Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS49453.roa
File:                     AS49453.roa (raw, json)
Hash identifier:          2WgzPKiVJPw0zwBP4EzIbRpOzhZRx9bzIe65obi20/g=
Subject key identifier:   FB:AF:48:41:A8:41:68:06:2F:87:F2:0C:42:E9:60:8B:64:16:91:02
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3CF9DA982CE0820F3F518BDE43765C9FEF5C8CB1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS49453.roa
Signing time:             Mon 23 Mar 2026 08:29:13 +0000
ROA not before:           Mon 23 Mar 2026 08:24:13 +0000
ROA not after:            Mon 22 Mar 2027 08:29:13 +0000
asID:                     49453
IP address blocks:        143.20.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f9:da:98:2c:e0:82:0f:3f:51:8b:de:43:76:5c:9f:ef:5c:8c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar 23 08:24:13 2026 GMT
            Not After : Mar 22 08:29:13 2027 GMT
        Subject: CN=FBAF4841A84168062F87F20C42E9608B64169102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:93:40:89:d5:93:0d:f6:9d:73:31:85:41:5f:
                    ab:2c:26:fe:3b:d2:27:97:ce:eb:8b:63:26:0b:19:
                    1c:80:34:85:3e:3e:a4:12:82:63:a2:bb:cd:30:31:
                    3a:71:e8:03:ae:58:72:79:f2:cc:3b:0c:20:37:2c:
                    9b:5c:9a:6b:cb:7e:f4:ff:22:1a:d5:01:1f:bd:0f:
                    00:e1:1c:c3:7e:32:50:ad:31:38:63:29:0b:47:b4:
                    5e:b7:65:bd:de:e8:93:d0:6a:5e:b8:8c:d9:56:db:
                    2b:a2:9d:7e:bc:17:b4:46:37:ee:b3:f1:c7:9f:10:
                    d7:29:a5:4c:70:d0:06:0d:a2:72:12:b9:0f:22:79:
                    57:56:6a:4d:f8:a0:e7:cc:50:ab:c5:a7:f5:d5:8c:
                    26:ba:1d:be:24:44:52:8a:4c:61:95:12:df:93:fe:
                    68:e5:b3:15:6b:e1:b9:1e:79:29:a8:2d:71:1f:ab:
                    a4:2a:86:9f:c8:a1:8f:58:17:d7:15:31:23:be:67:
                    ee:89:76:48:ce:4f:37:ae:0b:a9:26:68:9a:64:4a:
                    35:5a:ac:8b:5b:96:95:30:9b:8c:db:e4:31:5a:7a:
                    80:ac:81:8b:85:29:66:4e:88:cc:87:9d:5c:18:9e:
                    b1:bd:9b:7a:23:15:8e:72:13:56:f5:31:d8:37:88:
                    f0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:AF:48:41:A8:41:68:06:2F:87:F2:0C:42:E9:60:8B:64:16:91:02
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS49453.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:e6:87:6c:e5:0a:95:86:e6:0a:86:50:1d:17:32:56:8b:b7:
         3c:aa:76:f2:b1:1f:21:b0:28:ae:b6:2d:49:18:b7:4e:79:de:
         d9:cd:4f:0f:3f:b4:68:0e:ae:8b:95:fd:eb:37:a7:be:ca:a8:
         f3:23:dc:62:50:a6:97:07:5c:3b:a9:f7:54:87:fc:78:6b:0d:
         58:f6:28:37:f8:55:85:5a:d2:f4:96:2a:ee:e7:a7:69:7c:8f:
         18:c5:f7:45:5f:62:5f:55:57:eb:58:ba:ea:60:f8:1f:0c:fd:
         8d:66:ab:5d:29:e8:fb:e4:95:a4:a1:2e:a6:8e:19:37:8d:46:
         c5:7f:6e:73:7b:b0:fc:25:e1:73:5c:61:e0:ed:43:a8:8c:06:
         ce:95:11:26:fc:37:35:79:cf:a9:ce:6b:39:e1:9b:da:3a:b4:
         34:f7:91:3c:c2:d0:06:8d:4c:9b:ff:19:09:bb:4a:87:f0:dd:
         e6:ff:da:c6:c6:ee:f6:0f:83:1a:23:86:33:ab:ed:3a:7c:7d:
         ad:56:1e:65:c1:f0:94:d6:7a:cb:4a:b2:69:1d:5b:d3:cb:7b:
         48:0a:69:b5:b5:b8:22:98:dc:78:44:6c:02:2d:09:22:7a:eb:
         4c:54:bc:04:ac:6a:9c:b7:48:9e:ee:96:b2:41:5b:11:af:80:
         f5:1d:8d:2d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPPnamCzggg8/UYveQ3Zcn+9cjLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMjMwODI0MTNaFw0yNzAzMjIwODI5MTNaMDMxMTAvBgNV
BAMTKEZCQUY0ODQxQTg0MTY4MDYyRjg3RjIwQzQyRTk2MDhCNjQxNjkxMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1k0CJ1ZMN9p1zMYVBX6ssJv47
0ieXzuuLYyYLGRyANIU+PqQSgmOiu80wMTpx6AOuWHJ58sw7DCA3LJtcmmvLfvT/
IhrVAR+9DwDhHMN+MlCtMThjKQtHtF63Zb3e6JPQal64jNlW2yuinX68F7RGN+6z
8cefENcppUxw0AYNonISuQ8ieVdWak34oOfMUKvFp/XVjCa6Hb4kRFKKTGGVEt+T
/mjlsxVr4bkeeSmoLXEfq6Qqhp/IoY9YF9cVMSO+Z+6JdkjOTzeuC6kmaJpkSjVa
rItblpUwm4zb5DFaeoCsgYuFKWZOiMyHnVwYnrG9m3ojFY5yE1b1Mdg3iPBXAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+69IQahBaAYvh/IMQulgi2QWkQIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDk0NTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPFGww
DQYJKoZIhvcNAQELBQADggEBADXmh2zlCpWG5gqGUB0XMlaLtzyqdvKxHyGwKK62
LUkYt0553tnNTw8/tGgOrouV/es3p77KqPMj3GJQppcHXDup91SH/HhrDVj2KDf4
VYVa0vSWKu7np2l8jxjF90VfYl9VV+tYuupg+B8M/Y1mq10p6PvklaShLqaOGTeN
RsV/bnN7sPwl4XNcYeDtQ6iMBs6VESb8NzV5z6nOaznhm9o6tDT3kTzC0AaNTJv/
GQm7Sofw3eb/2sbG7vYPgxojhjOr7Tp8fa1WHmXB8JTWestKsmkdW9PLe0gKabW1
uCKY3HhEbAItCSJ660xUvASsapy3SJ7ulrJBWxGvgPUdjS0=
-----END CERTIFICATE-----