Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49608.roa
File:                     AS49608.roa (raw, json)
Hash identifier:          Z4mUZjjz1O5xlvKU9PQzF/eEKeO1WP6olEQg6ZgZiHc=
Subject key identifier:   F3:03:74:6B:14:F5:0D:1F:13:E5:B8:BB:0B:0B:8E:72:B7:E0:21:88
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       74EE0393C9C83F644414CA1D98A4BDC513DA0B95
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49608.roa
Signing time:             Thu 21 May 2026 11:36:48 +0000
ROA not before:           Thu 21 May 2026 11:31:48 +0000
ROA not after:            Thu 20 May 2027 11:36:48 +0000
asID:                     49608
IP address blocks:        82.26.129.0/24 maxlen: 24
                          82.47.18.0/24 maxlen: 24
                          84.75.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:ee:03:93:c9:c8:3f:64:44:14:ca:1d:98:a4:bd:c5:13:da:0b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 21 11:31:48 2026 GMT
            Not After : May 20 11:36:48 2027 GMT
        Subject: CN=F303746B14F50D1F13E5B8BB0B0B8E72B7E02188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:71:18:65:a4:6d:70:d1:f5:b9:c0:1f:ff:51:
                    45:4b:77:78:64:0a:8b:12:5a:d4:71:23:a3:ae:30:
                    43:4b:5d:4c:3f:8f:59:c6:17:27:af:99:37:13:73:
                    28:7f:be:07:65:cb:f7:f7:aa:c4:94:72:11:f1:c1:
                    ed:ad:92:1a:82:78:5f:8d:4f:0a:80:b6:14:c4:b8:
                    f1:4c:46:ad:56:3d:f2:cf:a5:c6:59:04:39:e5:b0:
                    b5:c0:02:ef:cc:da:dd:86:41:1e:a9:79:21:2a:2c:
                    0c:a9:d0:fb:f0:03:24:2c:cf:1d:16:12:27:62:e0:
                    b0:11:c4:6f:6c:db:11:28:72:d0:45:5f:d1:6b:88:
                    88:02:cc:e1:09:ba:e6:a6:30:b4:bd:97:e0:ce:76:
                    a0:84:12:e0:06:8b:73:69:dd:3c:86:90:6f:c8:54:
                    45:98:23:34:75:69:d7:05:12:e7:65:64:99:2c:79:
                    34:90:23:f7:0c:1d:be:ef:b5:95:12:f7:dc:c2:d8:
                    eb:e4:51:ce:bb:dc:45:89:07:5b:00:43:d5:ee:4c:
                    2b:05:fa:3c:df:49:7f:77:9c:40:59:fa:ad:a3:d7:
                    48:ce:d5:3e:81:3d:4d:d3:56:0e:01:43:60:26:76:
                    07:41:93:62:ee:c2:9b:a5:98:57:9c:cf:f7:80:da:
                    61:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:03:74:6B:14:F5:0D:1F:13:E5:B8:BB:0B:0B:8E:72:B7:E0:21:88
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.129.0/24
                  82.47.18.0/24
                  84.75.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:f4:c7:4f:f2:5d:f5:fe:f2:30:20:41:52:61:fb:99:64:29:
         41:f9:d1:f4:d8:13:f4:b7:1d:e1:cb:2a:63:a3:e4:8d:52:0b:
         eb:93:31:f2:a9:87:02:16:15:14:b4:36:df:36:37:ab:e1:1c:
         1e:79:12:87:40:9e:d7:0f:65:07:c7:9e:6b:4c:88:e7:67:a6:
         ec:f9:4d:23:8f:87:51:41:7e:f6:96:c6:55:19:68:b9:ee:49:
         82:77:1b:aa:1b:c6:30:d6:2e:bf:d9:0e:4c:0c:6e:81:5e:4e:
         d1:c4:d2:1b:15:b5:02:48:c1:36:9e:a0:ec:86:60:a9:9c:8b:
         54:72:14:45:66:2e:5d:f7:5d:37:b9:97:92:32:ba:b5:49:bf:
         34:1d:78:f1:e1:9e:02:7c:39:67:21:10:a9:84:19:20:21:bd:
         e9:4c:c3:32:cb:e5:20:de:d9:1f:44:75:87:95:0e:60:62:bb:
         d0:5e:7c:eb:fd:36:6f:2c:29:22:08:81:80:eb:64:fc:86:5c:
         31:f1:3b:15:d9:b5:65:68:33:a3:ee:67:5b:15:e8:c7:7c:32:
         a0:89:28:91:be:0a:6a:83:11:e7:fc:40:fd:3d:59:55:5e:27:
         4f:24:80:45:fc:c5:7c:2c:3b:7e:74:0f:c0:d0:08:4f:0b:02:
         af:29:03:50
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUdO4Dk8nIP2REFModmKS9xRPaC5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjExMTMxNDhaFw0yNzA1MjAxMTM2NDhaMDMxMTAvBgNV
BAMTKEYzMDM3NDZCMTRGNTBEMUYxM0U1QjhCQjBCMEI4RTcyQjdFMDIxODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPcRhlpG1w0fW5wB//UUVLd3hk
CosSWtRxI6OuMENLXUw/j1nGFyevmTcTcyh/vgdly/f3qsSUchHxwe2tkhqCeF+N
TwqAthTEuPFMRq1WPfLPpcZZBDnlsLXAAu/M2t2GQR6peSEqLAyp0PvwAyQszx0W
Eidi4LARxG9s2xEoctBFX9FriIgCzOEJuuamMLS9l+DOdqCEEuAGi3Np3TyGkG/I
VEWYIzR1adcFEudlZJkseTSQI/cMHb7vtZUS99zC2OvkUc673EWJB1sAQ9XuTCsF
+jzfSX93nEBZ+q2j10jO1T6BPU3TVg4BQ2AmdgdBk2LuwpulmFecz/eA2mGJAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU8wN0axT1DR8T5bi7CwuOcrfgIYgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDk2MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSGoED
BABSLxIDBABUS9kwDQYJKoZIhvcNAQELBQADggEBABX0x0/yXfX+8jAgQVJh+5lk
KUH50fTYE/S3HeHLKmOj5I1SC+uTMfKphwIWFRS0Nt82N6vhHB55EodAntcPZQfH
nmtMiOdnpuz5TSOPh1FBfvaWxlUZaLnuSYJ3G6obxjDWLr/ZDkwMboFeTtHE0hsV
tQJIwTaeoOyGYKmci1RyFEVmLl33XTe5l5IyurVJvzQdePHhngJ8OWchEKmEGSAh
velMwzLL5SDe2R9EdYeVDmBiu9BefOv9Nm8sKSIIgYDrZPyGXDHxOxXZtWVoM6Pu
Z1sV6Md8MqCJKJG+CmqDEef8QP09WVVeJ08kgEX8xXwsO350D8DQCE8LAq8pA1A=
-----END CERTIFICATE-----