Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49678.roa
File:                     AS49678.roa (raw, json)
Hash identifier:          ma2Cy4HGZQKrpeJAHIqykfeRYVVQDzWuC3mCccGjXKU=
Subject key identifier:   CA:A7:F3:28:9D:47:5E:08:E5:47:14:92:B2:F5:A6:2B:0D:62:3B:77
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       380F853BA171C2BF51AE73062A772A80DC6BDA57
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49678.roa
Signing time:             Sat 04 Apr 2026 15:30:03 +0000
ROA not before:           Sat 04 Apr 2026 15:25:03 +0000
ROA not after:            Sat 03 Apr 2027 15:30:03 +0000
asID:                     49678
IP address blocks:        82.41.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:0f:85:3b:a1:71:c2:bf:51:ae:73:06:2a:77:2a:80:dc:6b:da:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  4 15:25:03 2026 GMT
            Not After : Apr  3 15:30:03 2027 GMT
        Subject: CN=CAA7F3289D475E08E5471492B2F5A62B0D623B77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ea:da:a3:f9:19:2b:5d:80:e2:98:8b:05:00:
                    f8:5e:dc:30:b1:55:a7:22:dd:2f:eb:6c:71:9a:41:
                    0a:ad:d3:dd:14:48:2b:c0:f6:f3:fa:0e:73:46:59:
                    3a:b2:69:63:21:5b:4a:94:8d:b4:24:74:cb:9a:af:
                    a7:f8:09:f6:bd:fb:d3:3e:b7:11:16:fd:f0:1a:b3:
                    e9:93:1a:e0:5b:f6:55:5a:0c:e3:c0:54:f6:7e:ca:
                    77:a6:b8:ee:e8:6f:b3:4f:c8:85:be:bf:26:8d:08:
                    03:72:86:a9:74:e3:f9:50:8e:53:6a:5d:05:97:e6:
                    e8:6c:c7:22:91:c0:88:ed:59:5b:d9:d2:31:c0:70:
                    80:ca:75:be:db:26:9a:b3:60:e5:a5:77:86:6b:d8:
                    89:b4:32:78:94:ec:70:a0:38:dd:5c:d8:fe:7c:f1:
                    4d:23:a6:3d:2e:6c:a3:03:06:a9:77:46:f3:94:ea:
                    c9:4d:cd:ff:6c:9b:3a:59:05:a3:36:4f:64:1b:65:
                    0a:f4:b5:8d:7a:0e:83:26:a6:24:d5:59:c8:61:5a:
                    93:5b:1a:7c:45:1a:f6:9b:3c:e6:0c:2a:63:bd:12:
                    0c:a3:df:73:57:44:6a:23:5d:26:67:88:e2:14:f2:
                    03:f8:90:82:d7:8e:5e:5a:99:a9:00:dd:85:0f:c7:
                    dd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:A7:F3:28:9D:47:5E:08:E5:47:14:92:B2:F5:A6:2B:0D:62:3B:77
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS49678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:2a:69:3b:b1:df:62:34:2e:c3:a7:24:42:2c:ec:d3:79:61:
         b5:e4:02:d8:17:de:a2:e6:cd:a2:bc:18:88:a3:63:44:77:4d:
         54:fd:a4:49:e4:77:51:e1:58:da:ee:72:65:3f:06:61:0b:73:
         4b:77:1c:eb:94:f3:77:b0:45:cc:59:1c:e2:c3:bb:ec:f1:e1:
         70:ae:97:2c:15:f8:56:2f:37:5c:b8:2b:4d:2d:dc:aa:f3:71:
         37:96:e8:53:0b:ee:6d:53:cc:58:63:a2:ff:ad:f8:26:2b:17:
         e6:20:c9:c2:e9:09:12:2b:ba:1d:af:02:ca:f0:c0:24:47:d0:
         6d:0b:a7:0c:01:23:40:13:f0:56:27:5d:b1:40:b9:24:cf:2a:
         97:a1:9b:d9:62:cb:37:2c:90:16:18:0c:5e:75:9d:66:7a:27:
         bf:fa:c3:b8:d6:fb:e6:a8:5a:f9:de:40:cc:73:53:86:75:5b:
         b8:66:b3:bb:5a:e4:a9:2c:fa:79:be:f6:09:10:5d:5c:66:be:
         e0:93:95:be:c2:b1:16:fb:88:72:78:e5:8f:11:cd:81:92:33:
         c5:18:9a:6b:76:76:de:0c:ef:e8:88:e0:98:0a:7e:de:04:80:
         96:9c:a3:9c:64:14:bc:f9:fb:b3:1d:1a:fa:0c:67:bb:af:cf:
         74:a3:74:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOA+FO6Fxwr9RrnMGKncqgNxr2lcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDQxNTI1MDNaFw0yNzA0MDMxNTMwMDNaMDMxMTAvBgNV
BAMTKENBQTdGMzI4OUQ0NzVFMDhFNTQ3MTQ5MkIyRjVBNjJCMEQ2MjNCNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb6tqj+RkrXYDimIsFAPhe3DCx
Vaci3S/rbHGaQQqt090USCvA9vP6DnNGWTqyaWMhW0qUjbQkdMuar6f4Cfa9+9M+
txEW/fAas+mTGuBb9lVaDOPAVPZ+ynemuO7ob7NPyIW+vyaNCANyhql04/lQjlNq
XQWX5uhsxyKRwIjtWVvZ0jHAcIDKdb7bJpqzYOWld4Zr2Im0MniU7HCgON1c2P58
8U0jpj0ubKMDBql3RvOU6slNzf9smzpZBaM2T2QbZQr0tY16DoMmpiTVWchhWpNb
GnxFGvabPOYMKmO9Egyj33NXRGojXSZniOIU8gP4kILXjl5amakA3YUPx91pAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUyqfzKJ1HXgjlRxSSsvWmKw1iO3cwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDk2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSKTgw
DQYJKoZIhvcNAQELBQADggEBAJsqaTux32I0LsOnJEIs7NN5YbXkAtgX3qLmzaK8
GIijY0R3TVT9pEnkd1HhWNrucmU/BmELc0t3HOuU83ewRcxZHOLDu+zx4XCulywV
+FYvN1y4K00t3KrzcTeW6FML7m1TzFhjov+t+CYrF+YgycLpCRIruh2vAsrwwCRH
0G0LpwwBI0AT8FYnXbFAuSTPKpehm9liyzcskBYYDF51nWZ6J7/6w7jW++aoWvne
QMxzU4Z1W7hms7ta5Kks+nm+9gkQXVxmvuCTlb7CsRb7iHJ45Y8RzYGSM8UYmmt2
dt4M7+iI4JgKft4EgJaco5xkFLz5+7MdGvoMZ7uvz3SjdOI=
-----END CERTIFICATE-----