Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS46370.roa
File:                     AS46370.roa (raw, json)
Hash identifier:          tcm+DYzBe+P2+41U5Eul4tcwmtm/05Ep2BgiwQlxA6I=
Subject key identifier:   BB:6D:46:4B:64:4A:5B:BD:A6:CD:EA:41:C7:9C:0B:E6:C4:C7:9A:5B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3A594A9D42CC6BC36CB711019D33A670D29F2460
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS46370.roa
Signing time:             Tue 21 Apr 2026 11:53:40 +0000
ROA not before:           Tue 21 Apr 2026 11:48:40 +0000
ROA not after:            Tue 20 Apr 2027 11:53:40 +0000
asID:                     46370
IP address blocks:        84.75.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 May 2026 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:59:4a:9d:42:cc:6b:c3:6c:b7:11:01:9d:33:a6:70:d2:9f:24:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 21 11:48:40 2026 GMT
            Not After : Apr 20 11:53:40 2027 GMT
        Subject: CN=BB6D464B644A5BBDA6CDEA41C79C0BE6C4C79A5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5f:b1:ef:8a:e3:72:3a:98:a5:7b:e8:94:9a:
                    01:2c:e0:1f:e1:d1:0f:79:12:cd:75:70:fc:17:20:
                    d4:3b:4e:23:90:3a:35:e7:d5:1e:a5:6a:ba:6c:b5:
                    b0:d9:fb:95:1e:19:57:3a:24:63:cd:3b:f4:d6:35:
                    61:e1:5f:42:2c:34:dc:5b:7f:d5:2a:95:bc:67:24:
                    09:34:cb:dd:9c:88:b1:8d:27:db:ea:4f:4e:5b:36:
                    0f:95:14:e1:44:92:91:2d:98:2f:3e:24:6f:a8:d9:
                    84:32:7e:d4:b5:9c:fd:da:81:86:6b:0b:53:b4:de:
                    9c:1b:02:a0:52:49:ff:46:b3:3a:0c:ca:56:d6:e0:
                    41:a8:f8:1e:c1:bf:b7:aa:3c:97:7a:2e:8a:bc:bf:
                    af:44:16:29:7c:ca:2a:62:55:b4:ff:3b:82:cb:ae:
                    c2:d5:04:09:6b:41:d2:26:1f:ce:14:48:98:d5:c9:
                    1f:5c:12:d8:9c:53:ec:f2:76:1e:8c:96:ab:d3:9d:
                    d2:76:18:52:75:d5:56:c7:fb:b8:ce:f5:09:af:40:
                    57:26:76:80:5c:13:74:c2:53:c1:24:95:1f:ee:aa:
                    74:85:7c:02:25:2e:5b:58:19:44:94:57:6f:f0:84:
                    89:00:66:22:c7:3e:e2:5c:f5:df:fd:92:f2:23:4c:
                    e6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:6D:46:4B:64:4A:5B:BD:A6:CD:EA:41:C7:9C:0B:E6:C4:C7:9A:5B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS46370.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c1:a4:fa:d7:cf:1a:80:a1:7c:a6:41:0e:d8:e9:0a:2d:f2:
         8e:39:16:8d:eb:5f:f9:15:7a:e9:78:09:58:db:43:4f:d9:c1:
         5d:4d:cf:5b:b5:c6:3f:f9:b9:fa:4f:bf:be:0e:f5:82:4e:4c:
         fb:aa:80:8a:a9:a2:d7:ba:3e:e8:2f:43:b5:28:20:04:c2:03:
         c1:8f:3e:c3:da:2b:bf:6f:2f:82:8c:ba:3b:8c:c1:a5:b9:2c:
         29:50:14:6d:f9:7b:c6:05:97:d7:2a:63:85:05:34:82:f8:33:
         65:66:97:a5:d0:36:8d:9f:7b:13:de:2c:73:6a:48:ae:a2:58:
         53:d6:ad:84:1f:4c:53:20:5b:bf:85:18:5d:69:ef:34:c2:51:
         d2:9a:d8:ff:e4:20:68:09:c2:11:d8:3d:f9:28:e1:b3:72:58:
         d7:a1:3a:32:64:0b:48:71:d0:9f:04:27:3a:b5:26:42:34:4a:
         33:9d:cd:8e:cd:8d:5a:ee:91:d6:c9:83:5e:cf:1f:69:42:ad:
         1e:c4:1e:33:b9:4f:f7:fa:ad:76:29:e0:48:55:86:2c:a3:80:
         0b:ea:cb:7a:a6:b6:6f:7d:7f:6a:93:26:07:bf:ae:03:69:ee:
         23:03:26:63:ca:39:9b:7c:35:5e:fb:3d:3f:05:59:ac:1a:41:
         3b:78:7c:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOllKnULMa8NstxEBnTOmcNKfJGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjExMTQ4NDBaFw0yNzA0MjAxMTUzNDBaMDMxMTAvBgNV
BAMTKEJCNkQ0NjRCNjQ0QTVCQkRBNkNERUE0MUM3OUMwQkU2QzRDNzlBNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZX7HviuNyOpile+iUmgEs4B/h
0Q95Es11cPwXINQ7TiOQOjXn1R6larpstbDZ+5UeGVc6JGPNO/TWNWHhX0IsNNxb
f9UqlbxnJAk0y92ciLGNJ9vqT05bNg+VFOFEkpEtmC8+JG+o2YQyftS1nP3agYZr
C1O03pwbAqBSSf9GszoMylbW4EGo+B7Bv7eqPJd6Loq8v69EFil8yipiVbT/O4LL
rsLVBAlrQdImH84USJjVyR9cEticU+zydh6MlqvTndJ2GFJ11VbH+7jO9QmvQFcm
doBcE3TCU8EklR/uqnSFfAIlLltYGUSUV2/whIkAZiLHPuJc9d/9kvIjTOadAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUu21GS2RKW72mzepBx5wL5sTHmlswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDYzNzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABUS8ww
DQYJKoZIhvcNAQELBQADggEBAFfBpPrXzxqAoXymQQ7Y6Qot8o45Fo3rX/kVeul4
CVjbQ0/ZwV1Nz1u1xj/5ufpPv74O9YJOTPuqgIqpote6PugvQ7UoIATCA8GPPsPa
K79vL4KMujuMwaW5LClQFG35e8YFl9cqY4UFNIL4M2Vml6XQNo2fexPeLHNqSK6i
WFPWrYQfTFMgW7+FGF1p7zTCUdKa2P/kIGgJwhHYPfko4bNyWNehOjJkC0hx0J8E
Jzq1JkI0SjOdzY7NjVrukdbJg17PH2lCrR7EHjO5T/f6rXYp4EhVhiyjgAvqy3qm
tm99f2qTJge/rgNp7iMDJmPKOZt8NV77PT8FWawaQTt4fCg=
-----END CERTIFICATE-----