Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49608.roa
File:                     AS49608.roa (raw, json)
Hash identifier:          jhca4/4uKaJonzaFImmJ+y9jT4/xX+6p+rPHusoK+aw=
Subject key identifier:   19:E2:7B:1C:38:F3:E4:79:66:0F:5A:F3:85:C5:D1:B1:47:4B:47:FA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       11B1FD9D02ED2A86442831F8A6E21251431CBA83
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49608.roa
Signing time:             Thu 11 Sep 2025 16:23:35 +0000
ROA not before:           Thu 11 Sep 2025 16:18:35 +0000
ROA not after:            Thu 10 Sep 2026 16:23:35 +0000
asID:                     49608
IP address blocks:        2a13:9500:dd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 15:59:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b1:fd:9d:02:ed:2a:86:44:28:31:f8:a6:e2:12:51:43:1c:ba:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 11 16:18:35 2025 GMT
            Not After : Sep 10 16:23:35 2026 GMT
        Subject: CN=19E27B1C38F3E479660F5AF385C5D1B1474B47FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4e:35:a3:e5:6f:18:ef:a2:3d:70:72:cc:94:
                    e4:bc:a5:bf:fe:ad:eb:12:9b:90:a9:0f:45:03:74:
                    f8:bb:05:67:65:3e:03:cd:34:72:c9:03:dd:b2:a2:
                    05:1e:5b:4d:6a:07:37:cf:c5:f0:12:3f:3a:ff:a0:
                    de:a1:8f:28:32:7b:6b:36:7e:e3:a6:cb:f6:ba:c2:
                    cb:27:53:fd:14:be:12:af:fa:a9:77:b8:42:33:ee:
                    c6:0e:cd:ca:13:9f:ed:9d:d4:16:ff:38:69:e8:68:
                    93:59:aa:cb:dc:1f:27:af:01:7e:0c:15:dd:eb:cb:
                    de:f0:49:2f:1e:0a:a2:00:4d:20:bf:67:81:bc:87:
                    74:88:a2:cc:4f:9f:43:ce:81:c4:d9:47:a3:50:01:
                    26:71:92:48:80:37:46:8b:d0:a3:02:e0:19:b3:af:
                    b9:bb:25:cb:cd:d7:d2:38:e6:a1:95:93:a0:aa:0c:
                    64:fc:fe:77:24:54:05:97:6b:e4:b9:09:de:bb:de:
                    49:ca:08:47:21:c4:ee:03:8c:c3:a4:9d:f5:20:5a:
                    19:af:61:a5:57:b0:01:44:86:e1:fc:c8:49:49:c6:
                    81:32:79:4e:b5:40:58:96:91:ee:f5:a2:99:8a:56:
                    b8:39:29:77:50:1a:00:31:40:30:1b:68:da:48:f1:
                    c6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E2:7B:1C:38:F3:E4:79:66:0F:5A:F3:85:C5:D1:B1:47:4B:47:FA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:dd::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:de:8f:46:47:76:57:63:17:5e:54:c7:93:85:26:44:31:73:
         a5:41:d2:10:ab:d4:fb:7e:c8:48:ba:0e:76:04:b3:95:31:19:
         3a:ba:a5:98:05:02:01:a5:80:cf:a4:3e:31:1e:d0:03:4e:35:
         f7:17:44:fa:c8:1e:9f:09:e5:0d:8c:d0:df:0b:21:cc:1f:33:
         50:64:ac:5c:8f:10:6a:b4:cf:50:b6:c4:0b:da:87:7c:78:fd:
         3a:05:36:3f:88:14:2d:b8:d3:1f:52:3a:c9:b6:ae:a7:45:08:
         e8:0b:80:14:ab:c9:e8:7e:2a:0b:61:d0:9e:8c:aa:a1:a8:3a:
         86:85:95:bf:9d:f0:c9:c3:e0:ad:5f:d4:45:f6:05:68:14:9b:
         fd:3c:a3:e5:73:77:8e:76:00:12:1c:36:0a:af:c2:14:44:ec:
         cb:c5:32:07:1f:4f:d5:3e:11:ab:89:c1:01:13:b6:e2:ec:9a:
         8a:37:22:11:cf:2a:43:da:40:a1:21:3c:04:9e:90:1e:45:f9:
         ad:b4:77:43:9b:eb:af:e7:ab:ff:f9:80:53:68:4c:bd:15:4e:
         fe:51:67:cb:fb:96:59:55:b2:a0:58:03:50:dd:d6:fc:33:f9:
         24:20:b1:e7:9f:77:45:e8:32:05:17:d1:cf:e2:e0:f6:ce:79:
         5d:81:b2:4d
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUEbH9nQLtKoZEKDH4puISUUMcuoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MTExNjE4MzVaFw0yNjA5MTAxNjIzMzVaMDMxMTAvBgNV
BAMTKDE5RTI3QjFDMzhGM0U0Nzk2NjBGNUFGMzg1QzVEMUIxNDc0QjQ3RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTjWj5W8Y76I9cHLMlOS8pb/+
resSm5CpD0UDdPi7BWdlPgPNNHLJA92yogUeW01qBzfPxfASPzr/oN6hjygye2s2
fuOmy/a6wssnU/0UvhKv+ql3uEIz7sYOzcoTn+2d1Bb/OGnoaJNZqsvcHyevAX4M
Fd3ry97wSS8eCqIATSC/Z4G8h3SIosxPn0POgcTZR6NQASZxkkiAN0aL0KMC4Bmz
r7m7JcvN19I45qGVk6CqDGT8/nckVAWXa+S5Cd673knKCEchxO4DjMOknfUgWhmv
YaVXsAFEhuH8yElJxoEyeU61QFiWke71opmKVrg5KXdQGgAxQDAbaNpI8cZzAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUGeJ7HDjz5HlmD1rzhcXRsUdLR/owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDk2MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AN0wDQYJKoZIhvcNAQELBQADggEBAFTej0ZHdldjF15Ux5OFJkQxc6VB0hCr1Pt+
yEi6DnYEs5UxGTq6pZgFAgGlgM+kPjEe0ANONfcXRPrIHp8J5Q2M0N8LIcwfM1Bk
rFyPEGq0z1C2xAvah3x4/ToFNj+IFC240x9SOsm2rqdFCOgLgBSryeh+Kgth0J6M
qqGoOoaFlb+d8MnD4K1f1EX2BWgUm/08o+Vzd452ABIcNgqvwhRE7MvFMgcfT9U+
EauJwQETtuLsmoo3IhHPKkPaQKEhPASekB5F+a20d0Ob66/nq//5gFNoTL0VTv5R
Z8v7lllVsqBYA1Dd1vwz+SQgseefd0XoMgUX0c/i4PbOeV2Bsk0=
-----END CERTIFICATE-----