Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/rh473Hyzuw33R6XHPkowzaOKqAI.roa
File:                     rh473Hyzuw33R6XHPkowzaOKqAI.roa (raw, json)
Hash identifier:          UI+5gooEy8C8VLEblO7eDVfZ4gU9lnWcpbNDI1Ge2ec=
Subject key identifier:   AE:1E:3B:DC:7C:B3:BB:0D:F7:47:A5:C7:3E:4A:30:CD:A3:8A:A8:02
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019DD341040722CC5D562EB5C8933BE874A3
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/rh473Hyzuw33R6XHPkowzaOKqAI.roa
Signing time:             Tue 28 Apr 2026 08:42:26 +0000
ROA not before:           Tue 28 Apr 2026 08:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        46.34.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:41:04:07:22:cc:5d:56:2e:b5:c8:93:3b:e8:74:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Apr 28 08:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae1e3bdc7cb3bb0df747a5c73e4a30cda38aa802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b4:53:41:5d:9e:8e:2b:dc:57:f9:fa:14:82:
                    23:69:4c:c1:95:0a:76:b7:18:0e:b6:e0:8f:ed:6c:
                    27:af:0d:bc:a2:45:0c:ff:31:a9:5e:06:57:d7:92:
                    4b:b2:c4:fe:d8:cc:cb:5d:da:ef:39:91:f3:30:b1:
                    b9:68:9c:4a:08:3b:f7:3b:89:ab:0f:87:46:f5:15:
                    e1:c3:73:17:d8:b0:23:29:f6:69:d8:84:1d:f9:26:
                    72:42:48:03:4b:f8:0c:24:70:c8:65:91:9d:46:2c:
                    d1:20:19:df:6d:f8:67:af:76:f9:e3:67:45:05:69:
                    c2:db:10:07:b2:6c:31:53:02:dc:77:f8:43:2d:8f:
                    6d:4a:91:f2:c8:7d:af:3e:99:eb:db:f7:af:89:b4:
                    2f:cb:54:bf:7a:b7:8f:3c:71:ae:fd:a0:bc:8e:c0:
                    e0:a5:4d:ad:56:80:c6:c4:1d:54:fd:b4:2a:9a:cb:
                    0b:94:1f:ac:c6:e2:91:93:96:27:0e:bd:f2:b2:91:
                    81:dc:2e:17:13:33:95:fc:46:29:01:2d:8f:7e:91:
                    7f:d7:b9:ee:5e:2a:84:ee:13:b2:c5:88:32:f0:3d:
                    c1:d6:a8:8c:bd:0a:35:db:b2:6a:1b:5e:03:a0:73:
                    49:7b:1e:ae:77:5d:71:14:4b:74:e9:3d:30:a8:7b:
                    19:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1E:3B:DC:7C:B3:BB:0D:F7:47:A5:C7:3E:4A:30:CD:A3:8A:A8:02
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/rh473Hyzuw33R6XHPkowzaOKqAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ee:a2:fc:4f:ee:d8:ad:6e:10:5a:19:f4:92:af:cd:3a:5b:
         69:81:84:77:49:f1:79:20:07:9b:21:de:f2:a8:34:5a:15:74:
         ca:86:e9:c1:b7:bf:de:d2:41:3a:a9:78:44:ab:d6:03:dc:9f:
         a6:b5:65:d8:47:52:fa:23:f9:b3:ea:8c:1a:f8:41:a0:e4:47:
         02:19:47:a9:b3:53:0c:ab:6b:c7:f7:b9:88:dd:df:0e:24:ef:
         7c:4a:0c:78:a1:34:c2:b4:73:04:3b:ab:60:49:44:3a:70:07:
         50:82:23:7e:e6:89:27:4e:4a:28:7f:04:2e:01:0f:23:17:eb:
         e5:d3:e3:04:5c:bb:95:ed:fc:f0:3f:dc:ae:52:1d:8f:43:5c:
         b7:23:cf:bd:af:6b:85:62:b3:b1:55:35:82:13:c1:ab:fd:88:
         9a:48:d6:d6:71:24:23:f7:88:95:bc:64:81:21:3c:ce:e5:5f:
         41:a5:a9:55:71:e1:a7:32:2c:2e:a1:09:fd:a2:a4:18:cb:33:
         dd:4c:06:c9:58:65:4d:6b:a8:4e:27:8c:cf:56:01:01:23:ca:
         0d:a3:5f:db:80:75:82:8c:e0:36:28:6c:19:34:d9:e2:23:2c:
         65:f5:90:23:3c:af:1f:6c:24:7c:fe:f8:c5:b0:66:2d:62:e7:
         16:55:00:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3TQQQHIsxdVi61yJM76HSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjYwNDI4MDg0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFlM2JkYzdjYjNiYjBkZjc0N2E1YzczZTRhMzBjZGEzOGFhODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7RTQV2ejivcV/n6FIIjaUzBlQp2
txgOtuCP7Wwnrw28okUM/zGpXgZX15JLssT+2MzLXdrvOZHzMLG5aJxKCDv3O4mr
D4dG9RXhw3MX2LAjKfZp2IQd+SZyQkgDS/gMJHDIZZGdRizRIBnfbfhnr3b542dF
BWnC2xAHsmwxUwLcd/hDLY9tSpHyyH2vPpnr2/evibQvy1S/erePPHGu/aC8jsDg
pU2tVoDGxB1U/bQqmssLlB+sxuKRk5YnDr3yspGB3C4XEzOV/EYpAS2PfpF/17nu
XiqE7hOyxYgy8D3B1qiMvQo127JqG14DoHNJex6ud11xFEt06T0wqHsZ5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4eO9x8s7sN90elxz5KMM2jiqgCMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvcmg0NzNIeXp1dzMzUjZYSFBrb3d6YU9LcUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI9MA0G
CSqGSIb3DQEBCwUAA4IBAQA/7qL8T+7YrW4QWhn0kq/NOltpgYR3SfF5IAebId7y
qDRaFXTKhunBt7/e0kE6qXhEq9YD3J+mtWXYR1L6I/mz6owa+EGg5EcCGUeps1MM
q2vH97mI3d8OJO98Sgx4oTTCtHMEO6tgSUQ6cAdQgiN+5oknTkoofwQuAQ8jF+vl
0+MEXLuV7fzwP9yuUh2PQ1y3I8+9r2uFYrOxVTWCE8Gr/YiaSNbWcSQj94iVvGSB
ITzO5V9BpalVceGnMiwuoQn9oqQYyzPdTAbJWGVNa6hOJ4zPVgEBI8oNo1/bgHWC
jOA2KGwZNNniIyxl9ZAjPK8fbCR8/vjFsGYtYucWVQBc
-----END CERTIFICATE-----