Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa
File:                     AS49981.roa (raw, json)
Hash identifier:          /CSy+CEQ88+gCtZRRuC7SB9M4E/l/4VHHiy9J53PYOE=
Subject key identifier:   E3:DF:3A:AA:F7:81:2F:3E:C1:21:F3:CC:77:50:5D:73:2F:D7:A4:79
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       20EF82F4B8067C072496571F5BB2109A9DA4DA16
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa
Signing time:             Mon 01 Apr 2024 10:04:39 +0000
ROA not before:           Mon 01 Apr 2024 09:59:39 +0000
ROA not after:            Mon 31 Mar 2025 10:04:39 +0000
asID:                     49981
IP address blocks:        45.89.253.0/24 maxlen: 24
                          191.101.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:ef:82:f4:b8:06:7c:07:24:96:57:1f:5b:b2:10:9a:9d:a4:da:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  1 09:59:39 2024 GMT
            Not After : Mar 31 10:04:39 2025 GMT
        Subject: CN=E3DF3AAAF7812F3EC121F3CC77505D732FD7A479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f0:6b:83:cb:ef:0c:21:8c:37:36:26:54:3d:
                    c2:39:80:36:e4:ff:f6:c6:54:50:4e:8c:ed:18:c0:
                    4b:db:f9:43:7c:b1:62:95:77:da:db:7f:05:8c:72:
                    11:da:d4:3f:c6:e2:8b:55:f5:e1:1b:58:cd:c7:fa:
                    56:4f:18:0a:e9:ed:9f:2e:71:50:76:3a:fa:28:61:
                    f5:2b:9f:dc:da:bc:60:cb:fe:52:86:4f:21:30:78:
                    c6:28:3e:33:93:00:1f:79:a7:d8:88:24:fb:05:3c:
                    dd:cf:36:38:cd:2c:22:f3:48:6c:08:0e:29:ca:d7:
                    d9:3b:d8:64:56:0e:3d:9f:b4:06:20:96:d9:9b:c5:
                    fb:92:b2:3e:4f:da:ac:38:b2:c5:d4:3b:ba:35:3c:
                    67:c8:b8:3f:cb:a2:62:7e:fd:a3:d1:2b:48:1f:33:
                    ee:af:5b:6f:ce:84:a4:52:54:75:1d:e9:01:6d:fd:
                    ea:e7:ef:55:d9:f0:45:c4:f8:2f:e1:74:40:7c:42:
                    7b:eb:06:76:c0:aa:49:b1:32:aa:b7:27:2e:fa:78:
                    c3:0d:63:7d:0c:f7:15:66:7c:23:81:11:5b:89:a3:
                    23:44:98:40:11:1a:d3:16:fd:58:42:ab:b0:56:b8:
                    48:ba:b2:48:77:8b:36:08:77:e8:0d:0f:12:23:65:
                    9c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:DF:3A:AA:F7:81:2F:3E:C1:21:F3:CC:77:50:5D:73:2F:D7:A4:79
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.253.0/24
                  191.101.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:9a:e4:a3:88:42:e1:9f:38:5c:60:5d:f7:2b:c1:3a:29:ab:
         93:b5:00:bb:8c:c3:84:fb:a5:49:93:7f:b8:f8:cc:b4:a3:98:
         6f:a4:b0:af:4b:f8:84:bb:aa:bf:2c:8d:aa:9c:f9:47:31:1d:
         2d:a3:7e:7a:21:c0:d3:a2:82:05:e5:b5:be:d6:53:9b:34:3c:
         57:46:da:a9:db:4d:ec:c4:56:fb:0e:dc:15:54:d2:53:09:80:
         d7:6e:c7:aa:2a:a2:b6:c9:ed:da:02:a0:ef:08:88:b8:a1:ee:
         2c:0e:fc:54:c2:cb:ab:29:9a:2d:f7:5d:dc:22:0b:f0:c7:86:
         e4:13:90:05:10:04:4e:fe:66:ef:0f:a9:95:e4:cc:c5:12:fa:
         c4:ca:71:2b:5e:2d:00:41:2d:6c:26:98:88:53:cd:ba:28:27:
         99:dc:11:6d:a9:8e:05:7c:d1:5e:ad:38:64:8b:58:7f:ee:9c:
         80:2f:75:e1:89:13:9f:2b:e6:7f:5f:7e:fa:fd:00:c7:72:fd:
         f1:38:d9:01:14:25:e3:53:e8:b2:27:67:09:8f:ce:97:7d:17:
         52:18:88:bb:a8:f4:34:60:51:0d:91:31:ea:45:6e:96:aa:72:
         ea:4f:07:8e:2f:0c:01:9e:06:0a:d0:9c:80:cd:67:3f:1f:83:
         a6:e2:f7:21
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUIO+C9LgGfAckllcfW7IQmp2k2hYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MDEwOTU5MzlaFw0yNTAzMzExMDA0MzlaMDMxMTAvBgNV
BAMTKEUzREYzQUFBRjc4MTJGM0VDMTIxRjNDQzc3NTA1RDczMkZEN0E0NzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj8GuDy+8MIYw3NiZUPcI5gDbk
//bGVFBOjO0YwEvb+UN8sWKVd9rbfwWMchHa1D/G4otV9eEbWM3H+lZPGArp7Z8u
cVB2OvooYfUrn9zavGDL/lKGTyEweMYoPjOTAB95p9iIJPsFPN3PNjjNLCLzSGwI
DinK19k72GRWDj2ftAYgltmbxfuSsj5P2qw4ssXUO7o1PGfIuD/LomJ+/aPRK0gf
M+6vW2/OhKRSVHUd6QFt/ern71XZ8EXE+C/hdEB8QnvrBnbAqkmxMqq3Jy76eMMN
Y30M9xVmfCOBEVuJoyNEmEARGtMW/VhCq7BWuEi6skh3izYId+gNDxIjZZzFAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU4986qveBLz7BIfPMd1Bdcy/XpHkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDk5ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtWf0D
BAC/ZXEwDQYJKoZIhvcNAQELBQADggEBAIqa5KOIQuGfOFxgXfcrwTopq5O1ALuM
w4T7pUmTf7j4zLSjmG+ksK9L+IS7qr8sjaqc+UcxHS2jfnohwNOiggXltb7WU5s0
PFdG2qnbTezEVvsO3BVU0lMJgNdux6oqorbJ7doCoO8IiLih7iwO/FTCy6spmi33
XdwiC/DHhuQTkAUQBE7+Zu8PqZXkzMUS+sTKcSteLQBBLWwmmIhTzbooJ5ncEW2p
jgV80V6tOGSLWH/unIAvdeGJE58r5n9ffvr9AMdy/fE42QEUJeNT6LInZwmPzpd9
F1IYiLuo9DRgUQ2RMepFbpaqcupPB44vDAGeBgrQnIDNZz8fg6bi9yE=
-----END CERTIFICATE-----