Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS201949.roa
File:                     AS201949.roa (raw, json)
Hash identifier:          knVflYXsbT6w/+jOH7z5MVkMpEIflET4Osm7z0M5t7o=
Subject key identifier:   EC:0B:E7:C5:66:79:F5:41:92:46:2D:E6:DA:85:61:1C:3C:B7:A1:F4
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       47D3BCCB784A6D96F6953CDE065EA522FDFEC803
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS201949.roa
Signing time:             Wed 04 Mar 2026 08:30:27 +0000
ROA not before:           Wed 04 Mar 2026 08:25:27 +0000
ROA not after:            Wed 03 Mar 2027 08:30:27 +0000
asID:                     201949
IP address blocks:        147.125.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Mar 2026 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d3:bc:cb:78:4a:6d:96:f6:95:3c:de:06:5e:a5:22:fd:fe:c8:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 08:25:27 2026 GMT
            Not After : Mar  3 08:30:27 2027 GMT
        Subject: CN=EC0BE7C56679F54192462DE6DA85611C3CB7A1F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b7:d6:bc:b2:f1:6e:4d:bc:ed:6c:ac:06:6e:
                    f6:6a:fb:9d:28:57:1f:3d:cd:55:a7:00:47:31:0b:
                    a2:f1:33:a0:87:c3:db:2b:cb:34:b7:de:09:ef:a8:
                    9e:e3:65:3e:ba:ea:4f:82:5c:3d:36:1d:ea:7f:b6:
                    b3:23:c5:b3:19:25:d1:15:a4:20:5a:10:00:8e:ad:
                    cb:e5:cd:e0:19:d0:a8:40:b4:b3:a1:16:50:ee:7d:
                    f6:11:74:31:d4:a2:0a:55:9d:3d:43:a7:24:ae:2a:
                    96:56:5f:5d:2e:12:90:31:ab:e6:3c:ed:b0:ce:31:
                    07:dc:8f:f9:cb:1c:e5:dd:8c:a6:01:cc:9e:3d:39:
                    26:5c:4b:7b:77:8e:92:06:55:5c:3a:69:24:2d:b5:
                    65:85:ca:17:dd:29:eb:b1:b1:ba:88:a0:90:cf:97:
                    f2:d8:28:46:cb:a3:8b:32:7e:3a:3d:97:2e:bd:6c:
                    b0:43:a0:d4:11:77:34:e5:d9:56:e2:6a:cb:06:9a:
                    ca:cd:ad:77:b0:23:9e:4d:eb:5a:26:f0:52:ce:ab:
                    69:fb:c6:e4:a4:43:ac:80:bf:75:fb:a7:88:ae:86:
                    01:8c:c7:ad:25:16:61:34:7f:74:8a:d4:39:e9:8d:
                    ca:36:48:a9:d1:3e:2b:83:a3:a8:96:34:19:3a:50:
                    76:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:0B:E7:C5:66:79:F5:41:92:46:2D:E6:DA:85:61:1C:3C:B7:A1:F4
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS201949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:39:0e:40:7f:93:7d:60:f0:94:07:8a:4b:12:06:00:b9:7c:
         1e:b1:9f:5b:ad:5b:d4:e1:51:3a:8d:27:c6:27:ba:6b:ec:90:
         53:d0:d2:1e:5e:db:ba:af:99:fc:77:9c:22:81:cc:f0:8c:83:
         37:87:b2:a1:27:f2:4d:91:b3:04:81:d9:33:92:c1:13:50:b1:
         a0:a5:e7:ef:52:cf:75:ff:98:5f:ec:03:3e:0e:68:34:f1:bf:
         64:82:63:61:75:4f:e2:73:f4:6a:f1:8d:77:b6:02:73:43:f2:
         5b:73:f2:59:1c:99:d9:5b:1c:c4:8e:73:7d:a8:e6:57:76:f1:
         4f:6d:06:7c:c9:19:38:bb:56:24:87:84:f7:89:52:18:13:dc:
         58:c6:5b:89:9a:6e:5e:8f:b8:e5:5d:55:5a:68:b4:07:ac:6d:
         53:09:f9:e3:e2:4a:e1:76:ce:77:ed:54:d2:87:1c:64:14:d2:
         33:ea:b4:b7:a7:10:88:fc:46:bf:1c:fa:99:8a:95:d2:a8:d6:
         6e:c0:dc:4d:02:dd:55:ef:f7:1d:68:48:60:c3:96:f2:d6:e7:
         7b:22:da:74:a6:a1:a3:04:54:15:75:e1:e6:fe:78:cf:3f:6f:
         2a:6c:b8:df:e8:59:00:74:07:50:dd:21:0e:77:29:38:dd:cf:
         d9:c7:be:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUR9O8y3hKbZb2lTzeBl6lIv3+yAMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQwODI1MjdaFw0yNzAzMDMwODMwMjdaMDMxMTAvBgNV
BAMTKEVDMEJFN0M1NjY3OUY1NDE5MjQ2MkRFNkRBODU2MTFDM0NCN0ExRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8t9a8svFuTbztbKwGbvZq+50o
Vx89zVWnAEcxC6LxM6CHw9sryzS33gnvqJ7jZT666k+CXD02Hep/trMjxbMZJdEV
pCBaEACOrcvlzeAZ0KhAtLOhFlDuffYRdDHUogpVnT1DpySuKpZWX10uEpAxq+Y8
7bDOMQfcj/nLHOXdjKYBzJ49OSZcS3t3jpIGVVw6aSQttWWFyhfdKeuxsbqIoJDP
l/LYKEbLo4syfjo9ly69bLBDoNQRdzTl2VbiassGmsrNrXewI55N61om8FLOq2n7
xuSkQ6yAv3X7p4iuhgGMx60lFmE0f3SK1Dnpjco2SKnRPiuDo6iWNBk6UHY3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7AvnxWZ59UGSRi3m2oVhHDy3ofQwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMjAxOTQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk32C
MA0GCSqGSIb3DQEBCwUAA4IBAQBBOQ5Af5N9YPCUB4pLEgYAuXwesZ9brVvU4VE6
jSfGJ7pr7JBT0NIeXtu6r5n8d5wigczwjIM3h7KhJ/JNkbMEgdkzksETULGgpefv
Us91/5hf7AM+Dmg08b9kgmNhdU/ic/Rq8Y13tgJzQ/Jbc/JZHJnZWxzEjnN9qOZX
dvFPbQZ8yRk4u1Ykh4T3iVIYE9xYxluJmm5ej7jlXVVaaLQHrG1TCfnj4krhds53
7VTShxxkFNIz6rS3pxCI/Ea/HPqZipXSqNZuwNxNAt1V7/cdaEhgw5by1ud7Itp0
pqGjBFQVdeHm/njPP28qbLjf6FkAdAdQ3SEOdyk43c/Zx74x
-----END CERTIFICATE-----