Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49981.roa
File:                     AS49981.roa (raw, json)
Hash identifier:          +r2D5jqCGUH3/Us4d6BY99VUHylFYdH2RDEecur8k4s=
Subject key identifier:   EE:79:6B:D5:82:2D:D0:B6:E8:B5:24:6B:D4:05:B5:B9:E3:3D:44:CA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0B1F61EEE9063C1C4899FF51AA90F1867775A2F8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49981.roa
Signing time:             Thu 16 Jan 2025 07:38:36 +0000
ROA not before:           Thu 16 Jan 2025 07:33:36 +0000
ROA not after:            Thu 15 Jan 2026 07:38:36 +0000
asID:                     49981
IP address blocks:        82.29.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:1f:61:ee:e9:06:3c:1c:48:99:ff:51:aa:90:f1:86:77:75:a2:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 16 07:33:36 2025 GMT
            Not After : Jan 15 07:38:36 2026 GMT
        Subject: CN=EE796BD5822DD0B6E8B5246BD405B5B9E33D44CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ae:f1:61:d8:3f:07:70:32:88:82:1b:5e:45:
                    4c:40:2f:14:62:31:f8:78:6e:99:68:20:c2:bf:ca:
                    95:b7:49:a1:4e:66:78:52:83:03:96:f1:e2:90:8a:
                    eb:78:6d:1a:32:36:c2:34:bf:44:51:d6:53:6f:d5:
                    8d:6b:57:d9:a4:62:e2:cc:d9:48:37:62:dc:35:fb:
                    19:21:c5:28:5c:35:d1:eb:f4:87:13:ed:ca:3e:6d:
                    9a:34:28:77:9a:0d:82:5b:7d:37:de:9c:31:6c:88:
                    f1:c3:24:26:37:d3:62:a8:e1:73:52:c7:f5:88:c5:
                    81:5b:4e:3b:e5:0c:79:37:12:94:6c:c3:5a:8d:03:
                    24:04:ab:58:97:45:71:ba:ea:7d:e3:a5:07:b8:69:
                    ae:22:4d:7f:96:59:1b:e2:1f:3c:82:f7:f1:87:a6:
                    ff:66:4b:12:8f:e1:09:f9:a8:cb:61:9d:2a:51:dc:
                    63:fe:20:17:12:a7:5a:e1:61:22:65:8e:65:25:de:
                    1d:ce:2c:88:08:a9:6e:ad:cb:59:12:fd:fe:38:d2:
                    14:7e:86:f3:c4:de:a0:67:a1:19:53:36:b9:a6:ea:
                    e9:09:f1:7d:ad:74:08:1c:4c:02:1d:ef:1c:96:33:
                    4a:fc:55:8b:8a:57:51:23:6d:fc:c9:53:50:f8:b5:
                    2c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:79:6B:D5:82:2D:D0:B6:E8:B5:24:6B:D4:05:B5:B9:E3:3D:44:CA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49981.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:75:20:ff:26:e7:62:b3:82:99:4b:45:48:7d:08:34:ee:66:
         05:78:d4:fc:17:30:ab:8a:d0:e7:23:7a:c0:bb:12:9b:05:35:
         5e:d7:10:fe:be:3c:30:cc:c3:98:a7:81:c2:95:57:c5:6b:8b:
         e9:7f:4b:8b:6f:bf:16:b5:2b:12:58:92:b7:20:34:76:c4:b2:
         27:d8:c5:6c:93:52:a0:ab:21:51:da:c2:cc:77:4b:3f:34:60:
         92:a7:40:f0:ac:89:a2:06:70:e8:29:14:21:eb:b5:81:30:5c:
         41:20:db:ba:2f:bb:8c:77:48:a5:8b:56:79:97:11:05:01:57:
         cd:93:86:df:d3:eb:d8:af:1d:40:c4:d0:80:96:c2:de:11:d2:
         32:4e:d4:e9:7b:69:03:d9:1e:60:65:27:ac:88:07:87:89:be:
         f8:c1:e9:67:ab:97:b1:70:5f:49:20:b7:0b:4e:9c:5e:d6:1b:
         03:30:fd:08:22:f3:ba:3e:09:7f:12:4e:fc:92:75:fa:ef:c5:
         96:4b:20:85:0a:18:50:ed:60:41:68:9e:55:93:4a:e3:b3:4a:
         ff:95:57:52:85:50:19:7b:5b:c6:d8:b2:a1:4a:6c:c4:ef:0e:
         ef:ab:4d:2c:0a:45:38:b7:81:44:07:69:c5:39:fb:5a:9f:32:
         e8:ca:15:74
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCx9h7ukGPBxImf9RqpDxhnd1ovgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTYwNzMzMzZaFw0yNjAxMTUwNzM4MzZaMDMxMTAvBgNV
BAMTKEVFNzk2QkQ1ODIyREQwQjZFOEI1MjQ2QkQ0MDVCNUI5RTMzRDQ0Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbrvFh2D8HcDKIghteRUxALxRi
Mfh4bploIMK/ypW3SaFOZnhSgwOW8eKQiut4bRoyNsI0v0RR1lNv1Y1rV9mkYuLM
2Ug3Ytw1+xkhxShcNdHr9IcT7co+bZo0KHeaDYJbfTfenDFsiPHDJCY302Ko4XNS
x/WIxYFbTjvlDHk3EpRsw1qNAyQEq1iXRXG66n3jpQe4aa4iTX+WWRviHzyC9/GH
pv9mSxKP4Qn5qMthnSpR3GP+IBcSp1rhYSJljmUl3h3OLIgIqW6ty1kS/f440hR+
hvPE3qBnoRlTNrmm6ukJ8X2tdAgcTAId7xyWM0r8VYuKV1EjbfzJU1D4tSyjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU7nlr1YIt0LbotSRr1AW1ueM9RMowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDk5ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSHWww
DQYJKoZIhvcNAQELBQADggEBAKR1IP8m52KzgplLRUh9CDTuZgV41PwXMKuK0Ocj
esC7EpsFNV7XEP6+PDDMw5ingcKVV8Vri+l/S4tvvxa1KxJYkrcgNHbEsifYxWyT
UqCrIVHawsx3Sz80YJKnQPCsiaIGcOgpFCHrtYEwXEEg27ovu4x3SKWLVnmXEQUB
V82Tht/T69ivHUDE0ICWwt4R0jJO1Ol7aQPZHmBlJ6yIB4eJvvjB6Werl7FwX0kg
twtOnF7WGwMw/Qgi87o+CX8STvySdfrvxZZLIIUKGFDtYEFonlWTSuOzSv+VV1KF
UBl7W8bYsqFKbMTvDu+rTSwKRTi3gUQHacU5+1qfMujKFXQ=
-----END CERTIFICATE-----