Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46841.roa
File:                     AS46841.roa (raw, json)
Hash identifier:          tISkp4FbNiijsMFJNE9WwGG9ovnkWnJQdO7XKfG7Aig=
Subject key identifier:   F5:E1:24:78:E6:BF:21:56:8F:24:B7:D8:9A:16:23:36:4B:3B:23:17
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       07D0CBD4135D5D327CB2D44E896FF9B3C3A8E4F0
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46841.roa
Signing time:             Tue 09 Jun 2026 13:29:24 +0000
ROA not before:           Tue 09 Jun 2026 13:24:24 +0000
ROA not after:            Tue 08 Jun 2027 13:29:24 +0000
asID:                     46841
IP address blocks:        193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:d0:cb:d4:13:5d:5d:32:7c:b2:d4:4e:89:6f:f9:b3:c3:a8:e4:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun  9 13:24:24 2026 GMT
            Not After : Jun  8 13:29:24 2027 GMT
        Subject: CN=F5E12478E6BF21568F24B7D89A1623364B3B2317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8d:38:ed:b4:e2:93:26:a3:17:06:d2:63:f1:
                    9a:06:bd:e9:9d:eb:29:cf:ef:d8:d8:ba:d4:7a:99:
                    69:b7:62:30:61:1b:ab:63:af:ad:10:cb:71:af:d2:
                    fa:c3:62:cf:7f:2a:62:50:5f:4a:43:48:c8:95:19:
                    85:96:af:0c:0a:cb:9b:07:a4:87:1d:fc:ca:ee:17:
                    87:8c:6c:a2:a6:0f:75:91:22:65:d9:76:bb:6b:61:
                    81:2e:65:51:f5:88:c7:73:41:12:9b:35:f4:1f:f4:
                    51:29:e8:7b:02:9a:4b:ae:90:25:9d:9a:3e:90:56:
                    0c:32:62:2c:ec:01:11:02:87:38:54:05:69:82:da:
                    fa:51:75:81:c8:45:c2:aa:4d:00:af:4f:de:3c:d3:
                    9b:2d:0a:0f:56:82:9f:df:6c:bc:30:e7:22:97:43:
                    3b:43:38:67:5b:11:cc:1a:e4:1d:03:88:82:83:56:
                    05:1a:c7:b9:82:ce:ee:ad:3e:f1:39:39:db:a0:cd:
                    12:ce:66:c4:51:82:77:a8:91:47:59:7e:10:cb:87:
                    99:cc:a0:c7:51:88:b9:ae:58:a4:23:5f:82:a0:2f:
                    8e:14:38:2f:f4:61:86:cb:e9:ff:86:27:6c:93:05:
                    04:37:48:e5:eb:71:35:d4:fd:bf:aa:32:96:b1:a7:
                    e8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E1:24:78:E6:BF:21:56:8F:24:B7:D8:9A:16:23:36:4B:3B:23:17
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46841.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:f6:a5:e7:1e:79:a8:a9:e2:bc:cf:2e:d2:26:5e:a1:3b:97:
         38:58:af:97:f6:82:df:04:d7:90:33:0d:4a:3b:ee:94:68:b8:
         d1:7f:2f:12:76:93:52:91:fc:91:3c:7c:2c:1f:7e:cd:ab:0b:
         5b:b6:85:8c:69:a5:80:f9:ce:a8:e6:97:20:f9:53:04:46:de:
         ff:b9:ec:1e:58:89:8e:99:6c:42:a7:31:3c:1f:0f:96:f0:a4:
         61:28:09:7d:00:a3:fe:2d:87:67:05:21:65:c8:ab:68:a5:5b:
         a5:9d:19:8f:04:ca:5a:9c:c8:3e:2d:3d:c5:21:e5:5c:1c:8e:
         3c:af:27:bf:d6:12:4f:8f:93:ac:4b:f9:83:5c:c8:9a:1d:f9:
         75:9f:db:c5:9e:e3:56:32:f1:15:ba:9e:af:2c:67:9b:7b:77:
         7a:fe:be:7c:00:be:8c:fa:44:11:45:a9:c5:f3:e0:c9:10:28:
         06:18:b6:16:87:57:89:b5:80:fa:22:d0:50:a4:dd:6a:35:da:
         64:28:36:58:95:36:23:b8:5e:75:33:0c:1b:74:23:39:e2:8f:
         66:f5:73:be:14:24:71:65:19:70:20:89:47:9e:3b:22:fe:01:
         63:35:19:07:67:b2:b7:9a:75:fb:e4:8a:bf:03:e9:cc:e2:1c:
         3d:1f:8b:fa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUB9DL1BNdXTJ8stROiW/5s8Oo5PAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MDkxMzI0MjRaFw0yNzA2MDgxMzI5MjRaMDMxMTAvBgNV
BAMTKEY1RTEyNDc4RTZCRjIxNTY4RjI0QjdEODlBMTYyMzM2NEIzQjIzMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKjTjttOKTJqMXBtJj8ZoGvemd
6ynP79jYutR6mWm3YjBhG6tjr60Qy3Gv0vrDYs9/KmJQX0pDSMiVGYWWrwwKy5sH
pIcd/MruF4eMbKKmD3WRImXZdrtrYYEuZVH1iMdzQRKbNfQf9FEp6HsCmkuukCWd
mj6QVgwyYizsAREChzhUBWmC2vpRdYHIRcKqTQCvT94805stCg9Wgp/fbLww5yKX
QztDOGdbEcwa5B0DiIKDVgUax7mCzu6tPvE5OdugzRLOZsRRgneokUdZfhDLh5nM
oMdRiLmuWKQjX4KgL44UOC/0YYbL6f+GJ2yTBQQ3SOXrcTXU/b+qMpaxp+ivAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU9eEkeOa/IVaPJLfYmhYjNks7IxcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDY4NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBl7Uw
DQYJKoZIhvcNAQELBQADggEBAGD2peceeaip4rzPLtImXqE7lzhYr5f2gt8E15Az
DUo77pRouNF/LxJ2k1KR/JE8fCwffs2rC1u2hYxppYD5zqjmlyD5UwRG3v+57B5Y
iY6ZbEKnMTwfD5bwpGEoCX0Ao/4th2cFIWXIq2ilW6WdGY8EylqcyD4tPcUh5Vwc
jjyvJ7/WEk+Pk6xL+YNcyJod+XWf28We41Yy8RW6nq8sZ5t7d3r+vnwAvoz6RBFF
qcXz4MkQKAYYthaHV4m1gPoi0FCk3Wo12mQoNliVNiO4XnUzDBt0Iznij2b1c74U
JHFlGXAgiUeeOyL+AWM1GQdnsreadfvkir8D6cziHD0fi/o=
-----END CERTIFICATE-----