Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49581.roa
File:                     AS49581.roa (raw, json)
Hash identifier:          v+sWsyqwOdJB0PnAp+PYyQhOc6ztTPRRk8mgB7Pu6jA=
Subject key identifier:   01:5B:B5:88:39:FE:84:CC:9C:32:A3:77:42:5B:A8:F3:59:89:A6:4A
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2911FE83C59DF97A661DCB448458A61058A23D55
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49581.roa
Signing time:             Thu 27 Feb 2025 21:50:28 +0000
ROA not before:           Thu 27 Feb 2025 21:45:28 +0000
ROA not after:            Thu 26 Feb 2026 21:50:28 +0000
asID:                     49581
IP address blocks:        95.135.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:24:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:11:fe:83:c5:9d:f9:7a:66:1d:cb:44:84:58:a6:10:58:a2:3d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 27 21:45:28 2025 GMT
            Not After : Feb 26 21:50:28 2026 GMT
        Subject: CN=015BB58839FE84CC9C32A377425BA8F35989A64A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ed:5a:6f:8a:e2:d2:35:2d:ac:e7:08:c4:53:
                    02:66:69:7b:01:6f:57:02:37:09:06:ac:ce:38:eb:
                    a6:e0:80:9b:90:64:62:aa:f2:40:9a:90:b5:b4:f4:
                    c3:98:8b:66:fc:d1:d1:2c:e3:0a:3b:35:36:89:28:
                    fa:46:9e:0e:47:90:9a:1b:d3:ce:94:af:fe:2e:e0:
                    1e:93:b8:a2:e5:f2:07:af:c2:11:13:d8:76:9b:81:
                    f0:52:75:69:b4:30:41:f0:60:10:c5:7c:04:d6:87:
                    ff:a3:63:57:c5:60:2f:93:c1:e5:0d:30:07:06:7a:
                    05:ba:6f:64:89:2f:cd:d2:5b:ee:b9:bc:5e:cd:54:
                    c9:88:aa:b3:6c:4a:45:25:43:7c:10:b9:86:e0:70:
                    19:41:ea:e6:a7:ae:a1:b5:2e:31:4b:b9:df:b4:d7:
                    f8:2b:cc:ab:62:6c:96:7a:f9:ed:9f:bc:ba:a8:6f:
                    22:d7:d8:7c:01:6a:4b:ae:88:80:61:da:ce:67:02:
                    4a:24:ee:c3:a4:eb:d7:f2:42:06:69:c8:2e:37:95:
                    e8:fe:98:ae:ba:85:51:0c:02:55:b2:12:1c:e4:f3:
                    d2:84:9f:40:93:05:58:41:ed:21:67:b4:09:e1:40:
                    0b:b3:6e:c7:4d:07:e6:f4:ab:2c:b3:99:6d:b9:66:
                    7c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:5B:B5:88:39:FE:84:CC:9C:32:A3:77:42:5B:A8:F3:59:89:A6:4A
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49581.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:fb:93:ee:4c:bf:f2:ad:a5:53:30:eb:8e:80:82:55:c5:6d:
         cc:39:4c:ba:94:a6:76:45:5d:bc:7b:ac:4b:96:af:01:c4:23:
         f1:ee:7e:b3:b9:e8:a4:08:97:69:35:f4:b7:82:39:1b:d2:b0:
         b3:f1:f8:98:ce:26:58:2e:b0:c4:8b:77:be:e2:63:94:4f:1e:
         13:2e:7a:7f:9b:e2:a1:8e:16:db:6c:54:43:31:eb:4c:74:d0:
         e4:fb:9a:dc:31:e9:40:18:22:74:9a:c2:06:ca:98:ed:28:d3:
         57:63:71:37:1a:3b:cd:f5:b4:5d:70:d3:bc:1b:3d:d9:c4:0a:
         58:2e:8c:4d:84:5f:58:06:cc:45:c2:98:57:90:d4:18:b6:97:
         0d:45:cc:a3:c0:b9:ac:bf:be:e0:f4:77:11:9c:09:9c:b5:31:
         58:eb:7f:7f:93:a8:c4:42:a5:2d:4b:22:d1:72:8f:db:a2:c2:
         90:fe:64:75:4c:1b:a5:73:7a:01:19:a4:4f:97:1d:c6:39:4d:
         dc:5a:bf:5a:c3:96:e8:27:6a:99:4b:44:24:ba:b0:3f:dd:11:
         90:44:79:69:68:0b:2e:83:e6:f6:58:f6:9b:e9:03:c9:9f:f7:
         d5:75:30:fa:85:6b:ba:1e:2d:ad:82:bf:43:dd:cb:c8:3b:1f:
         1a:2b:2b:64
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKRH+g8Wd+XpmHctEhFimEFiiPVUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAyMjcyMTQ1MjhaFw0yNjAyMjYyMTUwMjhaMDMxMTAvBgNV
BAMTKDAxNUJCNTg4MzlGRTg0Q0M5QzMyQTM3NzQyNUJBOEYzNTk4OUE2NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC47VpviuLSNS2s5wjEUwJmaXsB
b1cCNwkGrM4466bggJuQZGKq8kCakLW09MOYi2b80dEs4wo7NTaJKPpGng5HkJob
086Ur/4u4B6TuKLl8gevwhET2HabgfBSdWm0MEHwYBDFfATWh/+jY1fFYC+TweUN
MAcGegW6b2SJL83SW+65vF7NVMmIqrNsSkUlQ3wQuYbgcBlB6uanrqG1LjFLud+0
1/grzKtibJZ6+e2fvLqobyLX2HwBakuuiIBh2s5nAkok7sOk69fyQgZpyC43lej+
mK66hVEMAlWyEhzk89KEn0CTBVhB7SFntAnhQAuzbsdNB+b0qyyzmW25ZnxfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAVu1iDn+hMycMqN3Qluo81mJpkowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDk1ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABfhzww
DQYJKoZIhvcNAQELBQADggEBAKr7k+5Mv/KtpVMw646AglXFbcw5TLqUpnZFXbx7
rEuWrwHEI/HufrO56KQIl2k19LeCORvSsLPx+JjOJlgusMSLd77iY5RPHhMuen+b
4qGOFttsVEMx60x00OT7mtwx6UAYInSawgbKmO0o01djcTcaO831tF1w07wbPdnE
ClgujE2EX1gGzEXCmFeQ1Bi2lw1FzKPAuay/vuD0dxGcCZy1MVjrf3+TqMRCpS1L
ItFyj9uiwpD+ZHVMG6VzegEZpE+XHcY5Tdxav1rDlugnaplLRCS6sD/dEZBEeWlo
Cy6D5vZY9pvpA8mf99V1MPqFa7oeLa2Cv0Pdy8g7HxorK2Q=
-----END CERTIFICATE-----