Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS46475.roa
File:                     AS46475.roa (raw, json)
Hash identifier:          CzAo5cy/BWhaYsgEjtEH37KBKgNzzGNxxLYJU/PG9jo=
Subject key identifier:   5B:69:FB:9A:7E:C4:08:EF:F0:56:8C:11:72:60:77:C8:53:1B:CB:D1
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       22AD7BDAC7723CFA1ADD1A3340AF6A964DF483E0
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS46475.roa
Signing time:             Mon 18 May 2026 12:50:10 +0000
ROA not before:           Mon 18 May 2026 12:45:10 +0000
ROA not after:            Mon 17 May 2027 12:50:10 +0000
asID:                     46475
IP address blocks:        91.124.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 19 May 2026 20:58:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:ad:7b:da:c7:72:3c:fa:1a:dd:1a:33:40:af:6a:96:4d:f4:83:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 18 12:45:10 2026 GMT
            Not After : May 17 12:50:10 2027 GMT
        Subject: CN=5B69FB9A7EC408EFF0568C11726077C8531BCBD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e2:5d:a9:bd:bb:dd:2f:9c:b1:f6:a9:d6:54:
                    a1:23:bd:b0:8e:0a:96:f2:29:36:5a:9a:4e:ec:bb:
                    d0:be:8d:0f:10:45:74:5e:c5:c4:fd:61:ce:fc:a5:
                    37:8d:4e:11:5b:14:42:ef:38:d7:e6:88:e8:1a:60:
                    09:fc:10:17:34:03:af:bf:0f:1b:37:94:f1:df:46:
                    d4:18:96:39:f5:e8:f7:36:3e:cb:38:40:77:6f:b4:
                    92:56:bb:b9:d6:5c:4b:9a:cf:78:54:f6:ee:b2:2e:
                    73:81:4c:b8:05:7b:f7:8a:46:a7:5f:38:f7:4a:f9:
                    35:d6:8e:83:0e:10:20:e3:5e:77:7b:18:d5:82:10:
                    52:98:a9:36:a8:6e:47:b6:d9:93:b0:a7:d7:14:bc:
                    9e:c2:84:4e:0f:12:b8:5f:65:f7:f3:ee:d9:67:3f:
                    62:96:8c:77:b4:c5:9e:e5:6d:e8:62:29:a3:29:6e:
                    8b:92:88:2d:56:8b:1f:f5:b9:c5:1b:25:79:68:26:
                    ee:1d:4d:43:5c:d1:a6:39:06:e7:d0:07:b1:29:a3:
                    ad:4c:42:d5:be:46:01:59:15:6b:0d:04:94:30:f8:
                    a8:7e:52:e0:a0:2c:97:7e:f5:7a:d5:a6:92:c6:ac:
                    9b:65:18:c6:02:31:95:04:76:95:38:26:fa:1e:91:
                    c4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:69:FB:9A:7E:C4:08:EF:F0:56:8C:11:72:60:77:C8:53:1B:CB:D1
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS46475.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:2d:47:70:12:21:d2:7b:fe:d4:89:6e:1a:74:e5:5a:1c:6d:
         ca:a5:36:09:50:b5:4f:cc:c8:6f:1e:42:d9:0a:4a:22:ba:29:
         ca:c5:8a:bf:78:72:b7:13:19:41:50:0c:dc:d0:e4:ef:ac:c0:
         d2:b2:bd:8d:99:a1:45:6b:11:67:a6:79:0d:62:97:97:2b:4e:
         12:70:25:41:e3:8b:13:d9:02:ef:c2:6a:9e:3b:59:d4:b6:d2:
         26:4c:4d:da:1f:2c:e2:c6:ad:33:93:f2:d6:8b:bb:49:5f:e0:
         9c:4d:3d:70:a2:16:99:fb:c1:ad:d1:a3:ea:b5:ea:f8:22:3b:
         c0:a1:b8:a6:19:d3:57:cf:c4:2e:ed:99:10:3a:2c:d1:10:ef:
         84:e9:b5:f4:e3:a0:80:9f:8f:d5:dd:6a:e8:fe:de:80:03:91:
         07:ec:84:7e:06:a0:25:12:80:32:ab:3f:27:f6:6a:f5:db:80:
         21:fe:9c:f3:c0:b6:fa:b1:84:70:2d:a2:c3:f8:ab:13:1c:9d:
         5c:ca:90:04:5e:e2:b2:33:26:38:cf:44:36:01:9f:51:4f:ef:
         36:03:c1:d2:7e:df:08:69:ba:c2:8c:af:dd:0d:4c:b2:29:25:
         92:7b:f6:e0:a6:4a:96:45:92:78:db:58:1a:40:5c:43:cb:e4:
         5b:92:d9:7a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUIq172sdyPPoa3RozQK9qlk30g+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MTgxMjQ1MTBaFw0yNzA1MTcxMjUwMTBaMDMxMTAvBgNV
BAMTKDVCNjlGQjlBN0VDNDA4RUZGMDU2OEMxMTcyNjA3N0M4NTMxQkNCRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU4l2pvbvdL5yx9qnWVKEjvbCO
CpbyKTZamk7su9C+jQ8QRXRexcT9Yc78pTeNThFbFELvONfmiOgaYAn8EBc0A6+/
Dxs3lPHfRtQYljn16Pc2Pss4QHdvtJJWu7nWXEuaz3hU9u6yLnOBTLgFe/eKRqdf
OPdK+TXWjoMOECDjXnd7GNWCEFKYqTaobke22ZOwp9cUvJ7ChE4PErhfZffz7tln
P2KWjHe0xZ7lbehiKaMpbouSiC1Wix/1ucUbJXloJu4dTUNc0aY5BufQB7Epo61M
QtW+RgFZFWsNBJQw+Kh+UuCgLJd+9XrVppLGrJtlGMYCMZUEdpU4JvoekcShAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUW2n7mn7ECO/wVowRcmB3yFMby9EwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDY0NzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfO0w
DQYJKoZIhvcNAQELBQADggEBAAMtR3ASIdJ7/tSJbhp05VocbcqlNglQtU/MyG8e
QtkKSiK6KcrFir94crcTGUFQDNzQ5O+swNKyvY2ZoUVrEWemeQ1il5crThJwJUHj
ixPZAu/Cap47WdS20iZMTdofLOLGrTOT8taLu0lf4JxNPXCiFpn7wa3Ro+q16vgi
O8ChuKYZ01fPxC7tmRA6LNEQ74TptfTjoICfj9Xdauj+3oADkQfshH4GoCUSgDKr
Pyf2avXbgCH+nPPAtvqxhHAtosP4qxMcnVzKkARe4rIzJjjPRDYBn1FP7zYDwdJ+
3whpusKMr90NTLIpJZJ79uCmSpZFknjbWBpAXEPL5FuS2Xo=
-----END CERTIFICATE-----