Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS46475.roa
File:                     AS46475.roa (raw, json)
Hash identifier:          0Jx1Bm8TjjrnaoIk5HVO/GM7e/a42zIYjtAX24Go2Co=
Subject key identifier:   98:09:40:EA:70:2A:27:6A:21:D1:DE:8B:7C:54:2F:31:5C:0A:B3:4A
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       6AA23082EF4E1AFECC8BF25ADF1EF78166BF5AA1
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS46475.roa
Signing time:             Wed 04 Mar 2026 08:30:27 +0000
ROA not before:           Wed 04 Mar 2026 08:25:27 +0000
ROA not after:            Wed 03 Mar 2027 08:30:27 +0000
asID:                     46475
IP address blocks:        147.125.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 12:44:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:a2:30:82:ef:4e:1a:fe:cc:8b:f2:5a:df:1e:f7:81:66:bf:5a:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 08:25:27 2026 GMT
            Not After : Mar  3 08:30:27 2027 GMT
        Subject: CN=980940EA702A276A21D1DE8B7C542F315C0AB34A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5e:b9:04:1a:f6:06:bc:e6:c3:57:cb:b7:8e:
                    a2:94:98:cc:61:6c:d7:5c:8a:5d:97:e0:9e:4d:9c:
                    ea:29:ee:e3:db:0b:5e:af:eb:ff:94:86:9b:a0:a2:
                    8b:41:63:5e:fe:3d:9b:73:7b:e5:65:cb:51:32:75:
                    48:b5:bf:da:96:53:1e:84:d2:de:27:ff:90:9c:1c:
                    0f:51:73:d0:9d:3d:69:9a:26:9b:9e:76:e7:dc:5f:
                    aa:4a:ec:d8:06:36:5a:49:38:74:26:19:9d:dd:e5:
                    be:8e:ba:9e:02:fe:9a:5e:2f:5f:85:fc:91:3a:75:
                    d6:93:db:12:3e:10:3f:71:c9:c7:ac:1c:0e:14:30:
                    b2:31:7f:3f:9c:a5:d5:cf:fc:e4:bc:fc:52:ec:7c:
                    07:25:97:ce:84:2e:64:52:c7:cd:13:a2:56:6f:4a:
                    b0:5e:84:30:4d:b8:94:a2:97:96:6b:f4:85:df:e0:
                    c3:2c:12:3d:26:5a:9e:61:95:08:82:42:d6:b5:66:
                    81:0e:05:a3:9a:d3:22:4a:77:cf:67:df:df:fe:67:
                    a0:80:70:c5:61:36:1e:0d:ec:d1:18:6a:4b:16:7d:
                    57:79:c1:79:01:67:ed:ad:9d:db:5d:17:d4:57:57:
                    10:03:64:66:a2:61:93:37:5a:8d:c3:e9:04:4f:87:
                    51:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:09:40:EA:70:2A:27:6A:21:D1:DE:8B:7C:54:2F:31:5C:0A:B3:4A
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS46475.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:10:b5:8f:b5:ca:31:5a:70:14:d7:03:66:50:bf:10:cf:e3:
         57:a3:e2:45:80:2f:81:3e:f7:78:32:2a:2f:df:a6:e0:90:5e:
         fd:83:1f:84:10:56:cc:2f:5f:74:ff:c6:6f:75:81:74:65:e7:
         18:37:3a:89:6e:1b:5a:53:a7:9c:c0:77:ed:b4:15:02:04:25:
         23:a1:b7:0b:73:69:e9:37:87:33:a2:26:46:e4:26:e5:d7:9b:
         43:16:bf:97:e0:d5:10:5b:c4:7b:7c:02:3e:6d:0c:e1:bb:8f:
         9d:43:81:20:8b:5c:91:2c:1e:c5:d9:17:a5:8f:84:85:17:07:
         aa:30:4f:ce:1f:ad:86:64:3e:42:b3:7f:7b:9c:91:f3:69:8c:
         ec:0e:c0:2c:46:55:9a:9e:1d:e7:34:cb:50:0a:63:0d:74:9f:
         ba:c5:e5:44:f6:65:54:dc:f2:ae:c9:18:01:d3:5c:49:2a:42:
         29:33:5e:9d:a3:c7:f3:a8:5a:75:3c:3a:13:02:28:09:ad:e9:
         56:fe:f1:78:af:54:25:cf:e1:cb:11:73:f9:e6:64:b2:b4:b1:
         3f:d5:4f:eb:43:25:cd:eb:ca:ad:a7:d5:06:b6:72:df:87:0d:
         a2:6e:fe:b0:94:03:67:ef:89:5d:27:1a:c4:91:3a:d6:cb:4e:
         63:b9:77:02
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaqIwgu9OGv7Mi/Ja3x73gWa/WqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQwODI1MjdaFw0yNzAzMDMwODMwMjdaMDMxMTAvBgNV
BAMTKDk4MDk0MEVBNzAyQTI3NkEyMUQxREU4QjdDNTQyRjMxNUMwQUIzNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClXrkEGvYGvObDV8u3jqKUmMxh
bNdcil2X4J5NnOop7uPbC16v6/+UhpugootBY17+PZtze+Vly1EydUi1v9qWUx6E
0t4n/5CcHA9Rc9CdPWmaJpuedufcX6pK7NgGNlpJOHQmGZ3d5b6Oup4C/ppeL1+F
/JE6ddaT2xI+ED9xycesHA4UMLIxfz+cpdXP/OS8/FLsfAcll86ELmRSx80TolZv
SrBehDBNuJSil5Zr9IXf4MMsEj0mWp5hlQiCQta1ZoEOBaOa0yJKd89n39/+Z6CA
cMVhNh4N7NEYaksWfVd5wXkBZ+2tndtdF9RXVxADZGaiYZM3Wo3D6QRPh1FnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUmAlA6nAqJ2oh0d6LfFQvMVwKs0owHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTNDY0NzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTfc4w
DQYJKoZIhvcNAQELBQADggEBAAAQtY+1yjFacBTXA2ZQvxDP41ej4kWAL4E+93gy
Ki/fpuCQXv2DH4QQVswvX3T/xm91gXRl5xg3OoluG1pTp5zAd+20FQIEJSOhtwtz
aek3hzOiJkbkJuXXm0MWv5fg1RBbxHt8Aj5tDOG7j51DgSCLXJEsHsXZF6WPhIUX
B6owT84frYZkPkKzf3uckfNpjOwOwCxGVZqeHec0y1AKYw10n7rF5UT2ZVTc8q7J
GAHTXEkqQikzXp2jx/OoWnU8OhMCKAmt6Vb+8XivVCXP4csRc/nmZLK0sT/VT+tD
Jc3ryq2n1Qa2ct+HDaJu/rCUA2fviV0nGsSROtbLTmO5dwI=
-----END CERTIFICATE-----