Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS49981.roa
File:                     AS49981.roa (raw, json)
Hash identifier:          XMLZpx1a/4AAqisil5rbVh4vRpS6pCF6fjjcB6NUbQY=
Subject key identifier:   06:3B:55:1A:2A:A9:EF:8A:74:EC:26:15:6D:5D:71:86:C8:43:C6:E5
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4E3B0299721F51AFB84CD93B17D7B93B5A42B260
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS49981.roa
Signing time:             Thu 03 Jul 2025 15:52:30 +0000
ROA not before:           Thu 03 Jul 2025 15:47:30 +0000
ROA not after:            Thu 02 Jul 2026 15:52:30 +0000
asID:                     49981
IP address blocks:        185.99.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:3b:02:99:72:1f:51:af:b8:4c:d9:3b:17:d7:b9:3b:5a:42:b2:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:30 2025 GMT
            Not After : Jul  2 15:52:30 2026 GMT
        Subject: CN=063B551A2AA9EF8A74EC26156D5D7186C843C6E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c1:77:20:6f:76:ab:87:2f:f5:9c:c0:c0:2a:
                    8b:0d:a5:fd:78:bc:11:5e:ce:28:ab:e2:6a:66:67:
                    00:2c:be:74:09:f3:b0:b9:14:4c:5b:9b:e9:9f:70:
                    63:22:c8:e5:63:a4:84:83:27:b5:39:92:b7:dd:44:
                    a2:3c:f6:dd:89:77:e6:67:de:c9:76:2f:ba:12:c8:
                    69:46:12:e0:8e:42:94:2d:a8:35:d2:ed:0c:36:7d:
                    c9:bb:4d:f4:bd:25:e4:db:20:76:a3:1e:e8:8b:72:
                    53:d8:b5:39:91:72:e3:3f:a7:2d:11:a8:87:79:9c:
                    7c:ea:12:39:e2:d4:c9:f5:9b:05:e6:4c:89:b0:e8:
                    b8:e7:37:e6:25:48:7c:1d:e1:74:63:00:fb:4a:05:
                    49:69:54:42:33:34:8b:dc:72:5a:08:01:cd:4c:39:
                    ab:73:27:1e:47:84:6d:37:dc:95:d7:0d:bc:fd:5a:
                    82:ff:36:54:fb:7f:41:de:5c:7a:7d:45:77:fc:84:
                    2c:9d:c5:eb:31:8e:6e:fc:08:69:36:ea:39:63:9e:
                    15:4d:af:a1:61:2e:c0:77:fc:42:16:7e:75:df:c8:
                    d1:2d:20:d0:fe:9b:cb:cf:60:58:52:f6:ae:4e:1b:
                    a3:07:e2:4e:e1:8e:70:82:65:9b:de:98:b8:1e:e3:
                    82:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:3B:55:1A:2A:A9:EF:8A:74:EC:26:15:6D:5D:71:86:C8:43:C6:E5
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS49981.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:eb:a9:44:78:d6:f1:ad:c7:a8:e9:73:64:e0:71:b9:cc:a2:
         5d:6c:09:5f:54:e7:95:e5:8b:ae:db:34:a9:4f:ec:f7:35:ed:
         78:22:e0:59:e8:60:81:0c:5b:17:b8:ab:29:30:66:63:99:84:
         e0:99:23:80:0a:9e:dc:87:d5:0b:3a:79:63:df:f4:22:ab:25:
         1e:de:27:df:42:2e:ed:be:f8:2e:4b:b4:11:e0:04:6b:29:b2:
         16:97:e1:ef:6f:51:fc:68:42:33:67:c9:af:71:c9:74:f8:20:
         b2:3a:4c:f3:e2:06:bd:fa:5b:1e:ce:21:fb:be:b4:72:59:a1:
         2e:45:9d:ef:f3:26:f9:b9:c7:c9:a2:01:c0:43:33:35:91:69:
         b6:34:4d:99:d1:16:70:f4:c5:14:5c:d3:a6:cc:39:9b:f0:74:
         13:d5:21:03:a5:dd:a2:6c:6e:61:80:d0:86:13:80:0e:be:4d:
         e5:28:cb:2f:32:2c:c6:19:cc:43:59:7f:93:1f:30:b8:ba:fa:
         2b:b1:2f:13:d6:fd:e7:a9:26:21:9a:1c:27:b2:1a:16:64:e5:
         ad:e1:33:85:a9:67:66:17:f4:38:78:42:5b:7a:07:03:7d:11:
         53:67:b5:24:88:d2:ad:7c:90:8d:ec:fd:bf:8a:ef:6e:a0:0f:
         84:4e:74:a0
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUTjsCmXIfUa+4TNk7F9e5O1pCsmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MzBaFw0yNjA3MDIxNTUyMzBaMDMxMTAvBgNV
BAMTKDA2M0I1NTFBMkFBOUVGOEE3NEVDMjYxNTZENUQ3MTg2Qzg0M0M2RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTwXcgb3arhy/1nMDAKosNpf14
vBFeziir4mpmZwAsvnQJ87C5FExbm+mfcGMiyOVjpISDJ7U5krfdRKI89t2Jd+Zn
3sl2L7oSyGlGEuCOQpQtqDXS7Qw2fcm7TfS9JeTbIHajHuiLclPYtTmRcuM/py0R
qId5nHzqEjni1Mn1mwXmTImw6LjnN+YlSHwd4XRjAPtKBUlpVEIzNIvccloIAc1M
OatzJx5HhG033JXXDbz9WoL/NlT7f0HeXHp9RXf8hCydxesxjm78CGk26jljnhVN
r6FhLsB3/EIWfnXfyNEtIND+m8vPYFhS9q5OG6MH4k7hjnCCZZvemLge44L3AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUBjtVGiqp74p07CYVbV1xhshDxuUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NDk5ODEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAC5Y4cwDQYJKoZIhvcNAQELBQADggEBAKDrqUR41vGt
x6jpc2TgcbnMol1sCV9U55Xli67bNKlP7Pc17Xgi4FnoYIEMWxe4qykwZmOZhOCZ
I4AKntyH1Qs6eWPf9CKrJR7eJ99CLu2++C5LtBHgBGspshaX4e9vUfxoQjNnya9x
yXT4ILI6TPPiBr36Wx7OIfu+tHJZoS5Fne/zJvm5x8miAcBDMzWRabY0TZnRFnD0
xRRc06bMOZvwdBPVIQOl3aJsbmGA0IYTgA6+TeUoyy8yLMYZzENZf5MfMLi6+iux
LxPW/eepJiGaHCeyGhZk5a3hM4WpZ2YX9Dh4Qlt6BwN9EVNntSSI0q18kI3s/b+K
726gD4ROdKA=
-----END CERTIFICATE-----