Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa
File:                     AS49608.roa (raw, json)
Hash identifier:          BOG44OmBbakGzNifjFlHdQ7n2lvgrI3rnAU0xr9yxy0=
Subject key identifier:   5A:32:A6:5A:5F:0B:FC:74:33:65:FF:03:66:47:8B:03:EE:77:88:48
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       609BA8EDBCFEC4513FA5B02739D1A39530F700BE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa
Signing time:             Sun 01 Jun 2025 00:54:08 +0000
ROA not before:           Sun 01 Jun 2025 00:49:08 +0000
ROA not after:            Sun 31 May 2026 00:54:08 +0000
asID:                     49608
IP address blocks:        146.103.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 05:53:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:9b:a8:ed:bc:fe:c4:51:3f:a5:b0:27:39:d1:a3:95:30:f7:00:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  1 00:49:08 2025 GMT
            Not After : May 31 00:54:08 2026 GMT
        Subject: CN=5A32A65A5F0BFC743365FF0366478B03EE778848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f1:41:f9:b5:06:aa:11:4a:b1:87:b0:77:26:
                    08:e5:ee:5f:a0:2c:9d:06:2d:9f:9a:4f:11:69:86:
                    ba:63:a0:8d:25:7d:31:a4:af:1d:5e:70:8e:9d:8b:
                    a4:4e:20:e0:0a:2a:cb:0a:c0:aa:d8:a9:88:c9:bb:
                    5b:68:b5:44:86:18:89:ca:24:41:b3:78:11:01:1f:
                    d2:64:5d:e9:f1:1d:21:6f:8f:ea:81:01:56:33:32:
                    55:1e:56:26:26:98:96:a7:07:6c:48:aa:ce:52:54:
                    0a:23:f8:c0:2f:2e:79:c3:38:e6:1f:62:dc:36:e7:
                    a0:ef:53:a5:aa:43:a7:6d:16:4c:81:ed:d5:a0:e4:
                    3c:54:15:70:5a:44:57:de:7f:76:e8:88:98:4a:bc:
                    17:5d:ff:bb:b8:83:d9:3f:00:09:11:7a:f8:43:c5:
                    c7:a1:95:c1:4d:20:09:52:e8:02:37:50:06:29:b3:
                    aa:1f:08:ba:14:9d:49:d3:01:09:b0:b4:be:bb:f6:
                    6f:04:05:13:84:f8:c6:5a:a6:70:6d:93:d0:1d:01:
                    df:86:52:52:d6:be:7e:f7:b6:fa:8f:ca:11:28:4d:
                    0a:fa:12:f1:07:68:ed:e7:ea:90:78:8f:20:f6:9e:
                    f3:c4:68:41:bb:22:47:79:cf:40:73:6c:7c:aa:c8:
                    d8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:32:A6:5A:5F:0B:FC:74:33:65:FF:03:66:47:8B:03:EE:77:88:48
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:ef:d2:68:33:79:dd:84:c5:6c:7a:92:26:7e:6c:eb:67:5c:
         9b:f5:de:9a:11:b6:75:14:a6:ab:33:55:21:5b:7c:67:ca:d2:
         d3:0d:6c:ca:9c:e9:17:3a:05:d6:7d:fa:ad:01:55:fd:97:94:
         f2:24:89:04:c1:1d:33:8d:d7:b6:55:71:47:9e:cb:a6:21:6b:
         26:f5:39:9c:40:dc:9c:ac:2e:c3:97:51:bb:b8:0a:6f:60:4a:
         40:52:6a:e4:2a:e2:30:d7:ee:dc:56:83:ba:0f:ca:db:7a:41:
         58:a3:61:3f:b5:17:8f:ae:ce:94:04:00:05:68:af:af:fd:45:
         cb:9f:6f:3c:cf:4d:b3:d7:fb:6d:6e:7b:02:4a:52:c4:f2:18:
         5e:c1:23:f0:6a:b5:50:18:0a:4c:ca:41:9b:4b:f6:4c:3b:c1:
         8a:21:3d:d6:09:21:55:ca:82:aa:a0:8c:77:38:d9:c9:fb:24:
         22:43:1c:33:ac:c4:4d:54:61:1f:48:ac:13:9d:0a:93:3d:a1:
         e0:38:e1:1b:83:a1:25:97:d1:0b:dd:c2:fa:bb:0e:d4:2c:3f:
         ab:3c:6d:21:88:0a:be:ff:a7:70:d9:9d:50:1a:d5:87:29:e9:
         4e:21:e1:91:0c:ad:47:71:08:71:b4:79:3a:b4:d4:65:a8:7b:
         6a:c0:81:61
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYJuo7bz+xFE/pbAnOdGjlTD3AL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDEwMDQ5MDhaFw0yNjA1MzEwMDU0MDhaMDMxMTAvBgNV
BAMTKDVBMzJBNjVBNUYwQkZDNzQzMzY1RkYwMzY2NDc4QjAzRUU3Nzg4NDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe8UH5tQaqEUqxh7B3Jgjl7l+g
LJ0GLZ+aTxFphrpjoI0lfTGkrx1ecI6di6ROIOAKKssKwKrYqYjJu1totUSGGInK
JEGzeBEBH9JkXenxHSFvj+qBAVYzMlUeViYmmJanB2xIqs5SVAoj+MAvLnnDOOYf
Ytw256DvU6WqQ6dtFkyB7dWg5DxUFXBaRFfef3boiJhKvBdd/7u4g9k/AAkRevhD
xcehlcFNIAlS6AI3UAYps6ofCLoUnUnTAQmwtL679m8EBROE+MZapnBtk9AdAd+G
UlLWvn73tvqPyhEoTQr6EvEHaO3n6pB4jyD2nvPEaEG7Ikd5z0BzbHyqyNjpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUWjKmWl8L/HQzZf8DZkeLA+53iEgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDk2MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZxsw
DQYJKoZIhvcNAQELBQADggEBAHbv0mgzed2ExWx6kiZ+bOtnXJv13poRtnUUpqsz
VSFbfGfK0tMNbMqc6Rc6BdZ9+q0BVf2XlPIkiQTBHTON17ZVcUeey6Yhayb1OZxA
3JysLsOXUbu4Cm9gSkBSauQq4jDX7txWg7oPytt6QVijYT+1F4+uzpQEAAVor6/9
RcufbzzPTbPX+21uewJKUsTyGF7BI/BqtVAYCkzKQZtL9kw7wYohPdYJIVXKgqqg
jHc42cn7JCJDHDOsxE1UYR9IrBOdCpM9oeA44RuDoSWX0Qvdwvq7DtQsP6s8bSGI
Cr7/p3DZnVAa1Ycp6U4h4ZEMrUdxCHG0eTq01GWoe2rAgWE=
-----END CERTIFICATE-----