Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49791.roa
File:                     AS49791.roa (raw, json)
Hash identifier:          6WkxCXaU8yRqwdgnzF9kYhIlLSNtTGUuU4GcnkNxvj4=
Subject key identifier:   EC:01:95:54:A7:F2:FC:51:97:C0:9C:4E:16:29:98:7E:CB:C6:6E:E4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4810BBC98CA0DBC175331BCA1729EC600FB82C58
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49791.roa
Signing time:             Mon 23 Mar 2026 14:12:44 +0000
ROA not before:           Mon 23 Mar 2026 14:07:44 +0000
ROA not after:            Mon 22 Mar 2027 14:12:44 +0000
asID:                     49791
IP address blocks:        191.101.238.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:10:bb:c9:8c:a0:db:c1:75:33:1b:ca:17:29:ec:60:0f:b8:2c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 23 14:07:44 2026 GMT
            Not After : Mar 22 14:12:44 2027 GMT
        Subject: CN=EC019554A7F2FC5197C09C4E1629987ECBC66EE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4f:f5:fe:71:66:29:7f:23:0b:7b:b7:48:f3:
                    ef:32:2a:7f:0a:a0:3a:73:54:80:a7:7d:cc:13:a7:
                    3d:69:52:39:78:0e:fb:6a:e8:99:22:86:73:c3:cb:
                    b1:b1:d7:51:a8:48:7f:f8:7f:4c:59:a3:38:f9:52:
                    e9:3c:5f:36:27:7f:f2:0c:aa:8e:b1:23:c2:58:21:
                    67:b1:c2:0b:99:ac:9a:7d:75:44:28:b4:32:92:e5:
                    da:8b:2b:bb:8c:d8:6b:f5:f7:11:e3:86:d6:33:7d:
                    f3:b1:b2:2b:5c:27:ae:03:ed:ba:01:af:4e:f2:3f:
                    a8:8d:a1:6a:46:67:13:f4:93:2f:0c:a8:c1:1a:56:
                    ad:20:df:88:ff:54:de:d0:c5:29:fc:4f:54:db:32:
                    32:32:58:f3:1f:33:c7:59:47:03:a1:c4:44:26:7c:
                    e4:d5:a4:c7:d8:05:4b:00:c7:2c:9c:91:70:90:c1:
                    a9:4a:79:db:14:8b:e0:e3:ed:ea:85:8e:7f:d4:18:
                    cc:ef:0c:e6:2e:5d:d1:9e:89:c6:d3:48:4f:f1:39:
                    84:e4:0f:74:8d:10:36:32:36:9a:9e:89:5a:83:c0:
                    3e:b7:1b:8e:e2:53:c8:f5:78:1a:17:71:81:54:e0:
                    f3:10:a9:be:3a:1d:ee:6f:2b:f7:6c:ad:dc:cb:9c:
                    da:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:01:95:54:A7:F2:FC:51:97:C0:9C:4E:16:29:98:7E:CB:C6:6E:E4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS49791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:c1:21:49:4f:f4:af:f9:e2:bd:3b:80:fb:35:b0:1a:c4:dc:
         25:a3:cf:22:6a:fe:18:c5:0e:4b:ce:25:1f:65:db:7d:90:26:
         71:2d:75:95:13:ea:b7:35:a2:7e:81:6e:60:09:67:09:c9:d2:
         c8:1b:87:4e:4c:1c:e9:0c:b7:69:17:fd:1f:92:aa:8c:bd:03:
         f4:0b:99:fb:27:91:af:e8:73:3f:09:3f:25:07:23:94:62:75:
         c5:f0:4c:7b:3b:92:36:ab:82:39:a1:0f:19:c3:c6:61:3e:b4:
         67:8b:bd:01:bb:94:60:7e:46:d5:58:fd:2a:64:ee:f4:89:fe:
         23:ce:09:3b:3a:55:6d:df:78:0d:9f:58:12:b5:0e:6d:b6:ee:
         f9:44:75:61:9b:00:f6:99:fb:a5:f2:8d:27:36:92:6a:12:1f:
         bb:6c:1d:5e:e3:b0:aa:1c:f7:84:ac:68:e0:d1:7e:ac:32:83:
         78:9a:dd:ff:45:83:d6:99:0f:83:87:d2:d6:c5:3c:c6:d0:cb:
         6a:ed:8b:16:bd:34:60:0f:de:70:91:e4:d0:3c:70:80:e0:fd:
         d3:e8:ee:c3:c8:da:42:a1:6f:93:da:39:57:4e:db:c9:45:18:
         e6:a3:35:0e:f2:85:c5:68:4f:92:b7:a7:85:dc:b8:37:c1:ec:
         c7:45:27:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSBC7yYyg28F1MxvKFynsYA+4LFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjMxNDA3NDRaFw0yNzAzMjIxNDEyNDRaMDMxMTAvBgNV
BAMTKEVDMDE5NTU0QTdGMkZDNTE5N0MwOUM0RTE2Mjk5ODdFQ0JDNjZFRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9T/X+cWYpfyMLe7dI8+8yKn8K
oDpzVICnfcwTpz1pUjl4Dvtq6JkihnPDy7Gx11GoSH/4f0xZozj5Uuk8XzYnf/IM
qo6xI8JYIWexwguZrJp9dUQotDKS5dqLK7uM2Gv19xHjhtYzffOxsitcJ64D7boB
r07yP6iNoWpGZxP0ky8MqMEaVq0g34j/VN7QxSn8T1TbMjIyWPMfM8dZRwOhxEQm
fOTVpMfYBUsAxyyckXCQwalKedsUi+Dj7eqFjn/UGMzvDOYuXdGeicbTSE/xOYTk
D3SNEDYyNpqeiVqDwD63G47iU8j1eBoXcYFU4PMQqb46He5vK/dsrdzLnNo7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU7AGVVKfy/FGXwJxOFimYfsvGbuQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDk3OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG/Ze4w
DQYJKoZIhvcNAQELBQADggEBACTBIUlP9K/54r07gPs1sBrE3CWjzyJq/hjFDkvO
JR9l232QJnEtdZUT6rc1on6BbmAJZwnJ0sgbh05MHOkMt2kX/R+Sqoy9A/QLmfsn
ka/ocz8JPyUHI5RidcXwTHs7kjargjmhDxnDxmE+tGeLvQG7lGB+RtVY/Spk7vSJ
/iPOCTs6VW3feA2fWBK1Dm227vlEdWGbAPaZ+6XyjSc2kmoSH7tsHV7jsKoc94Ss
aODRfqwyg3ia3f9Fg9aZD4OH0tbFPMbQy2rtixa9NGAP3nCR5NA8cIDg/dPo7sPI
2kKhb5PaOVdO28lFGOajNQ7yhcVoT5K3p4XcuDfB7MdFJ5M=
-----END CERTIFICATE-----