Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49678.roa
File:                     AS49678.roa (raw, json)
Hash identifier:          UiMGTvYX1O13kZSXufh9qK3N42Mi1ZlXOs9Le7OVjHg=
Subject key identifier:   B9:D5:2F:2B:CB:CB:41:83:F5:86:18:A3:0A:35:03:A7:CA:B9:AF:25
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       138A6992231F09FC5B8F8F96154FF91ADE52BA23
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49678.roa
Signing time:             Thu 04 Jun 2026 15:47:29 +0000
ROA not before:           Thu 04 Jun 2026 15:42:29 +0000
ROA not after:            Thu 03 Jun 2027 15:47:29 +0000
asID:                     49678
IP address blocks:        141.11.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:8a:69:92:23:1f:09:fc:5b:8f:8f:96:15:4f:f9:1a:de:52:ba:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  4 15:42:29 2026 GMT
            Not After : Jun  3 15:47:29 2027 GMT
        Subject: CN=B9D52F2BCBCB4183F58618A30A3503A7CAB9AF25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5f:29:f3:1b:5e:61:ae:f2:75:b4:1d:a7:b9:
                    9c:ae:01:c2:44:e2:71:be:e4:eb:62:af:3e:e1:a3:
                    2a:86:1a:97:72:9e:7f:39:2b:40:cf:e5:72:53:88:
                    eb:6e:d3:14:10:ad:e9:a0:8e:57:3e:59:90:a8:d5:
                    ff:09:24:35:3a:73:e5:77:b2:27:27:65:ac:75:32:
                    85:1f:9a:93:ae:49:01:30:7c:8d:82:8e:a2:64:e8:
                    a2:7f:c9:9b:fb:92:78:1f:83:58:dd:e7:35:9d:f3:
                    de:46:b9:73:4b:29:8a:90:f3:71:b7:f2:e8:43:0d:
                    71:a3:7e:02:72:c9:9b:07:ef:69:d6:49:14:d0:72:
                    fd:38:0b:cf:92:c2:83:f4:69:df:b6:b5:a5:6c:0a:
                    33:c8:1b:43:2f:19:70:30:b3:1c:cb:fe:ef:8c:62:
                    d5:1a:0f:f1:59:70:0f:60:82:47:6e:54:81:33:f2:
                    c2:04:fb:5f:3b:1b:ce:74:2d:38:44:8d:1e:e3:dd:
                    4c:c2:8b:af:06:79:16:6e:31:e9:db:f3:02:2d:de:
                    1c:a3:a1:e4:67:6c:bd:b0:c2:55:1b:54:90:4e:c7:
                    3c:a6:cb:eb:b3:95:aa:ba:e7:af:04:32:ac:77:ea:
                    37:68:78:1a:f2:01:37:16:f1:e3:f1:36:b6:32:fc:
                    b9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D5:2F:2B:CB:CB:41:83:F5:86:18:A3:0A:35:03:A7:CA:B9:AF:25
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:be:97:11:8b:bf:86:5f:25:e4:45:03:14:c9:4f:69:19:f0:
         fe:61:09:72:1e:71:98:74:bf:15:fb:d1:50:9a:a3:d4:7b:72:
         4f:70:19:9d:1b:8b:dd:0e:87:e7:80:ee:4f:4a:d3:b5:93:f5:
         2a:6a:b1:28:bb:e3:9c:36:9c:cb:c7:ae:64:3a:30:6b:dc:54:
         66:6f:91:b5:71:47:21:36:78:1a:15:03:55:85:54:dc:c7:bf:
         1b:58:8b:15:06:04:25:97:9c:46:ee:c0:98:38:c6:ef:5c:f4:
         f7:0b:eb:b5:ed:4c:cb:e5:31:62:77:fd:4e:cd:79:17:b2:d8:
         ca:55:45:2d:76:66:4f:b9:75:8a:25:84:2a:0b:8c:6c:40:69:
         59:d1:f5:57:07:cb:d0:e9:1d:24:11:a7:75:2f:08:da:37:f1:
         6e:58:c7:31:2e:e4:93:32:61:45:7f:b0:91:2e:f8:a1:ac:3d:
         b1:14:c4:5d:cc:d1:62:fa:ee:51:5d:d5:14:d4:3b:8a:a6:cc:
         4e:a4:22:48:b4:49:3c:f2:8d:74:41:23:cb:04:90:65:f1:dc:
         dd:26:75:8b:10:90:85:75:aa:74:43:08:64:bd:29:7f:c0:cf:
         b1:ef:7a:b3:94:73:78:d1:21:20:0a:3a:a0:e9:4e:63:21:71:
         7a:cd:bf:d6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUE4ppkiMfCfxbj4+WFU/5Gt5SuiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDQxNTQyMjlaFw0yNzA2MDMxNTQ3MjlaMDMxMTAvBgNV
BAMTKEI5RDUyRjJCQ0JDQjQxODNGNTg2MThBMzBBMzUwM0E3Q0FCOUFGMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPXynzG15hrvJ1tB2nuZyuAcJE
4nG+5Otirz7hoyqGGpdynn85K0DP5XJTiOtu0xQQremgjlc+WZCo1f8JJDU6c+V3
sicnZax1MoUfmpOuSQEwfI2CjqJk6KJ/yZv7kngfg1jd5zWd895GuXNLKYqQ83G3
8uhDDXGjfgJyyZsH72nWSRTQcv04C8+SwoP0ad+2taVsCjPIG0MvGXAwsxzL/u+M
YtUaD/FZcA9ggkduVIEz8sIE+187G850LThEjR7j3UzCi68GeRZuMenb8wIt3hyj
oeRnbL2wwlUbVJBOxzymy+uzlaq6568EMqx36jdoeBryATcW8ePxNrYy/LknAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUudUvK8vLQYP1hhijCjUDp8q5ryUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDk2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC0Aw
DQYJKoZIhvcNAQELBQADggEBAC2+lxGLv4ZfJeRFAxTJT2kZ8P5hCXIecZh0vxX7
0VCao9R7ck9wGZ0bi90Oh+eA7k9K07WT9SpqsSi745w2nMvHrmQ6MGvcVGZvkbVx
RyE2eBoVA1WFVNzHvxtYixUGBCWXnEbuwJg4xu9c9PcL67XtTMvlMWJ3/U7NeRey
2MpVRS12Zk+5dYolhCoLjGxAaVnR9VcHy9DpHSQRp3UvCNo38W5YxzEu5JMyYUV/
sJEu+KGsPbEUxF3M0WL67lFd1RTUO4qmzE6kIki0STzyjXRBI8sEkGXx3N0mdYsQ
kIV1qnRDCGS9KX/Az7HverOUc3jRISAKOqDpTmMhcXrNv9Y=
-----END CERTIFICATE-----