Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS49581.roa
File:                     AS49581.roa (raw, json)
Hash identifier:          u3BQiSPTZ3Gi7tLWIR6702E+3dI5IyFZNtwtRAtkoVk=
Subject key identifier:   B4:97:8E:1E:EC:2D:F2:08:BF:2C:34:B6:54:0B:0F:CD:3E:DF:37:BC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       659D6558F2A41F41B2B820004046BCD399CD7771
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS49581.roa
Signing time:             Wed 23 Apr 2025 14:24:42 +0000
ROA not before:           Wed 23 Apr 2025 14:19:42 +0000
ROA not after:            Wed 22 Apr 2026 14:24:42 +0000
asID:                     49581
IP address blocks:        45.157.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:9d:65:58:f2:a4:1f:41:b2:b8:20:00:40:46:bc:d3:99:cd:77:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 23 14:19:42 2025 GMT
            Not After : Apr 22 14:24:42 2026 GMT
        Subject: CN=B4978E1EEC2DF208BF2C34B6540B0FCD3EDF37BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:bc:5a:47:0b:06:b1:4b:3f:1c:73:03:b7:df:
                    37:39:51:4f:db:bc:3a:aa:79:a6:b8:28:e8:9a:58:
                    b3:7a:71:6f:fb:4b:22:b7:53:95:85:1a:af:9c:f7:
                    cd:1a:ef:97:cd:d3:ce:dd:0e:ab:2d:49:91:d1:2f:
                    ec:5e:90:c1:e5:aa:24:51:35:fa:a6:52:f5:a7:17:
                    43:69:2d:06:12:c5:62:a5:00:f6:85:ee:6b:32:a9:
                    f4:68:60:01:2a:da:61:9f:a1:d1:83:04:49:34:64:
                    e3:bb:48:92:92:0c:1e:16:9d:30:77:4a:61:99:2b:
                    96:2b:cd:3b:7a:ec:23:04:13:dc:73:b6:1d:65:d0:
                    3d:29:d8:8b:31:62:5f:a2:2b:20:fe:83:05:36:53:
                    89:9f:67:87:95:68:15:6a:6f:6f:db:ce:40:f6:b6:
                    ad:a1:21:32:f2:52:6d:32:8d:3b:1e:d5:7e:91:fc:
                    7e:6e:a5:33:91:70:d3:70:8d:d2:18:83:c2:51:78:
                    d2:52:0a:8e:07:43:17:4e:57:70:d6:62:d3:53:96:
                    9a:9b:55:18:7d:ff:65:bc:12:18:22:90:83:cb:2e:
                    44:1b:72:93:a0:01:cb:bd:dc:b4:4a:a2:c7:58:63:
                    cf:a2:bb:7f:40:22:5d:55:d8:da:1a:b0:c9:fb:17:
                    81:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:97:8E:1E:EC:2D:F2:08:BF:2C:34:B6:54:0B:0F:CD:3E:DF:37:BC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS49581.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:5f:4b:b2:7f:1b:49:e6:5e:89:0f:10:96:30:7e:61:9d:40:
         5e:5c:79:97:d9:04:b7:f2:0d:0a:09:af:28:12:b3:81:45:36:
         de:b9:42:cb:fd:b8:8a:f2:9f:30:62:8d:00:90:6f:fa:fa:ed:
         37:bf:1f:68:c4:b0:ab:0f:43:e4:ea:0c:22:ae:82:1c:b1:3f:
         8d:23:38:28:1a:43:3b:c1:d3:a0:12:48:5d:cf:a4:da:d4:9c:
         32:8d:fc:d9:48:0f:09:68:92:8f:16:b3:f0:94:be:05:cb:bd:
         6e:a1:26:37:f3:d3:56:7e:a9:f0:54:f7:38:a5:0c:42:50:a8:
         ad:35:fa:b0:c0:c0:c4:8d:2e:ad:24:2e:34:b8:03:f4:e9:69:
         10:5e:b3:a0:8c:a7:1a:12:a3:7b:9c:ed:64:c3:07:d0:2a:d8:
         1e:5b:2b:96:36:5c:5c:cf:b4:36:85:7f:d9:77:2b:d7:e0:c9:
         aa:f5:33:f9:d9:d9:6b:95:4c:dc:85:ad:62:3c:c0:e2:b1:ba:
         1a:b9:39:60:7d:51:12:d9:24:08:03:a2:cb:4c:02:fe:60:1e:
         54:5b:be:2a:c9:04:fe:22:aa:2f:98:fa:3a:90:49:1b:2e:21:
         79:4b:db:38:1c:d6:ec:15:e8:63:6f:7d:b9:a8:f4:ef:22:d1:
         0c:ae:02:d6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZZ1lWPKkH0GyuCAAQEa805nNd3EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MjMxNDE5NDJaFw0yNjA0MjIxNDI0NDJaMDMxMTAvBgNV
BAMTKEI0OTc4RTFFRUMyREYyMDhCRjJDMzRCNjU0MEIwRkNEM0VERjM3QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+vFpHCwaxSz8ccwO33zc5UU/b
vDqqeaa4KOiaWLN6cW/7SyK3U5WFGq+c980a75fN087dDqstSZHRL+xekMHlqiRR
NfqmUvWnF0NpLQYSxWKlAPaF7msyqfRoYAEq2mGfodGDBEk0ZOO7SJKSDB4WnTB3
SmGZK5YrzTt67CMEE9xzth1l0D0p2IsxYl+iKyD+gwU2U4mfZ4eVaBVqb2/bzkD2
tq2hITLyUm0yjTse1X6R/H5upTORcNNwjdIYg8JReNJSCo4HQxdOV3DWYtNTlpqb
VRh9/2W8EhgikIPLLkQbcpOgAcu93LRKosdYY8+iu39AIl1V2NoasMn7F4E3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUtJeOHuwt8gi/LDS2VAsPzT7fN7wwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDk1ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtnREw
DQYJKoZIhvcNAQELBQADggEBAJRfS7J/G0nmXokPEJYwfmGdQF5ceZfZBLfyDQoJ
rygSs4FFNt65Qsv9uIrynzBijQCQb/r67Te/H2jEsKsPQ+TqDCKughyxP40jOCga
QzvB06ASSF3PpNrUnDKN/NlIDwloko8Ws/CUvgXLvW6hJjfz01Z+qfBU9zilDEJQ
qK01+rDAwMSNLq0kLjS4A/TpaRBes6CMpxoSo3uc7WTDB9Aq2B5bK5Y2XFzPtDaF
f9l3K9fgyar1M/nZ2WuVTNyFrWI8wOKxuhq5OWB9URLZJAgDostMAv5gHlRbvirJ
BP4iqi+Y+jqQSRsuIXlL2zgc1uwV6GNvfbmo9O8i0QyuAtY=
-----END CERTIFICATE-----