Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49981.roa
File:                     AS49981.roa (raw, json)
Hash identifier:          ICSS6Vhof2MncqEvE3vVzA/th1t9LfAE73tjKFi6xRc=
Subject key identifier:   33:D8:83:34:41:16:CE:ED:43:B9:CF:C6:FD:7D:70:56:D8:41:79:0C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       39EB38F32486C05F11922E96C7EDC3C8C4E388BE
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49981.roa
Signing time:             Wed 09 Jul 2025 12:46:56 +0000
ROA not before:           Wed 09 Jul 2025 12:41:56 +0000
ROA not after:            Wed 08 Jul 2026 12:46:56 +0000
asID:                     49981
IP address blocks:        91.124.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:eb:38:f3:24:86:c0:5f:11:92:2e:96:c7:ed:c3:c8:c4:e3:88:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul  9 12:41:56 2025 GMT
            Not After : Jul  8 12:46:56 2026 GMT
        Subject: CN=33D883344116CEED43B9CFC6FD7D7056D841790C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ee:52:1a:e7:f2:74:89:8c:35:6d:73:88:a2:
                    4c:5c:97:a4:d3:09:7e:c6:64:19:f5:4d:c2:c5:98:
                    fb:28:6a:a8:d2:0b:75:c4:47:6e:31:25:2e:70:23:
                    7f:86:60:82:e8:cd:d9:c9:1c:b5:82:68:66:57:5c:
                    63:b2:01:83:1f:ab:ef:b0:e1:b9:c8:54:b8:8f:46:
                    f9:40:7b:30:7d:d2:7a:06:46:95:90:89:de:ec:97:
                    8b:ac:cc:98:eb:4d:11:a2:0f:ba:32:18:f4:d7:94:
                    27:5a:f0:70:43:d3:0d:ff:2f:3e:05:e4:56:52:18:
                    86:8a:65:71:7b:9e:65:d2:5a:6d:b4:0e:cf:a5:cb:
                    ca:3b:42:af:d3:81:5f:82:ad:8a:54:f8:39:cb:e9:
                    c0:c2:04:4e:cb:93:2a:7c:fd:4e:e5:7b:18:3f:56:
                    1d:bb:86:1d:64:66:b4:84:e6:3a:41:15:5d:10:1f:
                    1c:18:e3:22:a3:81:fb:09:55:21:07:d2:5f:7d:51:
                    1e:99:11:ee:ae:19:f3:5e:73:29:58:a5:1e:4b:86:
                    70:2a:7c:26:c1:b3:d1:dc:02:83:b5:0e:14:82:4d:
                    d5:40:55:53:97:04:bc:36:3c:38:fe:d6:8c:03:d1:
                    f1:49:21:c7:4a:7e:5f:71:f3:a9:27:e0:5e:fb:b2:
                    40:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D8:83:34:41:16:CE:ED:43:B9:CF:C6:FD:7D:70:56:D8:41:79:0C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49981.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:ed:e7:50:df:a0:44:d8:2f:8d:b2:ee:79:49:2e:db:15:43:
         27:01:7a:3e:92:1c:d0:b4:47:a8:2d:a0:a9:7d:7e:48:c3:76:
         3b:f9:f8:6b:f5:57:f6:c8:1b:b9:8e:d3:bb:ca:a2:e1:82:9d:
         7f:6a:00:7c:4d:b9:1a:9a:90:d7:e2:1d:f0:93:05:3c:fd:35:
         64:5a:e6:c5:ff:b0:b0:56:9b:cf:e5:60:18:89:17:be:93:74:
         36:45:8c:f6:82:1d:8d:88:83:ea:58:4b:c3:b7:05:9d:e1:a6:
         68:3f:ff:87:4f:12:2b:bd:cd:9d:cc:f7:4b:d4:85:55:c2:52:
         ae:92:85:b0:0a:63:d9:d3:b5:a7:99:77:58:10:84:13:1e:fc:
         7f:ab:33:9a:5d:1a:9c:3d:61:bd:91:08:56:65:d8:f2:7f:ae:
         90:22:5c:2d:26:18:0d:4d:bc:cd:63:1c:82:15:b9:0d:0c:6b:
         cd:ab:0d:fb:5f:80:66:4d:8a:0d:52:e2:90:1c:c7:8e:9f:90:
         c8:9a:18:a8:b7:92:d0:79:24:a7:80:ae:f6:51:09:ca:55:06:
         7b:10:10:01:9f:55:17:59:54:b7:0d:88:f7:b2:e1:df:05:04:
         2f:e4:d9:38:0d:0c:6f:eb:fa:27:f0:4f:fb:68:34:f7:94:91:
         09:82:60:03
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOes48ySGwF8Rki6Wx+3DyMTjiL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MDkxMjQxNTZaFw0yNjA3MDgxMjQ2NTZaMDMxMTAvBgNV
BAMTKDMzRDg4MzM0NDExNkNFRUQ0M0I5Q0ZDNkZEN0Q3MDU2RDg0MTc5MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK7lIa5/J0iYw1bXOIokxcl6TT
CX7GZBn1TcLFmPsoaqjSC3XER24xJS5wI3+GYILozdnJHLWCaGZXXGOyAYMfq++w
4bnIVLiPRvlAezB90noGRpWQid7sl4uszJjrTRGiD7oyGPTXlCda8HBD0w3/Lz4F
5FZSGIaKZXF7nmXSWm20Ds+ly8o7Qq/TgV+CrYpU+DnL6cDCBE7Lkyp8/U7lexg/
Vh27hh1kZrSE5jpBFV0QHxwY4yKjgfsJVSEH0l99UR6ZEe6uGfNecylYpR5LhnAq
fCbBs9HcAoO1DhSCTdVAVVOXBLw2PDj+1owD0fFJIcdKfl9x86kn4F77skDLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUM9iDNEEWzu1Duc/G/X1wVthBeQwwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDk5ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfNEw
DQYJKoZIhvcNAQELBQADggEBAGDt51DfoETYL42y7nlJLtsVQycBej6SHNC0R6gt
oKl9fkjDdjv5+Gv1V/bIG7mO07vKouGCnX9qAHxNuRqakNfiHfCTBTz9NWRa5sX/
sLBWm8/lYBiJF76TdDZFjPaCHY2Ig+pYS8O3BZ3hpmg//4dPEiu9zZ3M90vUhVXC
Uq6ShbAKY9nTtaeZd1gQhBMe/H+rM5pdGpw9Yb2RCFZl2PJ/rpAiXC0mGA1NvM1j
HIIVuQ0Ma82rDftfgGZNig1S4pAcx46fkMiaGKi3ktB5JKeArvZRCcpVBnsQEAGf
VRdZVLcNiPey4d8FBC/k2TgNDG/r+ifwT/toNPeUkQmCYAM=
-----END CERTIFICATE-----