Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60949.roa
File:                     AS60949.roa (raw, json)
Hash identifier:          YHK2HcstyksXPeTD1OjCzN7Al3JA9vtukG9XJUSSol8=
Subject key identifier:   9D:79:27:13:80:08:C7:55:D7:6A:C9:FB:30:94:15:41:5D:52:53:90
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4E42D38D857365F57BBE7B117A2619E7C19488F2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60949.roa
Signing time:             Mon 02 Mar 2026 07:55:03 +0000
ROA not before:           Mon 02 Mar 2026 07:50:03 +0000
ROA not after:            Mon 01 Mar 2027 07:55:03 +0000
asID:                     60949
IP address blocks:        147.79.52.0/24 maxlen: 24
                          147.79.53.0/24 maxlen: 24
                          147.79.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:42:d3:8d:85:73:65:f5:7b:be:7b:11:7a:26:19:e7:c1:94:88:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  2 07:50:03 2026 GMT
            Not After : Mar  1 07:55:03 2027 GMT
        Subject: CN=9D7927138008C755D76AC9FB309415415D525390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fe:ec:dd:f2:7c:61:a6:1d:2a:f4:d5:c5:79:
                    11:59:ba:fe:99:6b:91:8a:76:6d:db:bf:a3:2e:39:
                    80:37:d7:d6:8b:68:35:d3:9e:ed:a2:8b:3e:e3:16:
                    46:3f:4e:d6:7b:02:59:dc:f6:ad:6a:dc:eb:f2:b4:
                    75:de:ab:39:b7:86:11:7d:2f:80:36:fe:50:4d:22:
                    96:ff:b5:1e:b1:a5:0e:56:45:64:95:a5:74:ce:4f:
                    47:85:42:f5:03:f0:98:0a:df:59:c5:e0:95:d8:76:
                    d8:cb:66:1f:8a:03:df:b6:94:a8:da:9d:e6:4c:81:
                    c1:3f:ad:0a:da:10:48:61:12:51:36:f3:0a:02:d3:
                    d8:e9:21:f7:28:a8:01:f2:b6:09:4f:ae:75:e5:23:
                    3e:f7:75:6a:11:26:d5:78:67:e4:ea:46:bd:67:42:
                    7d:6c:70:1a:f8:67:f9:9a:13:14:26:3a:2d:11:67:
                    b0:5c:b5:06:ee:98:65:d8:0b:13:a1:85:6f:da:04:
                    76:2a:08:c2:a8:6f:9a:0a:46:d8:25:76:0a:39:fc:
                    e7:22:c3:33:d6:d3:52:f1:8f:c0:76:1f:e5:ef:c0:
                    7e:4e:74:55:e9:b3:fd:15:10:59:60:60:ac:74:d7:
                    44:10:ab:fa:4d:9c:72:6d:ef:75:54:52:ba:b5:03:
                    05:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:79:27:13:80:08:C7:55:D7:6A:C9:FB:30:94:15:41:5D:52:53:90
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.52.0-147.79.54.255

    Signature Algorithm: sha256WithRSAEncryption
         45:91:15:1d:e0:5c:a4:fc:f4:a1:00:ea:09:37:12:36:6c:e8:
         21:94:ce:44:e4:49:30:c7:90:6b:f8:11:76:6f:c3:9d:61:ce:
         eb:e2:bc:e0:d2:05:34:cf:2e:ad:48:51:c4:94:f3:a6:ad:28:
         85:11:c7:8b:4d:cc:b2:dd:31:83:3e:3f:84:ca:d9:90:08:4d:
         fc:df:13:c7:18:ec:51:46:65:79:66:b9:4a:ea:77:9f:24:f4:
         51:da:72:98:5e:09:9c:61:1a:2b:6c:5a:53:b8:07:51:c5:89:
         80:51:b0:3e:f0:99:8a:99:64:a3:13:c9:1b:9d:b5:91:13:2b:
         1a:0e:c4:10:27:37:e5:d7:ae:35:9d:9a:03:72:dc:29:b4:d5:
         34:b7:e8:07:2e:08:c2:2d:db:59:b9:3c:ef:ea:f3:17:45:ee:
         df:e5:10:ac:41:9d:b6:e7:a8:b9:4d:44:45:73:3b:06:e0:3c:
         99:c8:eb:52:63:a2:3f:db:23:85:26:b2:74:b4:23:b6:a0:bb:
         09:8d:73:61:dd:61:eb:2d:0f:41:70:95:8f:2f:e8:be:85:18:
         5b:65:3c:c9:81:d8:37:6a:e7:2f:4e:8b:d2:9f:6d:51:6d:e0:
         37:c3:c0:54:0f:dd:e5:f9:7a:e9:70:33:6f:a5:09:11:c7:d3:
         98:02:fe:f1
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIUTkLTjYVzZfV7vnsReiYZ58GUiPIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDIwNzUwMDNaFw0yNzAzMDEwNzU1MDNaMDMxMTAvBgNV
BAMTKDlENzkyNzEzODAwOEM3NTVENzZBQzlGQjMwOTQxNTQxNUQ1MjUzOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH/uzd8nxhph0q9NXFeRFZuv6Z
a5GKdm3bv6MuOYA319aLaDXTnu2iiz7jFkY/TtZ7Alnc9q1q3OvytHXeqzm3hhF9
L4A2/lBNIpb/tR6xpQ5WRWSVpXTOT0eFQvUD8JgK31nF4JXYdtjLZh+KA9+2lKja
neZMgcE/rQraEEhhElE28woC09jpIfcoqAHytglPrnXlIz73dWoRJtV4Z+TqRr1n
Qn1scBr4Z/maExQmOi0RZ7BctQbumGXYCxOhhW/aBHYqCMKob5oKRtgldgo5/Oci
wzPW01Lxj8B2H+XvwH5OdFXps/0VEFlgYKx010QQq/pNnHJt73VUUrq1AwWNAgMB
AAGjggIRMIICDTAdBgNVHQ4EFgQUnXknE4AIx1XXasn7MJQVQV1SU5AwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjA5NDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEApNP
NAMEAJNPNjANBgkqhkiG9w0BAQsFAAOCAQEARZEVHeBcpPz0oQDqCTcSNmzoIZTO
RORJMMeQa/gRdm/DnWHO6+K84NIFNM8urUhRxJTzpq0ohRHHi03Mst0xgz4/hMrZ
kAhN/N8TxxjsUUZleWa5Sup3nyT0UdpymF4JnGEaK2xaU7gHUcWJgFGwPvCZiplk
oxPJG521kRMrGg7EECc35deuNZ2aA3LcKbTVNLfoBy4Iwi3bWbk87+rzF0Xu3+UQ
rEGdtueouU1ERXM7BuA8mcjrUmOiP9sjhSaydLQjtqC7CY1zYd1h6y0PQXCVjy/o
voUYW2U8yYHYN2rnL06L0p9tUW3gN8PAVA/d5fl66XAzb6UJEcfTmAL+8Q==
-----END CERTIFICATE-----