Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa
File:                     AS49981.roa (raw, json)
Hash identifier:          InXk+zTI3T/oKmsH8LpmknhhGNm6bD29Fqi/Ubsk7Lo=
Subject key identifier:   52:5F:D5:EB:FE:EA:58:EA:2D:34:5A:F5:7F:FE:3C:C1:B3:9E:C7:2E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7CF329F2D238E4CFB9C568FA4437E785439CF3CC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa
Signing time:             Tue 28 Oct 2025 08:55:10 +0000
ROA not before:           Tue 28 Oct 2025 08:50:10 +0000
ROA not after:            Tue 27 Oct 2026 08:55:10 +0000
asID:                     49981
IP address blocks:        191.101.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 06:14:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f3:29:f2:d2:38:e4:cf:b9:c5:68:fa:44:37:e7:85:43:9c:f3:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 28 08:50:10 2025 GMT
            Not After : Oct 27 08:55:10 2026 GMT
        Subject: CN=525FD5EBFEEA58EA2D345AF57FFE3CC1B39EC72E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6c:16:40:16:64:01:e4:65:0e:fc:e3:10:6c:
                    5f:3c:62:12:30:96:77:df:4d:31:11:6e:55:81:6e:
                    ac:ad:b5:97:eb:70:f7:b6:f5:04:34:22:74:b3:b9:
                    29:d3:83:d8:fb:64:fa:68:6e:f2:79:b8:3f:f7:ba:
                    50:b8:ac:b6:fa:b3:16:6b:66:89:c1:58:df:c9:ea:
                    12:e5:6f:59:e4:56:d3:cb:99:49:01:fe:24:ae:8e:
                    43:4e:66:73:e1:5c:e3:8b:4e:46:de:a7:81:6e:0f:
                    b3:f0:44:e6:44:54:f8:50:1c:59:45:6c:00:b7:20:
                    97:27:7a:4e:41:9e:53:80:a3:67:15:9c:06:2b:d8:
                    97:be:93:40:27:4b:56:64:0f:ae:53:d6:c6:fa:55:
                    d1:ff:64:21:29:f5:7f:e1:68:ac:f6:7d:dc:43:d6:
                    b7:7b:98:fd:04:5e:99:8b:bc:03:01:7c:64:8d:5b:
                    2e:18:b8:2e:89:0f:d2:c0:38:ce:17:8e:d2:32:72:
                    88:93:43:e7:65:d9:cf:15:44:fc:cf:f6:ca:ee:8a:
                    ad:21:ae:d8:f3:c1:5a:87:96:e5:95:5b:f2:97:19:
                    e5:d4:14:04:ef:6f:c0:ab:ce:e3:fe:fd:cc:dc:53:
                    39:2c:e8:48:32:73:21:c0:99:d5:a5:02:0f:67:9f:
                    8b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5F:D5:EB:FE:EA:58:EA:2D:34:5A:F5:7F:FE:3C:C1:B3:9E:C7:2E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49981.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:a7:f8:88:c7:51:70:c2:b1:b0:56:c5:c4:cd:8f:a9:51:33:
         74:dd:16:73:39:ca:5a:72:25:d7:fd:17:be:7d:fd:bc:77:f7:
         03:cc:64:55:14:35:0a:bf:dd:6c:72:c4:a0:2a:69:64:7b:04:
         72:ae:9a:bf:56:d7:a0:4c:fc:ed:22:31:6d:cf:7d:75:58:29:
         2b:c4:ca:46:d9:5d:8f:cf:f5:d1:da:5c:fd:96:37:4d:a3:64:
         21:f2:31:c4:ea:0d:49:07:64:df:a6:92:08:12:38:3b:18:58:
         46:e7:19:1b:73:e0:4c:a8:ff:41:62:af:eb:bd:b5:92:b5:53:
         5d:d5:a5:27:1b:a0:d1:e2:8e:57:74:52:99:a7:c8:44:ab:3d:
         98:87:9b:95:d7:3d:bb:7f:a8:72:11:a1:cc:99:84:d8:60:b3:
         c9:21:ec:91:09:40:09:c9:e9:a0:95:8e:df:9b:8f:a8:da:79:
         5d:56:7e:eb:d0:5b:cf:4b:98:99:54:30:c8:d0:6a:e6:e9:8a:
         8b:01:de:8e:f5:73:b7:b2:b8:ef:fd:27:cc:b1:45:d1:8c:c1:
         9f:3c:c1:6d:37:5b:b2:64:27:84:d2:3d:ba:dd:24:16:4c:99:
         a7:18:0b:05:fb:2d:36:9b:70:ed:85:89:5d:58:8b:f5:52:90:
         28:97:1b:df
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfPMp8tI45M+5xWj6RDfnhUOc88wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMjgwODUwMTBaFw0yNjEwMjcwODU1MTBaMDMxMTAvBgNV
BAMTKDUyNUZENUVCRkVFQTU4RUEyRDM0NUFGNTdGRkUzQ0MxQjM5RUM3MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFbBZAFmQB5GUO/OMQbF88YhIw
lnffTTERblWBbqyttZfrcPe29QQ0InSzuSnTg9j7ZPpobvJ5uD/3ulC4rLb6sxZr
ZonBWN/J6hLlb1nkVtPLmUkB/iSujkNOZnPhXOOLTkbep4FuD7PwROZEVPhQHFlF
bAC3IJcnek5BnlOAo2cVnAYr2Je+k0AnS1ZkD65T1sb6VdH/ZCEp9X/haKz2fdxD
1rd7mP0EXpmLvAMBfGSNWy4YuC6JD9LAOM4XjtIycoiTQ+dl2c8VRPzP9sruiq0h
rtjzwVqHluWVW/KXGeXUFATvb8CrzuP+/czcUzks6EgycyHAmdWlAg9nn4uZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUUl/V6/7qWOotNFr1f/48wbOexy4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDk5ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZXEw
DQYJKoZIhvcNAQELBQADggEBAHqn+IjHUXDCsbBWxcTNj6lRM3TdFnM5ylpyJdf9
F759/bx39wPMZFUUNQq/3WxyxKAqaWR7BHKumr9W16BM/O0iMW3PfXVYKSvEykbZ
XY/P9dHaXP2WN02jZCHyMcTqDUkHZN+mkggSODsYWEbnGRtz4Eyo/0Fir+u9tZK1
U13VpScboNHijld0UpmnyESrPZiHm5XXPbt/qHIRocyZhNhgs8kh7JEJQAnJ6aCV
jt+bj6jaeV1WfuvQW89LmJlUMMjQaubpiosB3o71c7eyuO/9J8yxRdGMwZ88wW03
W7JkJ4TSPbrdJBZMmacYCwX7LTabcO2FiV1Yi/VSkCiXG98=
-----END CERTIFICATE-----