Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
File:                     AS60949.roa (raw, json)
Hash identifier:          7UbGvEktHY9kMgSsvWX9CssjHzcWTh3hwYMeS7s0Bu4=
Subject key identifier:   3A:40:38:07:21:F5:36:2B:B8:2B:8B:C8:FC:B4:81:D6:3E:8C:DE:7D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2B781FC0A35762CDC8894DF4C8304B7A152520D7
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
Signing time:             Mon 02 Mar 2026 07:55:06 +0000
ROA not before:           Mon 02 Mar 2026 07:50:06 +0000
ROA not after:            Mon 01 Mar 2027 07:55:06 +0000
asID:                     60949
IP address blocks:        141.11.28.0/24 maxlen: 24
                          141.11.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Mar 2026 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:78:1f:c0:a3:57:62:cd:c8:89:4d:f4:c8:30:4b:7a:15:25:20:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  2 07:50:06 2026 GMT
            Not After : Mar  1 07:55:06 2027 GMT
        Subject: CN=3A40380721F5362BB82B8BC8FCB481D63E8CDE7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:04:0a:78:17:e2:d9:01:b7:37:c9:1c:91:b6:
                    eb:b2:03:3b:9b:6f:f4:3a:68:0d:51:f5:a0:8e:b5:
                    2d:f6:79:77:da:3c:17:4f:d1:e6:28:29:6f:eb:2b:
                    88:43:00:b8:37:2c:4c:05:06:42:ef:32:35:f5:29:
                    95:9d:e5:2e:5c:5b:fd:fe:8b:0c:cd:95:a4:e5:76:
                    b2:ba:90:5b:de:62:d1:0a:a7:8e:24:4d:7d:64:16:
                    b0:ba:de:68:fd:19:c6:26:20:21:5e:b4:b1:64:73:
                    45:d9:30:93:86:f7:df:11:8b:8e:f7:25:13:9f:be:
                    54:aa:63:3f:43:ea:2b:0a:69:9e:64:4e:9d:01:3f:
                    c9:86:df:16:ae:18:66:b5:c8:ba:c1:23:06:ff:dc:
                    b1:18:57:88:34:bd:da:cd:3e:c7:e6:4e:e0:0a:c5:
                    27:6c:5a:93:5e:04:87:53:94:c7:ae:cf:79:ba:25:
                    88:5a:3e:2b:42:ad:1f:e8:05:45:f3:52:ed:78:b3:
                    7a:aa:32:60:43:dc:13:3b:21:2d:99:af:fe:a4:8e:
                    19:a6:a9:dc:c1:47:19:19:05:1c:2e:28:87:c9:4d:
                    51:99:a9:97:09:9d:37:02:57:5c:36:10:08:79:df:
                    43:cd:db:fc:2f:8e:98:37:52:af:d4:86:c0:47:09:
                    51:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:40:38:07:21:F5:36:2B:B8:2B:8B:C8:FC:B4:81:D6:3E:8C:DE:7D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.28.0/24
                  141.11.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:53:77:ec:3f:83:f2:f1:5d:64:9f:b5:39:97:b3:8c:19:98:
         e7:d4:08:9c:89:97:1c:b2:32:d8:2d:01:41:e7:8b:e8:4c:8b:
         d7:99:53:fd:62:0e:9e:08:2b:df:29:1e:fb:9f:ec:16:96:b4:
         14:8c:f5:ec:81:1f:cf:1d:ef:7b:1a:d9:a4:2d:cc:39:b3:9a:
         86:3c:7a:33:20:03:48:b3:f0:f7:9f:ea:2e:4b:74:18:26:0a:
         15:40:a7:3e:b4:a8:a8:51:b4:56:de:89:bb:83:cd:61:18:65:
         af:58:05:ec:f8:83:8f:27:6a:a9:58:92:4b:bd:c5:fa:0c:bb:
         7d:30:33:78:72:70:fe:62:be:ec:fb:a0:53:1c:de:06:c3:11:
         50:4d:6d:c1:a9:2d:13:5a:b1:b1:c7:ff:a6:03:bd:78:27:c4:
         ec:44:36:11:63:d1:f2:2b:58:3f:92:00:62:c4:55:17:51:e3:
         f2:2d:02:c2:74:f3:90:fe:db:e6:69:fe:df:ee:b4:df:3c:7d:
         d6:47:36:07:4c:e9:66:9b:36:f6:1c:b9:fa:06:e0:91:91:98:
         d4:1b:d1:f6:6f:de:79:ec:f8:d8:e2:ee:2b:b5:ed:b5:91:24:
         0d:8c:6e:b2:d8:6c:c3:19:a8:59:db:5b:a0:fa:86:ef:80:24:
         32:a9:ad:cf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUK3gfwKNXYs3IiU30yDBLehUlINcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMDIwNzUwMDZaFw0yNzAzMDEwNzU1MDZaMDMxMTAvBgNV
BAMTKDNBNDAzODA3MjFGNTM2MkJCODJCOEJDOEZDQjQ4MUQ2M0U4Q0RFN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsBAp4F+LZAbc3yRyRtuuyAzub
b/Q6aA1R9aCOtS32eXfaPBdP0eYoKW/rK4hDALg3LEwFBkLvMjX1KZWd5S5cW/3+
iwzNlaTldrK6kFveYtEKp44kTX1kFrC63mj9GcYmICFetLFkc0XZMJOG998Ri473
JROfvlSqYz9D6isKaZ5kTp0BP8mG3xauGGa1yLrBIwb/3LEYV4g0vdrNPsfmTuAK
xSdsWpNeBIdTlMeuz3m6JYhaPitCrR/oBUXzUu14s3qqMmBD3BM7IS2Zr/6kjhmm
qdzBRxkZBRwuKIfJTVGZqZcJnTcCV1w2EAh530PN2/wvjpg3Uq/UhsBHCVHBAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUOkA4ByH1Niu4K4vI/LSB1j6M3n0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjA5NDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCxwD
BACNC2owDQYJKoZIhvcNAQELBQADggEBAJlTd+w/g/LxXWSftTmXs4wZmOfUCJyJ
lxyyMtgtAUHni+hMi9eZU/1iDp4IK98pHvuf7BaWtBSM9eyBH88d73sa2aQtzDmz
moY8ejMgA0iz8Pef6i5LdBgmChVApz60qKhRtFbeibuDzWEYZa9YBez4g48naqlY
kku9xfoMu30wM3hycP5ivuz7oFMc3gbDEVBNbcGpLRNasbHH/6YDvXgnxOxENhFj
0fIrWD+SAGLEVRdR4/ItAsJ085D+2+Zp/t/utN88fdZHNgdM6WabNvYcufoG4JGR
mNQb0fZv3nns+Nji7iu17bWRJA2MbrLYbMMZqFnbW6D6hu+AJDKprc8=
-----END CERTIFICATE-----