Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/4nCS3yJcUAi5JrThzjtLIzzourM.roa
File:                     4nCS3yJcUAi5JrThzjtLIzzourM.roa (raw, json)
Hash identifier:          UJoY2jzWce2RClEU6oRS8O+I8laUw5oEqmUWTdetQF4=
Subject key identifier:   E2:70:92:DF:22:5C:50:08:B9:26:B4:E1:CE:3B:4B:23:3C:E8:BA:B3
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       019EA944B0DDCA6970A9F54D0D91931093A4
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/4nCS3yJcUAi5JrThzjtLIzzourM.roa
Signing time:             Mon 08 Jun 2026 22:05:11 +0000
ROA not before:           Mon 08 Jun 2026 22:05:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        46.20.108.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:44:b0:dd:ca:69:70:a9:f5:4d:0d:91:93:10:93:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jun  8 22:05:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e27092df225c5008b926b4e1ce3b4b233ce8bab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4e:51:4d:19:87:6e:5c:9c:d3:67:2a:02:bf:
                    fc:bd:17:1a:e4:0b:2f:23:2d:db:07:de:cd:e9:f6:
                    92:d3:19:95:40:f7:cf:79:83:92:2a:69:5f:a9:22:
                    a0:f0:ff:48:5b:c5:08:60:6e:69:20:da:bd:03:d8:
                    68:99:0b:c8:c7:f4:e2:13:0c:0d:84:90:2a:7e:01:
                    f4:0c:ac:8e:98:9a:c6:d5:0d:69:94:92:a1:73:7b:
                    07:29:9c:5d:39:e6:2a:e7:94:5e:56:d3:5e:90:68:
                    d4:d7:19:26:9a:fd:0c:38:18:65:b3:e5:50:7c:5f:
                    44:75:bb:e3:b4:be:21:69:b1:d1:5f:da:28:0a:f5:
                    9f:e0:18:d7:66:98:06:8f:d7:e4:6b:2d:ed:55:a6:
                    d6:78:84:09:22:90:54:45:58:76:95:40:01:34:10:
                    74:50:d7:0f:13:54:f2:d4:a8:25:2f:4f:aa:b9:85:
                    46:c2:b8:0b:f0:61:7c:8c:c8:28:df:c0:f8:8b:5d:
                    30:73:88:7f:37:0d:cd:8c:37:a6:0f:60:c5:ce:f6:
                    a2:42:4a:2b:7e:3c:46:40:56:49:79:45:2e:c6:4c:
                    b9:0e:8a:8d:c8:88:71:e3:39:72:b1:a0:51:bc:14:
                    6a:e9:42:e5:1d:dc:a5:7a:c8:6e:55:3c:e1:a3:3c:
                    9a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:70:92:DF:22:5C:50:08:B9:26:B4:E1:CE:3B:4B:23:3C:E8:BA:B3
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/4nCS3yJcUAi5JrThzjtLIzzourM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.108.0/24
                  46.20.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:df:31:e3:4a:0a:59:6b:c7:61:67:68:6b:4d:6c:5b:9c:ad:
         bf:14:78:25:65:01:20:f6:47:95:51:60:f1:ab:f9:00:b4:77:
         87:b9:19:fd:d4:50:13:98:15:3d:47:2b:f5:fa:7c:bf:c7:83:
         d4:2b:c0:25:d8:88:89:b1:06:43:49:6e:e9:fb:fc:12:d2:20:
         c5:95:4a:46:54:eb:68:eb:65:ab:5c:4b:87:00:c5:60:42:57:
         41:47:10:17:73:69:39:05:f5:09:3e:b0:f6:f0:17:7c:70:77:
         da:a1:91:01:18:39:cd:f3:ec:15:f9:62:6c:3c:33:9e:8a:db:
         12:a9:d2:20:81:ee:78:c9:92:1f:47:74:6d:2f:71:d0:a5:c5:
         7f:72:02:6d:8e:3e:69:ad:4f:e3:a3:1c:3a:8f:35:aa:20:82:
         ca:69:57:db:dc:f2:37:3c:7c:7e:2e:1f:12:54:4f:36:f5:1e:
         eb:f3:cd:a6:fa:dd:a9:c0:d9:ff:2c:f7:cc:85:79:f6:67:5a:
         f5:06:1d:d4:3c:5d:25:25:ff:60:db:a4:b8:bb:bd:b7:06:4b:
         cf:6e:9e:de:0a:a5:08:a5:09:c6:d7:8e:5d:f4:f9:84:74:fa:
         21:0e:a6:bd:81:d8:56:19:88:ab:47:f6:30:b3:c8:13:84:df:
         48:e0:9d:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6pRLDdymlwqfVNDZGTEJOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjYwNjA4MjIwNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjcwOTJkZjIyNWM1MDA4YjkyNmI0ZTFjZTNiNGIyMzNjZThiYWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnU5RTRmHblyc02cqAr/8vRca5Asv
Iy3bB97N6faS0xmVQPfPeYOSKmlfqSKg8P9IW8UIYG5pINq9A9homQvIx/TiEwwN
hJAqfgH0DKyOmJrG1Q1plJKhc3sHKZxdOeYq55ReVtNekGjU1xkmmv0MOBhls+VQ
fF9EdbvjtL4habHRX9ooCvWf4BjXZpgGj9fkay3tVabWeIQJIpBURVh2lUABNBB0
UNcPE1Ty1KglL0+quYVGwrgL8GF8jMgo38D4i10wc4h/Nw3NjDemD2DFzvaiQkor
fjxGQFZJeUUuxky5DoqNyIhx4zlysaBRvBRq6ULlHdyleshuVTzhozyaIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJwkt8iXFAIuSa04c47SyM86LqzMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvNG5DUzN5SmNVQWk1SnJUaHpqdExJenpvdXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALhRsAwQA
LhRuMA0GCSqGSIb3DQEBCwUAA4IBAQA+3zHjSgpZa8dhZ2hrTWxbnK2/FHglZQEg
9keVUWDxq/kAtHeHuRn91FATmBU9Ryv1+ny/x4PUK8Al2IiJsQZDSW7p+/wS0iDF
lUpGVOto62WrXEuHAMVgQldBRxAXc2k5BfUJPrD28Bd8cHfaoZEBGDnN8+wV+WJs
PDOeitsSqdIgge54yZIfR3RtL3HQpcV/cgJtjj5prU/joxw6jzWqIILKaVfb3PI3
PHx+Lh8SVE829R7r882m+t2pwNn/LPfMhXn2Z1r1Bh3UPF0lJf9g26S4u723BkvP
bp7eCqUIpQnG145d9PmEdPohDqa9gdhWGYirR/Yws8gThN9I4J0t
-----END CERTIFICATE-----