwOTA2MDFaFw0yNzA0MDIwOTExMDFaMDMxMTAvBgNV
BAMTKDk0Nzk2OEMzNjI0RjUwN0IxNzBCQjk1RjM5RDdEMkQ4RDdCNjc1NkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpfa2J3g2jjYhhsws30+b7PIFk
Joo1rACRs5KRZBSJ6k2psiLMcZWn8RogWpTk3odpWLKtoa1zWutxUq+GM3rU8dxs
Oh8P208eWgLcb9doxVZtSm1PYPlwl8bEwyqHodw8/t7+WlSSkmKuUKfr5iNyEaah
0xH5NpTFtPQ1Pb5ukT4ZqDb5CT1LIs+NjN5BnlzhT3jDIAqfWUAx4a0uJFmkka9+
cYA11xTZH2lyi7083kJE1kH+HeX8pebKU/vLwgWlbwcPd8DwB6Hx48IkrxxsSh3N
1Gb85iqqoolg4ZyKmhHQa/2cbz/DHVCMyu4f0sl3w5R5fZdSHwKXJspgfbnNAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUlHlow2JPUHsXC7lfOdfS2Ne2dW4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDY4NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABbzgID
BADBl7UwDQYJKoZIhvcNAQELBQADggEBAIWnmw2URnn2wA3D7dYUk1u200dVByt4
Yp7zhkgEzjs1KHgUNDUfxQCgd2GzZWOg2iT2m2APq2qdPE/bw+eBrDAEnobiXXp5
7aggsNLHJQLTZz1UdhNWxtrzZ0o3me+DOojcqO25QqahDSIbjlrlVHBHr2u5v67x
lKyZ3OQzUvLyJI3W2N41egC5Jc3Ua0jZSn1x2icQW9yRmsjhNdnW+mmD79rTEZtD
aGWxjaL9NGn32xjqO4grk5sbFxY3eYZVHUgSp2UxzBRuYMKCegC5PMRWeG5t11Q6
drBVV+YapFGoJd+Rxy3Nrc8nXEOq1PV4/o5f1INkLKByFKMCKg3Hp48=
-----END CERTIFICATE-----