Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49399.roa
File:                     AS49399.roa (raw, json)
Hash identifier:          9c+ecK7qW7MFcf0BtqdOqqsBOBzk8lihc/P/uLHGiaA=
Subject key identifier:   B5:FE:11:6E:14:FD:6C:F9:2F:BD:22:A9:CF:59:39:B7:41:E9:48:8D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       38FFCEFCD2433ED33EBDE2508064F65BA1263297
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49399.roa
Signing time:             Wed 22 Apr 2026 03:36:05 +0000
ROA not before:           Wed 22 Apr 2026 03:31:05 +0000
ROA not after:            Wed 21 Apr 2027 03:36:05 +0000
asID:                     49399
IP address blocks:        141.11.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:ff:ce:fc:d2:43:3e:d3:3e:bd:e2:50:80:64:f6:5b:a1:26:32:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 22 03:31:05 2026 GMT
            Not After : Apr 21 03:36:05 2027 GMT
        Subject: CN=B5FE116E14FD6CF92FBD22A9CF5939B741E9488D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:21:1a:05:5e:0f:01:78:01:e6:98:70:64:8b:
                    65:c9:8f:a6:68:68:59:1d:5b:13:c6:f9:36:81:02:
                    67:a7:57:a0:ba:25:4d:d8:cf:93:28:54:c5:98:ef:
                    62:76:dc:66:fb:59:80:8f:52:38:34:23:01:90:40:
                    c1:27:3b:61:1d:7a:82:3f:a4:37:c6:53:cf:b9:63:
                    20:c3:3d:7d:dd:0e:03:c2:a6:ce:5d:91:28:04:6a:
                    d4:2b:d7:02:5a:d0:d1:91:af:8d:30:87:da:f3:7a:
                    08:1e:24:95:9d:c9:28:20:56:3e:4c:74:e9:37:d2:
                    e9:e0:9d:a6:5e:c4:b2:7e:e0:57:60:af:98:2b:3d:
                    3d:49:ef:c7:80:38:00:1d:65:25:7a:a9:82:0b:d5:
                    8b:6c:b4:31:7a:eb:65:7b:ab:6c:5e:a4:47:d4:00:
                    93:69:10:e2:67:b3:33:93:b1:e5:4f:26:67:2d:b2:
                    a1:47:67:bf:a6:0c:a5:97:33:73:43:c2:92:d0:02:
                    31:a1:a4:f5:d3:f2:52:a9:16:27:67:9d:04:a7:23:
                    09:c4:6b:59:8a:9c:de:bc:a8:d7:e2:27:e0:ec:17:
                    0b:c4:17:34:04:59:b2:84:a5:c5:c4:a1:5e:32:d6:
                    2f:8d:52:64:98:a4:92:7e:15:39:5b:38:4f:e3:3c:
                    1b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FE:11:6E:14:FD:6C:F9:2F:BD:22:A9:CF:59:39:B7:41:E9:48:8D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49399.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:90:36:7b:ff:86:e1:bf:b7:66:e2:d7:5c:10:c6:bc:1b:cd:
         71:e5:9f:d5:f6:68:f1:7c:d0:15:40:97:6f:9a:0f:d5:79:b8:
         5c:ce:83:f7:a2:3b:d4:e0:8f:06:c4:1e:d5:23:f5:74:09:86:
         be:62:a0:ab:ca:3d:f3:b5:90:49:48:f9:fc:92:aa:af:b4:16:
         4d:12:e3:5e:40:60:f1:82:6b:33:31:c2:85:f2:3a:9e:b2:b9:
         3a:e1:5d:9a:36:5b:09:dd:35:55:3d:9a:32:05:77:28:34:42:
         cc:b5:01:32:fd:9b:f0:95:ec:38:53:2a:e3:1f:fa:4c:3c:30:
         42:eb:fb:29:7f:92:a5:9f:9a:a9:4d:09:48:46:b4:da:ca:97:
         4a:b2:7c:c6:09:1d:1a:4c:c3:8d:73:ce:06:90:ec:39:72:d3:
         d7:d0:15:a0:fa:51:48:43:5e:67:8f:15:5e:f1:36:87:83:0a:
         cf:1c:9f:8b:5a:67:f7:b7:e1:00:48:06:62:e3:da:b1:39:3d:
         19:94:12:bb:b3:ce:3e:23:85:65:fb:73:3c:86:8d:38:fe:d4:
         84:44:f6:52:74:3b:0d:10:d8:fe:44:6c:16:8d:37:3d:5e:12:
         80:1f:08:d4:be:e2:27:bf:dc:8c:d8:a8:28:c2:42:b2:a0:29:
         6e:c9:31:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOP/O/NJDPtM+veJQgGT2W6EmMpcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MjIwMzMxMDVaFw0yNzA0MjEwMzM2MDVaMDMxMTAvBgNV
BAMTKEI1RkUxMTZFMTRGRDZDRjkyRkJEMjJBOUNGNTkzOUI3NDFFOTQ4OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMIRoFXg8BeAHmmHBki2XJj6Zo
aFkdWxPG+TaBAmenV6C6JU3Yz5MoVMWY72J23Gb7WYCPUjg0IwGQQMEnO2EdeoI/
pDfGU8+5YyDDPX3dDgPCps5dkSgEatQr1wJa0NGRr40wh9rzeggeJJWdySggVj5M
dOk30ungnaZexLJ+4Fdgr5grPT1J78eAOAAdZSV6qYIL1YtstDF662V7q2xepEfU
AJNpEOJnszOTseVPJmctsqFHZ7+mDKWXM3NDwpLQAjGhpPXT8lKpFidnnQSnIwnE
a1mKnN68qNfiJ+DsFwvEFzQEWbKEpcXEoV4y1i+NUmSYpJJ+FTlbOE/jPBvnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUtf4RbhT9bPkvvSKpz1k5t0HpSI0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDkzOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCxQw
DQYJKoZIhvcNAQELBQADggEBACyQNnv/huG/t2bi11wQxrwbzXHln9X2aPF80BVA
l2+aD9V5uFzOg/eiO9TgjwbEHtUj9XQJhr5ioKvKPfO1kElI+fySqq+0Fk0S415A
YPGCazMxwoXyOp6yuTrhXZo2WwndNVU9mjIFdyg0Qsy1ATL9m/CV7DhTKuMf+kw8
MELr+yl/kqWfmqlNCUhGtNrKl0qyfMYJHRpMw41zzgaQ7Dly09fQFaD6UUhDXmeP
FV7xNoeDCs8cn4taZ/e34QBIBmLj2rE5PRmUEruzzj4jhWX7czyGjTj+1IRE9lJ0
Ow0Q2P5EbBaNNz1eEoAfCNS+4ie/3IzYqCjCQrKgKW7JMZs=
-----END CERTIFICATE-----