Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49981.roa
File:                     AS49981.roa (raw, json)
Hash identifier:          TfaKm222nQf6rN0VGfSI1zeCeP96VqzUa+o6Q7kr6i8=
Subject key identifier:   4D:44:D9:0E:7B:4D:59:D4:2B:25:FD:04:4D:5D:17:0A:5A:07:36:6D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2121D38B1F3564B9ACEF4D125AE525F2C649E363
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49981.roa
Signing time:             Mon 14 Jul 2025 11:13:58 +0000
ROA not before:           Mon 14 Jul 2025 11:08:58 +0000
ROA not after:            Mon 13 Jul 2026 11:13:58 +0000
asID:                     49981
IP address blocks:        82.29.108.0/24 maxlen: 24
                          2a13:9500:ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 15:55:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:21:d3:8b:1f:35:64:b9:ac:ef:4d:12:5a:e5:25:f2:c6:49:e3:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 14 11:08:58 2025 GMT
            Not After : Jul 13 11:13:58 2026 GMT
        Subject: CN=4D44D90E7B4D59D42B25FD044D5D170A5A07366D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5a:49:bf:0c:e4:4c:08:00:aa:1f:89:ec:32:
                    bf:43:05:a4:13:ea:2f:9a:66:65:c3:29:dd:75:18:
                    85:c2:73:d4:81:fa:10:e1:7c:72:06:6f:f7:d1:77:
                    12:32:fc:e4:73:e0:92:f6:c0:b7:7c:b7:fc:94:82:
                    b7:06:03:2e:5e:bf:50:0c:6e:b0:bc:98:14:f9:1c:
                    f2:41:70:1e:0b:43:95:b5:b3:56:d9:c2:82:2e:b8:
                    98:c5:9b:61:4f:36:0e:0b:4d:07:01:02:49:54:0e:
                    ac:8b:4b:71:f3:e4:81:3c:c5:23:8a:66:a6:44:d6:
                    4d:68:7c:ca:19:07:5a:60:d3:b5:9f:f1:96:b5:27:
                    68:16:f3:d0:44:d3:69:50:e8:cd:43:07:41:9f:f5:
                    ef:5b:6a:4c:2c:12:fd:0c:eb:c5:1b:3d:e7:85:8f:
                    28:55:32:ad:94:40:5e:75:11:1a:2e:d3:f7:d3:19:
                    5e:8b:9c:3e:f6:51:48:36:0d:8e:fc:1e:fc:b7:46:
                    b8:de:91:35:e4:d3:ce:97:d2:58:6b:59:51:58:ca:
                    7d:70:75:42:f0:fe:8f:63:17:69:33:fb:95:75:63:
                    8e:99:16:b9:52:b0:7c:6b:1b:cc:37:c1:ba:ef:c1:
                    8c:87:97:48:74:00:d5:ac:14:b9:e2:e2:ca:af:13:
                    f0:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:44:D9:0E:7B:4D:59:D4:2B:25:FD:04:4D:5D:17:0A:5A:07:36:6D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49981.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.108.0/24
                IPv6:
                  2a13:9500:ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:7b:18:af:ea:74:de:db:60:ff:5e:12:c5:7b:e9:7b:a2:8b:
         1d:c4:96:07:66:e9:bf:d5:ae:74:5a:91:53:04:9b:d5:c7:60:
         a8:ff:46:85:fc:8b:52:11:f5:8f:70:16:21:91:fc:49:63:56:
         1f:2a:49:da:7c:ac:c0:f3:a5:5a:eb:d0:9c:9b:6f:97:5d:bd:
         4f:71:24:ed:aa:6f:6d:be:9b:cf:40:0b:71:db:ba:d7:00:96:
         a8:a1:e8:a2:e6:52:6c:df:ca:59:bd:47:c3:90:e0:6e:e7:9d:
         ed:c1:5e:f4:22:1f:b7:71:5b:95:7d:37:03:36:dc:e6:26:4e:
         71:b3:17:de:45:72:3b:fc:b6:7a:4e:86:00:1c:27:cc:9a:81:
         b1:61:82:96:b8:3e:55:a3:41:d2:3d:12:cb:1b:0e:a1:1d:64:
         82:cb:4f:c2:13:62:1d:68:90:2b:59:04:35:6b:62:71:c7:fa:
         2e:95:1b:9f:80:a3:22:f3:1d:ed:24:ae:29:a3:e9:0e:70:27:
         56:62:f1:4f:40:83:fe:c9:e1:40:c4:d9:db:86:b3:81:76:1a:
         23:8f:90:a8:7c:b2:4c:ef:09:28:75:a5:51:fc:18:ae:d4:04:
         22:35:14:3b:f3:5d:75:0b:68:c7:a8:2e:be:16:bd:d6:74:41:
         df:64:98:6d
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIUISHTix81ZLms700SWuUl8sZJ42MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTQxMTA4NThaFw0yNjA3MTMxMTEzNThaMDMxMTAvBgNV
BAMTKDRENDREOTBFN0I0RDU5RDQyQjI1RkQwNDRENUQxNzBBNUEwNzM2NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Wkm/DORMCACqH4nsMr9DBaQT
6i+aZmXDKd11GIXCc9SB+hDhfHIGb/fRdxIy/ORz4JL2wLd8t/yUgrcGAy5ev1AM
brC8mBT5HPJBcB4LQ5W1s1bZwoIuuJjFm2FPNg4LTQcBAklUDqyLS3Hz5IE8xSOK
ZqZE1k1ofMoZB1pg07Wf8Za1J2gW89BE02lQ6M1DB0Gf9e9bakwsEv0M68UbPeeF
jyhVMq2UQF51ERou0/fTGV6LnD72UUg2DY78Hvy3RrjekTXk086X0lhrWVFYyn1w
dULw/o9jF2kz+5V1Y46ZFrlSsHxrG8w3wbrvwYyHl0h0ANWsFLni4sqvE/ABAgMB
AAGjggIaMIICFjAdBgNVHQ4EFgQUTUTZDntNWdQrJf0ETV0XCloHNm0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDk5ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBABSHWww
DwQCAAIwCQMHACoTlQAArDANBgkqhkiG9w0BAQsFAAOCAQEAGnsYr+p03ttg/14S
xXvpe6KLHcSWB2bpv9WudFqRUwSb1cdgqP9GhfyLUhH1j3AWIZH8SWNWHypJ2nys
wPOlWuvQnJtvl129T3Ek7apvbb6bz0ALcdu61wCWqKHoouZSbN/KWb1Hw5Dgbued
7cFe9CIft3FblX03Azbc5iZOcbMX3kVyO/y2ek6GABwnzJqBsWGClrg+VaNB0j0S
yxsOoR1kgstPwhNiHWiQK1kENWticcf6LpUbn4CjIvMd7SSuKaPpDnAnVmLxT0CD
/snhQMTZ24azgXYaI4+QqHyyTO8JKHWlUfwYrtQEIjUUO/NddQtox6guvha91nRB
32SYbQ==
-----END CERTIFICATE-----