Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49468.roa
File:                     AS49468.roa (raw, json)
Hash identifier:          IoHVV9DYCrO5Grhuy6uWC1Txx4DbsWhcZd4urXXRaTY=
Subject key identifier:   90:A0:CD:E0:66:38:21:FB:7D:F0:64:63:CB:E3:30:EF:69:07:5F:C8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4B7D068DB3F61B74C29675EE3AC670DE6F4F6AF6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49468.roa
Signing time:             Thu 08 Feb 2024 11:40:05 +0000
ROA not before:           Thu 08 Feb 2024 11:35:05 +0000
ROA not after:            Thu 06 Feb 2025 11:40:05 +0000
asID:                     49468
IP address blocks:        181.41.195.0/24 maxlen: 24
                          181.215.64.0/24 maxlen: 24
                          191.96.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:7d:06:8d:b3:f6:1b:74:c2:96:75:ee:3a:c6:70:de:6f:4f:6a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  8 11:35:05 2024 GMT
            Not After : Feb  6 11:40:05 2025 GMT
        Subject: CN=90A0CDE0663821FB7DF06463CBE330EF69075FC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5d:28:e1:83:ab:f0:f0:f5:4a:de:37:e7:c6:
                    7d:d8:e9:04:9f:88:f3:9e:ca:de:ef:1f:03:1c:06:
                    a1:54:e2:41:25:b2:23:54:6d:a2:1d:c3:7d:8e:b3:
                    3d:99:a8:79:78:15:76:17:c8:ff:1d:10:94:cb:5f:
                    ab:5d:81:11:ad:2a:c7:2a:9b:6a:5b:c2:bc:d4:65:
                    6b:72:ff:a8:27:05:44:79:d9:a4:54:20:8b:c1:8c:
                    d3:89:f4:91:d8:f7:cf:c5:4d:22:d0:31:eb:9e:f4:
                    e8:eb:f4:81:54:2b:a7:1f:72:5f:b9:bb:ab:4d:ba:
                    cb:d1:45:cf:16:12:eb:72:b6:64:3d:61:30:14:f8:
                    8f:07:b9:94:ff:85:5c:35:43:8d:b4:5e:c1:34:45:
                    2b:10:dc:a9:d5:a4:0c:1f:03:5e:a6:89:9c:72:94:
                    2c:6e:a5:6b:34:e3:60:c9:60:ea:b1:1f:95:8c:06:
                    d3:a0:0e:ca:70:56:38:17:9f:11:6b:b5:c5:5c:46:
                    17:db:7b:8f:de:e9:c9:b7:05:cd:ea:24:c3:15:76:
                    13:16:e5:83:8d:af:9d:4a:a9:0b:9e:b2:d7:f1:4a:
                    89:30:71:50:e4:87:5f:5c:a3:c4:9a:27:6c:72:b2:
                    cc:ae:69:05:db:22:06:0d:58:9f:18:01:a4:1e:cd:
                    ce:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:A0:CD:E0:66:38:21:FB:7D:F0:64:63:CB:E3:30:EF:69:07:5F:C8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49468.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.195.0/24
                  181.215.64.0/24
                  191.96.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ba:e0:0c:b3:5c:03:ea:95:9f:cf:07:29:0e:5d:99:76:94:
         c0:6e:72:ad:f0:38:f8:53:5e:50:9f:3a:98:d4:e1:94:73:9d:
         9b:6a:42:7e:1b:c7:67:27:eb:f0:05:2a:44:b1:e8:27:b0:e9:
         93:fc:94:af:89:4a:e7:41:8a:ba:57:19:91:03:ab:09:46:50:
         fe:5e:f8:ea:38:c1:6f:2b:7c:ad:40:1c:9b:7d:fe:d9:22:a6:
         50:91:d1:d5:06:88:da:4a:59:1a:09:c4:20:77:90:71:f4:7b:
         45:dc:3a:48:79:8c:80:c4:0d:cb:5b:8d:d3:5a:0c:c9:53:03:
         77:78:38:1a:b0:12:4f:5f:88:82:eb:5e:37:4e:39:01:85:c9:
         80:28:6e:63:29:2b:1a:87:68:fb:15:48:3e:e3:9e:6d:85:bb:
         5d:24:00:6d:a4:60:6d:e2:64:74:63:6b:c0:42:15:4a:1b:db:
         d9:74:7b:15:96:2d:f5:36:5b:b5:f4:79:0a:06:89:5c:09:4a:
         5e:e4:0c:28:9f:a8:2b:bb:22:27:40:3b:60:7b:aa:1b:3b:21:
         37:38:61:08:dc:1c:37:1d:dd:83:4d:66:9a:5c:b7:06:09:20:
         92:53:20:3c:14:9d:45:a9:69:48:c0:a1:73:61:31:ae:f0:22:
         f5:5c:78:10
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUS30GjbP2G3TClnXuOsZw3m9PavYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMDgxMTM1MDVaFw0yNTAyMDYxMTQwMDVaMDMxMTAvBgNV
BAMTKDkwQTBDREUwNjYzODIxRkI3REYwNjQ2M0NCRTMzMEVGNjkwNzVGQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTXSjhg6vw8PVK3jfnxn3Y6QSf
iPOeyt7vHwMcBqFU4kElsiNUbaIdw32Osz2ZqHl4FXYXyP8dEJTLX6tdgRGtKscq
m2pbwrzUZWty/6gnBUR52aRUIIvBjNOJ9JHY98/FTSLQMeue9Ojr9IFUK6cfcl+5
u6tNusvRRc8WEutytmQ9YTAU+I8HuZT/hVw1Q420XsE0RSsQ3KnVpAwfA16miZxy
lCxupWs042DJYOqxH5WMBtOgDspwVjgXnxFrtcVcRhfbe4/e6cm3Bc3qJMMVdhMW
5YONr51KqQuestfxSokwcVDkh19co8SaJ2xyssyuaQXbIgYNWJ8YAaQezc7/AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUkKDN4GY4Ift98GRjy+Mw72kHX8gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDk0Njgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAC1KcMD
BAC110ADBAC/YHQwDQYJKoZIhvcNAQELBQADggEBADW64AyzXAPqlZ/PBykOXZl2
lMBucq3wOPhTXlCfOpjU4ZRznZtqQn4bx2cn6/AFKkSx6Cew6ZP8lK+JSudBirpX
GZEDqwlGUP5e+Oo4wW8rfK1AHJt9/tkiplCR0dUGiNpKWRoJxCB3kHH0e0XcOkh5
jIDEDctbjdNaDMlTA3d4OBqwEk9fiILrXjdOOQGFyYAobmMpKxqHaPsVSD7jnm2F
u10kAG2kYG3iZHRja8BCFUob29l0exWWLfU2W7X0eQoGiVwJSl7kDCifqCu7IidA
O2B7qhs7ITc4YQjcHDcd3YNNZppctwYJIJJTIDwUnUWpaUjAoXNhMa7wIvVceBA=
-----END CERTIFICATE-----