Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa
File:                     AS49981.roa (raw, json)
Hash identifier:          3xaSy5qR4MdRv72i4TkZIsdJeNq3mIFKQRFO/38cHVE=
Subject key identifier:   82:35:42:63:97:D3:91:EA:55:F2:C2:0B:DD:50:5D:4E:81:20:3A:1F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       382E7B0B7FE0D041E2D793960D6DB6C38F72827B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa
Signing time:             Tue 26 Nov 2024 08:05:07 +0000
ROA not before:           Tue 26 Nov 2024 08:00:07 +0000
ROA not after:            Tue 25 Nov 2025 08:05:07 +0000
asID:                     49981
IP address blocks:        191.101.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:2e:7b:0b:7f:e0:d0:41:e2:d7:93:96:0d:6d:b6:c3:8f:72:82:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 26 08:00:07 2024 GMT
            Not After : Nov 25 08:05:07 2025 GMT
        Subject: CN=8235426397D391EA55F2C20BDD505D4E81203A1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fb:32:97:36:2f:0b:ac:0c:d0:50:a4:fb:32:
                    74:34:99:32:23:35:80:83:a3:db:0c:39:d1:f8:c4:
                    4b:a6:17:5d:41:77:b6:45:5a:da:a2:81:10:a8:fc:
                    64:6e:89:92:f6:af:5a:f5:ff:f4:67:75:cd:c6:81:
                    d1:da:2c:8c:ae:16:e2:62:09:53:db:08:62:52:b2:
                    b8:99:87:9c:f4:31:b5:70:80:a2:b0:89:a4:a6:06:
                    70:3c:cd:96:78:f9:10:38:be:78:1d:ae:49:3d:c3:
                    55:ae:b1:fd:11:af:71:59:c5:74:e8:e3:34:08:fc:
                    7e:58:3e:05:2a:a8:f0:5e:3f:31:05:49:94:04:d7:
                    2b:23:18:83:f1:fe:63:22:a5:c8:d3:97:bc:77:20:
                    c1:0b:6c:aa:7c:ce:6a:3f:72:7b:0f:9b:cd:fc:3d:
                    d2:23:00:62:28:c7:d6:ce:e1:83:6a:c7:c3:dd:f6:
                    97:b5:72:26:50:05:47:92:5a:86:dc:eb:dd:fd:82:
                    ba:ea:c2:f9:96:9c:6e:0c:00:09:c4:47:04:1e:58:
                    27:be:21:8e:9d:a1:0f:9a:d0:49:b7:d1:90:d9:bd:
                    a6:d6:21:fd:a3:8f:99:f5:ba:05:4b:80:29:af:bc:
                    84:d5:da:00:82:f0:c9:6c:ce:21:1c:4c:76:04:c2:
                    dd:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:35:42:63:97:D3:91:EA:55:F2:C2:0B:DD:50:5D:4E:81:20:3A:1F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:bc:b2:82:e4:76:b1:f0:ca:12:58:ba:ad:f1:c3:d5:8a:c9:
         da:95:ed:4c:13:85:77:56:dd:4d:ab:e3:60:92:c9:6f:cd:ac:
         2d:70:f0:f3:a8:f3:cf:d2:fa:49:81:2c:10:67:e2:f2:60:f6:
         23:77:cc:01:0a:eb:08:81:46:6c:a4:d6:a7:ab:0b:dc:67:59:
         b6:38:f7:cc:e0:00:65:44:0b:4d:ec:43:e9:9a:68:65:a1:bb:
         4b:ff:9f:64:72:30:97:dd:18:52:81:62:94:7a:7e:7e:da:f6:
         3e:9f:67:c7:7e:49:18:d5:ca:31:26:4a:26:45:f1:d0:63:9a:
         a3:dd:58:72:b6:f6:6d:3e:fc:48:13:31:e9:ad:55:0c:94:5d:
         28:bd:e2:d7:46:79:c5:bc:a3:03:a9:00:3f:99:47:8c:33:03:
         cd:b6:d6:76:bd:78:5c:a5:54:cc:d1:c0:02:4f:2c:24:ac:bc:
         63:af:34:f4:5d:45:13:26:9d:26:57:35:4b:02:63:c8:ac:02:
         4f:1f:34:35:b2:7e:f8:8f:14:dd:ab:93:3e:cb:31:83:75:31:
         f4:d5:97:fa:e4:17:b9:34:5c:c7:5e:68:b3:2d:a0:d0:68:00:
         2e:dc:73:d3:6b:a8:50:04:7d:d4:a9:48:96:1d:95:35:72:62:
         56:fa:00:50
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOC57C3/g0EHi15OWDW22w49ygnswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMjYwODAwMDdaFw0yNTExMjUwODA1MDdaMDMxMTAvBgNV
BAMTKDgyMzU0MjYzOTdEMzkxRUE1NUYyQzIwQkRENTA1RDRFODEyMDNBMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+zKXNi8LrAzQUKT7MnQ0mTIj
NYCDo9sMOdH4xEumF11Bd7ZFWtqigRCo/GRuiZL2r1r1//Rndc3GgdHaLIyuFuJi
CVPbCGJSsriZh5z0MbVwgKKwiaSmBnA8zZZ4+RA4vngdrkk9w1Wusf0Rr3FZxXTo
4zQI/H5YPgUqqPBePzEFSZQE1ysjGIPx/mMipcjTl7x3IMELbKp8zmo/cnsPm838
PdIjAGIox9bO4YNqx8Pd9pe1ciZQBUeSWobc6939grrqwvmWnG4MAAnERwQeWCe+
IY6doQ+a0Em30ZDZvabWIf2jj5n1ugVLgCmvvITV2gCC8MlsziEcTHYEwt3PAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUgjVCY5fTkepV8sIL3VBdToEgOh8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDk5ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZXEw
DQYJKoZIhvcNAQELBQADggEBAHu8soLkdrHwyhJYuq3xw9WKydqV7UwThXdW3U2r
42CSyW/NrC1w8POo88/S+kmBLBBn4vJg9iN3zAEK6wiBRmyk1qerC9xnWbY498zg
AGVEC03sQ+maaGWhu0v/n2RyMJfdGFKBYpR6fn7a9j6fZ8d+SRjVyjEmSiZF8dBj
mqPdWHK29m0+/EgTMemtVQyUXSi94tdGecW8owOpAD+ZR4wzA8221na9eFylVMzR
wAJPLCSsvGOvNPRdRRMmnSZXNUsCY8isAk8fNDWyfviPFN2rkz7LMYN1MfTVl/rk
F7k0XMdeaLMtoNBoAC7cc9NrqFAEfdSpSJYdlTVyYlb6AFA=
-----END CERTIFICATE-----