Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49592.roa
File:                     AS49592.roa (raw, json)
Hash identifier:          ETGVcFWaOrHN33n42nNnRkikcBBnGXXV10dbGC/sjrA=
Subject key identifier:   78:B8:44:34:27:DB:E4:83:43:12:75:4E:47:52:D6:7F:41:1A:BB:D0
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1EA20E080993EC63CE42A98724B23D58FEE4DA91
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49592.roa
Signing time:             Fri 01 May 2026 11:13:24 +0000
ROA not before:           Fri 01 May 2026 11:08:24 +0000
ROA not after:            Fri 30 Apr 2027 11:13:24 +0000
asID:                     49592
IP address blocks:        46.202.126.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a2:0e:08:09:93:ec:63:ce:42:a9:87:24:b2:3d:58:fe:e4:da:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  1 11:08:24 2026 GMT
            Not After : Apr 30 11:13:24 2027 GMT
        Subject: CN=78B8443427DBE4834312754E4752D67F411ABBD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ed:8b:05:6c:df:97:95:8d:7b:e3:31:40:61:
                    6b:84:c3:a5:3e:0e:d3:13:0e:9f:fe:93:a1:d2:15:
                    3b:ae:3a:07:18:a1:51:12:ad:ca:df:ae:67:6b:e2:
                    a4:c6:36:36:e7:14:b9:93:90:87:23:10:c6:36:be:
                    51:f4:2f:c4:14:d0:1c:18:bf:a2:f9:d4:32:53:43:
                    09:01:92:e3:3e:f5:63:04:7f:38:92:07:91:01:31:
                    74:41:84:95:06:74:00:bb:23:18:2c:50:d1:8c:f7:
                    f6:49:e9:47:64:3e:3d:2e:47:c6:55:a7:2c:cf:b2:
                    1e:5b:aa:09:4b:cf:c6:15:62:37:ea:b1:d0:4a:a6:
                    d5:ce:fe:6a:cb:0c:77:70:21:73:a9:89:b5:a4:24:
                    8f:53:22:60:56:2d:b4:49:e2:df:07:25:5b:f9:95:
                    f7:32:87:20:2d:79:cb:3c:63:6f:61:b6:0d:64:6f:
                    d8:e3:8b:eb:b8:99:d2:74:68:7a:dd:d6:c0:b6:c5:
                    5f:12:6f:98:17:e4:f7:82:47:fb:d9:87:df:35:94:
                    f2:93:0c:9d:49:2f:f7:7a:c5:96:a8:60:b8:9d:9e:
                    be:3e:fb:62:b7:56:40:d1:a2:db:d6:84:39:9f:b4:
                    d7:85:54:56:4c:8f:ca:8f:bb:f6:cf:e9:c5:ab:6d:
                    68:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B8:44:34:27:DB:E4:83:43:12:75:4E:47:52:D6:7F:41:1A:BB:D0
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49592.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:11:1e:23:69:9a:78:a1:31:d8:43:2b:d4:b7:6e:63:83:29:
         0f:ee:f9:3e:f7:6a:dc:d7:19:32:e6:68:94:34:2d:b2:0d:91:
         42:a4:0f:2f:c2:46:62:22:be:73:22:fd:e0:a0:0c:3f:5a:5d:
         88:b5:a3:ba:3a:24:fe:48:26:51:b5:5b:88:da:79:5d:97:1d:
         3c:b8:ca:d2:51:c3:b2:44:b4:0c:8b:36:8f:e2:86:df:6a:51:
         89:82:dc:58:dc:0f:aa:2e:39:03:c5:72:8e:0e:79:28:4c:9d:
         2b:6b:85:54:f0:03:29:74:da:18:5c:64:3f:27:73:2f:a7:d1:
         de:70:f8:d7:2e:a5:76:9f:3b:de:32:4d:0e:eb:e3:c0:d9:a5:
         1c:5c:65:21:20:ff:9e:30:6d:09:be:1f:be:7d:1f:35:f6:86:
         1c:4c:f1:31:08:9d:1a:dc:5d:cc:37:4a:39:dc:5a:91:9a:ae:
         bc:a8:2f:0d:f4:1e:83:da:d8:6e:ed:a8:4d:49:b2:fd:2e:e4:
         90:23:b7:3a:f2:51:49:27:ef:5c:f5:e0:b5:57:69:ba:c2:80:
         c4:2b:fe:28:4c:e9:e6:ad:3c:04:5a:cf:92:e3:ed:e9:63:ad:
         e8:cb:cc:59:19:23:27:86:2c:6f:da:a2:02:96:3a:7a:b3:b4:
         24:3c:db:da
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHqIOCAmT7GPOQqmHJLI9WP7k2pEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDExMTA4MjRaFw0yNzA0MzAxMTEzMjRaMDMxMTAvBgNV
BAMTKDc4Qjg0NDM0MjdEQkU0ODM0MzEyNzU0RTQ3NTJENjdGNDExQUJCRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg7YsFbN+XlY174zFAYWuEw6U+
DtMTDp/+k6HSFTuuOgcYoVESrcrfrmdr4qTGNjbnFLmTkIcjEMY2vlH0L8QU0BwY
v6L51DJTQwkBkuM+9WMEfziSB5EBMXRBhJUGdAC7IxgsUNGM9/ZJ6UdkPj0uR8ZV
pyzPsh5bqglLz8YVYjfqsdBKptXO/mrLDHdwIXOpibWkJI9TImBWLbRJ4t8HJVv5
lfcyhyAtecs8Y29htg1kb9jji+u4mdJ0aHrd1sC2xV8Sb5gX5PeCR/vZh981lPKT
DJ1JL/d6xZaoYLidnr4++2K3VkDRotvWhDmftNeFVFZMj8qPu/bP6cWrbWgrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUeLhENCfb5INDEnVOR1LWf0Eau9AwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDk1OTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEuyn4w
DQYJKoZIhvcNAQELBQADggEBADwRHiNpmnihMdhDK9S3bmODKQ/u+T73atzXGTLm
aJQ0LbINkUKkDy/CRmIivnMi/eCgDD9aXYi1o7o6JP5IJlG1W4jaeV2XHTy4ytJR
w7JEtAyLNo/iht9qUYmC3FjcD6ouOQPFco4OeShMnStrhVTwAyl02hhcZD8ncy+n
0d5w+NcupXafO94yTQ7r48DZpRxcZSEg/54wbQm+H759HzX2hhxM8TEInRrcXcw3
SjncWpGarryoLw30HoPa2G7tqE1Jsv0u5JAjtzryUUkn71z14LVXabrCgMQr/ihM
6eatPARaz5Lj7eljrejLzFkZIyeGLG/aogKWOnqztCQ829o=
-----END CERTIFICATE-----