Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tH7ZoiLh6gRUL9Gs2cnZyWesYjc.roa
File:                     tH7ZoiLh6gRUL9Gs2cnZyWesYjc.roa (raw, json)
Hash identifier:          U3429rwxK89G630cDCsrGbSaGQ+Z35/1YLSnRymt9KI=
Subject key identifier:   B4:7E:D9:A2:22:E1:EA:04:54:2F:D1:AC:D9:C9:D9:C9:67:AC:62:37
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E658E7EB158C73B30D4BB6CB2D5B77746
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tH7ZoiLh6gRUL9Gs2cnZyWesYjc.roa
Signing time:             Tue 26 May 2026 18:31:37 +0000
ROA not before:           Tue 26 May 2026 18:31:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        37.46.20.0/24 maxlen: 24
                          37.46.21.0/24 maxlen: 24
                          37.46.22.0/24 maxlen: 24
                          37.46.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:65:8e:7e:b1:58:c7:3b:30:d4:bb:6c:b2:d5:b7:77:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 26 18:31:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b47ed9a222e1ea04542fd1acd9c9d9c967ac6237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:11:c9:05:f9:1a:4d:90:88:96:9d:47:7c:84:
                    b8:72:48:c7:77:b3:56:be:57:31:90:c5:6e:4c:95:
                    29:bb:4e:9c:de:52:4b:4b:d3:f7:96:0c:4a:a7:d0:
                    17:c0:71:c7:76:61:2b:0f:aa:92:ae:c5:69:54:96:
                    93:37:2d:49:73:e6:aa:f6:2a:fc:e0:cf:07:bb:02:
                    f2:37:13:eb:6e:d9:26:c7:11:44:30:72:a8:50:fe:
                    ee:13:14:4a:a9:00:28:94:60:80:ea:fa:d7:ec:9d:
                    26:79:1d:58:94:a9:71:6a:24:4d:af:2f:2f:f2:e5:
                    be:41:49:00:27:d4:32:8c:01:cb:d0:f0:65:02:6d:
                    34:d9:12:1d:05:15:0a:a5:81:35:2a:56:46:1d:6e:
                    0f:60:4f:8e:de:5f:02:ab:fc:5c:b5:b5:cd:c0:4c:
                    6c:9c:87:f4:ca:b4:1b:9e:5b:f3:c7:09:28:6f:7b:
                    29:a1:3e:e4:50:b1:29:06:60:d8:71:75:66:1c:5d:
                    30:8f:56:dd:09:fa:07:8d:a2:42:a9:bb:d1:25:dc:
                    82:2e:0b:2e:21:0a:46:1f:1d:91:d4:a4:d5:89:0e:
                    7a:3f:eb:4a:42:02:27:c4:c4:80:b3:1a:5f:b1:c9:
                    3e:0d:7d:18:bd:7d:3b:ae:ab:b9:13:ab:ce:43:18:
                    4f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:7E:D9:A2:22:E1:EA:04:54:2F:D1:AC:D9:C9:D9:C9:67:AC:62:37
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tH7ZoiLh6gRUL9Gs2cnZyWesYjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:5c:94:9f:d9:7f:ca:ce:87:b0:ad:2a:7c:06:1c:74:9d:b7:
         2f:c6:08:f5:8b:35:47:af:3e:d2:25:03:17:52:a0:04:87:57:
         16:8a:1b:ae:d5:91:69:b5:04:fd:29:fd:af:a7:12:e9:f0:71:
         8a:1b:6d:4f:38:40:86:2f:ad:23:bf:d5:75:53:83:e2:ab:d2:
         15:45:be:57:a9:1a:00:7b:5d:b1:58:b9:4a:82:44:b0:52:8a:
         26:99:7b:fa:b0:25:ce:d7:06:07:6f:ca:9e:95:c0:10:d4:53:
         3c:92:7f:56:d4:cb:2c:9a:99:1b:f6:b8:bd:c3:15:93:d6:aa:
         b4:5a:f9:13:52:44:80:fd:f8:fe:62:e7:de:d2:df:fc:23:bc:
         b9:66:8a:aa:cc:78:9f:2b:e3:bb:f4:cc:36:3b:cf:2f:62:e8:
         35:02:b6:b0:5b:14:fc:c5:32:58:64:ef:41:22:2d:08:7d:15:
         9a:22:2d:75:6d:32:7d:ef:66:bb:46:73:cd:03:0c:99:a2:04:
         5a:94:7f:9e:a5:de:c4:86:04:24:ee:db:2a:bc:90:ca:70:bb:
         ff:25:19:60:c6:55:8c:d3:aa:7a:77:6f:c9:8a:e4:44:82:45:
         e9:6e:d4:99:fd:bd:4c:9f:75:02:4a:46:d6:5b:39:70:a2:9a:
         bd:b8:ff:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ljn6xWMc7MNS7bLLVt3dGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI2MTgzMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDdlZDlhMjIyZTFlYTA0NTQyZmQxYWNkOWM5ZDljOTY3YWM2MjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRHJBfkaTZCIlp1HfIS4ckjHd7NW
vlcxkMVuTJUpu06c3lJLS9P3lgxKp9AXwHHHdmErD6qSrsVpVJaTNy1Jc+aq9ir8
4M8HuwLyNxPrbtkmxxFEMHKoUP7uExRKqQAolGCA6vrX7J0meR1YlKlxaiRNry8v
8uW+QUkAJ9QyjAHL0PBlAm002RIdBRUKpYE1KlZGHW4PYE+O3l8Cq/xctbXNwExs
nIf0yrQbnlvzxwkob3spoT7kULEpBmDYcXVmHF0wj1bdCfoHjaJCqbvRJdyCLgsu
IQpGHx2R1KTViQ56P+tKQgInxMSAsxpfsck+DX0YvX07rqu5E6vOQxhPvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLR+2aIi4eoEVC/RrNnJ2clnrGI3MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdEg3Wm9pTGg2Z1JVTDlHczJjblp5V2VzWWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJS4UMA0G
CSqGSIb3DQEBCwUAA4IBAQBcXJSf2X/KzoewrSp8Bhx0nbcvxgj1izVHrz7SJQMX
UqAEh1cWihuu1ZFptQT9Kf2vpxLp8HGKG21POECGL60jv9V1U4Piq9IVRb5XqRoA
e12xWLlKgkSwUoommXv6sCXO1wYHb8qelcAQ1FM8kn9W1Mssmpkb9ri9wxWT1qq0
WvkTUkSA/fj+Yufe0t/8I7y5ZoqqzHifK+O79Mw2O88vYug1ArawWxT8xTJYZO9B
Ii0IfRWaIi11bTJ972a7RnPNAwyZogRalH+epd7EhgQk7tsqvJDKcLv/JRlgxlWM
06p6d2/JiuREgkXpbtSZ/b1Mn3UCSkbWWzlwopq9uP/9
-----END CERTIFICATE-----