Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49901.roa
File:                     AS49901.roa (raw, json)
Hash identifier:          avl6dS6GcPtN4tyXCkRIYPNElxTYME7X3GUNH2iL+Dc=
Subject key identifier:   11:E5:A1:A3:C3:12:CB:44:8D:73:DB:0D:7B:36:C6:29:D0:0E:FC:80
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       144C8EA46102C9E8A54ABA31F948BE665CE10BD0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49901.roa
Signing time:             Fri 04 Oct 2024 13:43:22 +0000
ROA not before:           Fri 04 Oct 2024 13:38:22 +0000
ROA not after:            Fri 03 Oct 2025 13:43:22 +0000
asID:                     49901
IP address blocks:        191.96.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:4c:8e:a4:61:02:c9:e8:a5:4a:ba:31:f9:48:be:66:5c:e1:0b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  4 13:38:22 2024 GMT
            Not After : Oct  3 13:43:22 2025 GMT
        Subject: CN=11E5A1A3C312CB448D73DB0D7B36C629D00EFC80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a5:73:b4:c8:f3:46:d9:52:e2:f2:6f:6a:6b:
                    06:fb:34:18:d0:7b:a7:8a:3c:e3:29:ef:ba:25:59:
                    92:4b:3d:97:8c:ce:b9:bc:fb:56:55:f1:c7:e6:9b:
                    0e:50:75:1a:41:69:88:f4:90:3a:a1:ed:b3:3a:06:
                    98:f0:f8:7b:29:2d:af:14:f7:5e:5a:13:90:05:14:
                    c6:13:ba:f4:a3:78:b5:6d:f1:97:de:0a:12:b6:8c:
                    7b:50:e5:3c:57:b4:46:17:67:86:c6:de:cb:ee:9a:
                    19:85:a0:82:37:77:ca:f5:d8:0d:33:fd:5f:73:5e:
                    8d:73:49:ab:c1:5a:c8:11:67:c7:6c:5a:f0:e4:d1:
                    7f:83:b3:9b:fc:db:60:bd:a4:31:51:95:32:44:50:
                    36:f1:33:da:fb:e0:d1:e2:d6:a0:f9:be:24:d4:42:
                    2a:95:1a:d8:33:d3:ee:7b:5c:3c:8d:4a:85:a2:6f:
                    98:fe:3a:4a:6f:77:21:2d:4a:43:28:4b:c2:8d:09:
                    fd:2f:7f:d3:9f:cb:70:91:3a:ad:5c:6e:91:59:9d:
                    a4:b6:75:fb:99:e9:a2:a6:43:9c:8d:1f:a3:71:1e:
                    22:91:de:4f:eb:a6:a1:78:a6:a0:26:e8:b3:20:d2:
                    aa:22:6a:75:e2:63:ae:a6:6a:2d:f5:c4:bf:ed:1d:
                    65:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E5:A1:A3:C3:12:CB:44:8D:73:DB:0D:7B:36:C6:29:D0:0E:FC:80
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49901.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:5d:01:3f:a4:d7:43:28:cb:73:26:3d:24:ca:68:2d:c4:99:
         3e:17:2d:32:c7:43:3f:65:0a:06:2b:a9:83:8f:62:d0:66:35:
         47:c7:5f:54:55:c0:94:44:95:1f:b4:1c:8f:98:af:1c:b3:94:
         a5:84:a4:1e:66:76:4a:84:11:23:e1:75:b5:27:cb:9f:22:f5:
         dc:7c:4e:8e:0c:26:ae:57:14:e5:b3:cf:39:a5:04:0a:14:91:
         88:2f:89:fd:ae:3c:b8:7d:e3:ee:97:6a:4d:5a:93:a3:b3:d2:
         92:25:74:64:e4:bf:75:76:f2:f1:13:a1:bb:11:b1:01:f7:66:
         fe:a4:e8:86:61:87:8a:ef:74:3f:a8:0a:7c:e1:c9:5b:26:f2:
         1b:43:8f:76:94:6b:bd:70:ab:5e:b0:53:12:c7:6d:3d:51:0b:
         a3:fc:2e:ac:4e:c6:99:10:fe:b1:6f:5c:62:fe:6c:4a:ab:d6:
         e5:6e:7d:e6:52:7f:23:ce:d7:41:83:bd:5d:99:8f:5c:c1:55:
         d0:b2:4c:6c:b3:fa:40:90:8c:75:2d:0a:9a:81:fb:5a:39:27:
         a8:bc:42:a6:ca:1f:1b:43:e7:21:6a:28:b5:23:4c:1f:11:da:
         48:40:2c:33:ca:8e:c6:48:a6:b3:71:ca:84:18:22:72:4e:b9:
         f8:98:da:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFEyOpGECyeilSrox+Ui+ZlzhC9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMDQxMzM4MjJaFw0yNTEwMDMxMzQzMjJaMDMxMTAvBgNV
BAMTKDExRTVBMUEzQzMxMkNCNDQ4RDczREIwRDdCMzZDNjI5RDAwRUZDODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWpXO0yPNG2VLi8m9qawb7NBjQ
e6eKPOMp77olWZJLPZeMzrm8+1ZV8cfmmw5QdRpBaYj0kDqh7bM6Bpjw+HspLa8U
915aE5AFFMYTuvSjeLVt8ZfeChK2jHtQ5TxXtEYXZ4bG3svumhmFoII3d8r12A0z
/V9zXo1zSavBWsgRZ8dsWvDk0X+Ds5v822C9pDFRlTJEUDbxM9r74NHi1qD5viTU
QiqVGtgz0+57XDyNSoWib5j+OkpvdyEtSkMoS8KNCf0vf9Ofy3CROq1cbpFZnaS2
dfuZ6aKmQ5yNH6NxHiKR3k/rpqF4pqAm6LMg0qoianXiY66mai31xL/tHWUXAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUEeWho8MSy0SNc9sNezbGKdAO/IAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDk5MDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YB0w
DQYJKoZIhvcNAQELBQADggEBAAldAT+k10Moy3MmPSTKaC3EmT4XLTLHQz9lCgYr
qYOPYtBmNUfHX1RVwJRElR+0HI+YrxyzlKWEpB5mdkqEESPhdbUny58i9dx8To4M
Jq5XFOWzzzmlBAoUkYgvif2uPLh94+6Xak1ak6Oz0pIldGTkv3V28vETobsRsQH3
Zv6k6IZhh4rvdD+oCnzhyVsm8htDj3aUa71wq16wUxLHbT1RC6P8LqxOxpkQ/rFv
XGL+bEqr1uVufeZSfyPO10GDvV2Zj1zBVdCyTGyz+kCQjHUtCpqB+1o5J6i8QqbK
HxtD5yFqKLUjTB8R2khALDPKjsZIprNxyoQYInJOufiY2qQ=
-----END CERTIFICATE-----