Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49791.roa
File:                     AS49791.roa (raw, json)
Hash identifier:          wQvOhK3WWYZSFQnAHl+D9ZcddQcIqzwG9nFn/XuU04k=
Subject key identifier:   8C:B7:09:FF:48:10:92:FF:70:69:DF:F2:46:1E:E0:63:4F:CC:E7:3A
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3E43AAD4F3344F864DED37C723D445FB6A6ADABD
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49791.roa
Signing time:             Thu 07 May 2026 15:47:11 +0000
ROA not before:           Thu 07 May 2026 15:42:11 +0000
ROA not after:            Thu 06 May 2027 15:47:11 +0000
asID:                     49791
IP address blocks:        178.95.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:43:aa:d4:f3:34:4f:86:4d:ed:37:c7:23:d4:45:fb:6a:6a:da:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  7 15:42:11 2026 GMT
            Not After : May  6 15:47:11 2027 GMT
        Subject: CN=8CB709FF481092FF7069DFF2461EE0634FCCE73A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:9d:81:ec:62:0c:f8:c1:4c:6c:53:d0:2a:f0:
                    b1:b0:6e:de:d1:06:8c:f7:9f:22:44:6a:d4:be:52:
                    2e:63:b1:90:9c:36:60:22:93:8c:82:b9:21:2f:4d:
                    b0:72:05:d2:17:77:69:29:c5:99:a7:db:2b:0a:63:
                    0b:58:73:1b:97:9d:97:c4:7b:f0:ba:63:85:6f:b5:
                    94:ba:75:0c:54:04:92:ad:98:35:55:f5:4e:27:92:
                    3d:9c:d4:da:33:90:15:20:46:d4:24:16:e8:fd:d9:
                    b4:0b:33:90:17:f0:43:b5:f3:6b:c8:3d:46:e7:50:
                    37:94:19:6f:f1:f5:64:d1:57:20:81:03:06:b2:53:
                    f8:ae:9f:5d:dc:21:c2:09:20:0f:9c:79:05:f4:f2:
                    a3:96:7d:6b:09:aa:1f:1b:f6:b2:3b:4d:40:02:3b:
                    84:7c:53:b7:1f:e6:39:87:63:0e:bc:76:14:c2:18:
                    cb:e9:52:4c:1c:2b:fc:13:35:44:a1:57:86:88:09:
                    bc:82:45:0b:14:b5:e1:7d:2e:fe:b9:26:42:26:fb:
                    60:3e:53:14:c8:d1:f9:f8:c5:2b:eb:83:0e:d8:4d:
                    41:52:41:e0:40:04:20:02:e7:2c:7f:b4:2b:68:26:
                    0a:aa:f9:83:01:c8:5e:a5:6f:15:f2:1f:ca:b2:c4:
                    9e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B7:09:FF:48:10:92:FF:70:69:DF:F2:46:1E:E0:63:4F:CC:E7:3A
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS49791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:5a:38:79:fd:20:8e:7d:0d:bd:8c:13:9b:62:e5:85:64:25:
         c9:63:01:4a:b8:fe:55:d2:23:bd:9d:55:42:f7:65:cd:de:e3:
         da:ed:04:bd:4c:7a:e1:c8:c1:60:fe:b3:d6:4c:e1:c7:bf:e5:
         7a:c3:5d:4a:28:b3:36:ce:47:2b:7b:c5:f5:6a:01:04:34:41:
         a7:3f:c7:4f:21:04:16:f7:9b:f3:5a:29:40:ad:74:1b:5d:a2:
         55:30:0f:1e:55:d6:c8:6d:10:f8:77:08:49:ac:23:5b:a7:3e:
         2d:45:d9:ba:2c:f1:6c:41:43:ee:5e:7f:8d:96:be:1f:2f:ad:
         56:15:7e:18:64:b2:72:2a:48:7f:c9:82:85:d1:cf:ef:a0:95:
         dc:d7:7b:79:69:aa:69:06:3a:f5:4c:80:95:1f:7c:29:f0:d0:
         dc:34:ce:2c:dc:55:2b:cd:15:0e:aa:8d:7d:25:47:05:4a:b3:
         32:53:99:bd:ab:d1:41:02:e5:f8:2a:3f:18:b0:42:ae:ac:24:
         d0:b8:fc:13:dd:94:57:39:32:f6:f9:a2:fe:18:8c:ef:03:e8:
         58:24:19:e2:08:67:fb:bc:47:99:17:bb:de:2a:46:ed:af:e3:
         3c:fd:91:e1:f9:99:a2:f2:1c:5b:51:1c:b0:2f:0b:94:02:81:
         4e:7f:fc:eb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPkOq1PM0T4ZN7TfHI9RF+2pq2r0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDcxNTQyMTFaFw0yNzA1MDYxNTQ3MTFaMDMxMTAvBgNV
BAMTKDhDQjcwOUZGNDgxMDkyRkY3MDY5REZGMjQ2MUVFMDYzNEZDQ0U3M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtnYHsYgz4wUxsU9Aq8LGwbt7R
Boz3nyJEatS+Ui5jsZCcNmAik4yCuSEvTbByBdIXd2kpxZmn2ysKYwtYcxuXnZfE
e/C6Y4VvtZS6dQxUBJKtmDVV9U4nkj2c1NozkBUgRtQkFuj92bQLM5AX8EO182vI
PUbnUDeUGW/x9WTRVyCBAwayU/iun13cIcIJIA+ceQX08qOWfWsJqh8b9rI7TUAC
O4R8U7cf5jmHYw68dhTCGMvpUkwcK/wTNUShV4aICbyCRQsUteF9Lv65JkIm+2A+
UxTI0fn4xSvrgw7YTUFSQeBABCAC5yx/tCtoJgqq+YMByF6lbxXyH8qyxJ7jAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUjLcJ/0gQkv9wad/yRh7gY0/M5zowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDk3OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyX18w
DQYJKoZIhvcNAQELBQADggEBAIFaOHn9II59Db2ME5ti5YVkJcljAUq4/lXSI72d
VUL3Zc3e49rtBL1MeuHIwWD+s9ZM4ce/5XrDXUooszbORyt7xfVqAQQ0Qac/x08h
BBb3m/NaKUCtdBtdolUwDx5V1shtEPh3CEmsI1unPi1F2bos8WxBQ+5ef42Wvh8v
rVYVfhhksnIqSH/JgoXRz++gldzXe3lpqmkGOvVMgJUffCnw0Nw0zizcVSvNFQ6q
jX0lRwVKszJTmb2r0UEC5fgqPxiwQq6sJNC4/BPdlFc5Mvb5ov4YjO8D6FgkGeII
Z/u8R5kXu94qRu2v4zz9keH5maLyHFtRHLAvC5QCgU5//Os=
-----END CERTIFICATE-----