Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49901.roa
File:                     AS49901.roa (raw, json)
Hash identifier:          CU+J+FxLhkDLa1zzHjWkpLFOTgKvShDDMhz1ai7TXWg=
Subject key identifier:   FA:8E:EA:D4:F8:74:FC:08:EE:95:0E:0D:85:1C:47:C8:2A:2E:37:D9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4AB660B87101AEDA8453F7C3C8491A829EB75196
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49901.roa
Signing time:             Fri 03 Nov 2023 13:33:01 +0000
ROA not before:           Fri 03 Nov 2023 13:28:01 +0000
ROA not after:            Fri 01 Nov 2024 13:33:01 +0000
asID:                     49901
IP address blocks:        191.96.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:b6:60:b8:71:01:ae:da:84:53:f7:c3:c8:49:1a:82:9e:b7:51:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  3 13:28:01 2023 GMT
            Not After : Nov  1 13:33:01 2024 GMT
        Subject: CN=FA8EEAD4F874FC08EE950E0D851C47C82A2E37D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:91:9b:f4:9f:3d:bf:89:74:77:f6:8c:d3:2b:
                    2d:94:3e:b2:51:4d:49:c6:68:eb:9f:1f:b0:93:e3:
                    1a:ef:18:f9:bc:ac:46:41:b8:4c:ec:e9:a8:11:91:
                    98:59:56:8d:6a:eb:9b:45:46:7b:33:f5:0b:c5:14:
                    69:7d:cf:62:d0:ea:41:bc:1d:35:ce:22:a4:17:dc:
                    fb:3c:67:74:5a:f7:33:58:cb:1b:0c:ab:67:20:0f:
                    06:79:63:6e:f5:7e:c4:7a:2d:8a:95:96:6c:be:98:
                    19:08:ad:ad:ca:aa:ab:07:47:fb:36:da:a7:7a:78:
                    0b:18:61:9a:92:68:ef:01:67:be:c8:0e:d5:0a:0c:
                    52:df:5c:96:23:90:ec:f2:15:9a:04:be:c7:cf:95:
                    ad:6a:bb:86:15:18:69:d1:5e:22:8e:9e:97:5a:6e:
                    2e:55:1c:82:a9:20:36:2d:d9:eb:0b:ad:84:db:b9:
                    6f:93:22:d5:1b:f8:44:eb:29:66:1b:42:44:5d:6c:
                    9b:93:e3:29:8e:fd:2f:21:ca:31:ef:bb:39:a2:1a:
                    58:26:5e:bc:73:45:70:cf:7c:c6:08:35:57:e8:a1:
                    73:f8:cd:95:4d:bf:a9:8e:d8:da:0e:4c:66:4f:96:
                    57:9d:d2:57:9a:fe:9c:0c:4c:44:56:26:48:33:4d:
                    e5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:8E:EA:D4:F8:74:FC:08:EE:95:0E:0D:85:1C:47:C8:2A:2E:37:D9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49901.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:77:5e:21:ef:c6:4f:32:1e:eb:c1:0f:48:9d:3e:bf:73:58:
         ff:b9:e1:51:c9:65:7a:3c:2d:8c:dd:58:8f:bf:b5:09:22:27:
         89:fd:34:d5:b8:b3:41:ea:59:7c:c2:7c:7e:de:80:77:6a:85:
         56:ba:04:22:e1:01:5a:8c:d4:0f:7c:11:b3:0d:cd:46:eb:59:
         0f:dc:ef:22:3b:f2:28:25:cf:1d:19:b5:f7:ee:1a:91:12:9f:
         49:fd:c2:cb:16:d3:a7:45:4c:3d:f8:f1:ae:d7:69:3e:06:97:
         41:a3:3b:b6:14:8e:9c:7b:7f:c3:25:e8:37:cb:d2:4c:20:77:
         2a:2d:76:32:35:fa:24:ae:46:ed:78:6f:68:94:69:6f:59:b7:
         2b:3c:5e:1c:ab:a2:8e:cc:2f:23:9d:c1:d8:d3:97:db:49:5a:
         a6:e7:63:cc:c4:b7:6d:83:fd:61:6a:86:24:7c:59:da:85:4d:
         1f:26:62:9a:f8:f3:1e:ae:5c:ab:1a:01:0b:44:b4:9d:e2:8c:
         a7:bd:78:39:78:c4:0d:69:7e:ec:37:59:c0:36:ce:55:55:99:
         22:9b:5e:f1:b1:c6:4a:7e:93:53:a8:6d:e9:53:54:5c:c1:ca:
         af:42:37:db:15:95:0d:a8:7e:b9:5c:5e:ea:84:2a:fb:5a:de:
         06:a5:f8:f7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSrZguHEBrtqEU/fDyEkagp63UZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzExMDMxMzI4MDFaFw0yNDExMDExMzMzMDFaMDMxMTAvBgNV
BAMTKEZBOEVFQUQ0Rjg3NEZDMDhFRTk1MEUwRDg1MUM0N0M4MkEyRTM3RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUkZv0nz2/iXR39ozTKy2UPrJR
TUnGaOufH7CT4xrvGPm8rEZBuEzs6agRkZhZVo1q65tFRnsz9QvFFGl9z2LQ6kG8
HTXOIqQX3Ps8Z3Ra9zNYyxsMq2cgDwZ5Y271fsR6LYqVlmy+mBkIra3KqqsHR/s2
2qd6eAsYYZqSaO8BZ77IDtUKDFLfXJYjkOzyFZoEvsfPla1qu4YVGGnRXiKOnpda
bi5VHIKpIDYt2esLrYTbuW+TItUb+ETrKWYbQkRdbJuT4ymO/S8hyjHvuzmiGlgm
XrxzRXDPfMYINVfooXP4zZVNv6mO2NoOTGZPlled0lea/pwMTERWJkgzTeWzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+o7q1Ph0/AjulQ4NhRxHyCouN9kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDk5MDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YB0w
DQYJKoZIhvcNAQELBQADggEBAJt3XiHvxk8yHuvBD0idPr9zWP+54VHJZXo8LYzd
WI+/tQkiJ4n9NNW4s0HqWXzCfH7egHdqhVa6BCLhAVqM1A98EbMNzUbrWQ/c7yI7
8iglzx0ZtffuGpESn0n9wssW06dFTD348a7XaT4Gl0GjO7YUjpx7f8Ml6DfL0kwg
dyotdjI1+iSuRu14b2iUaW9Ztys8Xhyroo7MLyOdwdjTl9tJWqbnY8zEt22D/WFq
hiR8WdqFTR8mYpr48x6uXKsaAQtEtJ3ijKe9eDl4xA1pfuw3WcA2zlVVmSKbXvGx
xkp+k1OobelTVFzByq9CN9sVlQ2ofrlcXuqEKvta3gal+Pc=
-----END CERTIFICATE-----