Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48605.roa
File:                     AS48605.roa (raw, json)
Hash identifier:          pP4CSQl8iNm5pOvMBtqoLUhS3FNXzkfKN23eDkvOCY0=
Subject key identifier:   ED:E0:6A:7D:9B:00:7B:C9:7A:0C:64:47:F3:6A:1A:50:CF:17:2A:FF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4030027D0AAC9C693F50C47DBAEFDC07A0B884E6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48605.roa
Signing time:             Thu 30 Jan 2025 15:53:52 +0000
ROA not before:           Thu 30 Jan 2025 15:48:52 +0000
ROA not after:            Thu 29 Jan 2026 15:53:52 +0000
asID:                     48605
IP address blocks:        181.215.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:30:02:7d:0a:ac:9c:69:3f:50:c4:7d:ba:ef:dc:07:a0:b8:84:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 30 15:48:52 2025 GMT
            Not After : Jan 29 15:53:52 2026 GMT
        Subject: CN=EDE06A7D9B007BC97A0C6447F36A1A50CF172AFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:03:76:b4:8b:f0:69:7e:01:08:c3:e5:20:f9:
                    e3:89:c7:87:a9:46:ba:ee:e5:65:7f:db:5d:03:1c:
                    fc:ad:e6:74:aa:8e:eb:ce:7e:23:01:24:06:99:e5:
                    45:4e:48:bb:6f:94:92:91:b6:08:cb:a7:9c:e0:ea:
                    c8:aa:30:d1:55:12:d9:2e:42:d1:6f:e4:af:01:a3:
                    ee:3b:09:c5:f1:56:8e:c1:6a:a2:65:19:bd:fb:26:
                    6e:e3:cc:61:db:dc:45:0c:2c:c9:fc:d7:a0:16:2d:
                    eb:5d:1d:2b:af:ec:64:fd:75:f3:8f:a4:e3:7d:0d:
                    60:39:c9:9f:da:b0:ae:8a:67:2d:d3:ee:e5:40:5e:
                    b9:53:a6:73:19:b2:02:94:cb:bb:b8:2c:11:44:7c:
                    a0:c3:c0:af:f9:e9:fc:55:fe:0d:0e:dd:39:05:30:
                    e9:50:8a:38:c4:3d:57:7e:03:1d:4f:29:cb:db:ea:
                    ed:45:30:81:4a:bb:8f:58:8a:b7:5b:4c:81:77:8f:
                    2f:53:aa:b3:78:55:e8:8d:34:ba:12:63:a2:da:7b:
                    dd:f7:a0:2f:66:15:56:c6:e4:0b:64:c1:6f:9b:7d:
                    9a:88:ff:84:f1:d2:c4:25:42:bd:44:b3:ec:aa:6e:
                    a8:77:07:f8:c7:ff:9a:dd:93:cc:ad:52:ba:e2:77:
                    ef:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E0:6A:7D:9B:00:7B:C9:7A:0C:64:47:F3:6A:1A:50:CF:17:2A:FF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:23:b8:e2:04:54:ec:0d:c0:53:38:50:ed:c7:50:e7:a3:d7:
         7b:18:37:94:2c:79:74:59:09:1e:81:62:40:41:e5:ed:7f:11:
         ac:aa:70:3f:f6:49:34:45:1d:82:9a:84:9d:06:20:b3:2f:48:
         85:c8:bb:37:8d:c8:1e:d2:eb:16:67:ac:1a:b0:25:9a:7d:53:
         cd:f2:72:91:f0:94:33:31:26:bc:bf:16:7c:22:1a:d9:ae:d3:
         ad:84:47:b0:49:30:da:81:d5:bd:6d:07:4b:b6:c6:75:e2:3f:
         a4:af:84:55:c1:dc:ba:7a:82:b3:1a:42:98:d5:4b:d2:48:da:
         e8:33:17:64:95:4e:3c:4d:9a:8a:0e:f5:4b:00:22:fe:45:ac:
         f2:75:44:7d:ef:b3:bb:3e:e0:58:79:7b:d8:5f:de:c3:c5:1f:
         12:82:a1:d5:ce:4c:a2:d6:a6:e3:c2:e4:14:cd:40:9c:4c:88:
         aa:c2:f6:8b:95:5f:a8:8d:79:9c:95:bc:c7:eb:cf:74:35:10:
         ab:64:99:06:15:67:11:c6:3a:3d:cc:c0:07:ab:e8:a8:b2:e8:
         8d:b7:b1:58:8a:e5:92:d6:d6:f2:d5:b1:62:13:2b:5c:91:49:
         51:73:a4:ce:8d:38:e6:22:90:76:d2:96:f1:22:84:98:66:59:
         1e:91:72:81
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQDACfQqsnGk/UMR9uu/cB6C4hOYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMzAxNTQ4NTJaFw0yNjAxMjkxNTUzNTJaMDMxMTAvBgNV
BAMTKEVERTA2QTdEOUIwMDdCQzk3QTBDNjQ0N0YzNkExQTUwQ0YxNzJBRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrA3a0i/BpfgEIw+Ug+eOJx4ep
Rrru5WV/210DHPyt5nSqjuvOfiMBJAaZ5UVOSLtvlJKRtgjLp5zg6siqMNFVEtku
QtFv5K8Bo+47CcXxVo7BaqJlGb37Jm7jzGHb3EUMLMn816AWLetdHSuv7GT9dfOP
pON9DWA5yZ/asK6KZy3T7uVAXrlTpnMZsgKUy7u4LBFEfKDDwK/56fxV/g0O3TkF
MOlQijjEPVd+Ax1PKcvb6u1FMIFKu49YirdbTIF3jy9TqrN4VeiNNLoSY6Lae933
oC9mFVbG5AtkwW+bfZqI/4Tx0sQlQr1Es+yqbqh3B/jH/5rdk8ytUrrid+/hAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU7eBqfZsAe8l6DGRH82oaUM8XKv8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDg2MDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11yAw
DQYJKoZIhvcNAQELBQADggEBAJAjuOIEVOwNwFM4UO3HUOej13sYN5QseXRZCR6B
YkBB5e1/EayqcD/2STRFHYKahJ0GILMvSIXIuzeNyB7S6xZnrBqwJZp9U83ycpHw
lDMxJry/FnwiGtmu062ER7BJMNqB1b1tB0u2xnXiP6SvhFXB3Lp6grMaQpjVS9JI
2ugzF2SVTjxNmooO9UsAIv5FrPJ1RH3vs7s+4Fh5e9hf3sPFHxKCodXOTKLWpuPC
5BTNQJxMiKrC9ouVX6iNeZyVvMfrz3Q1EKtkmQYVZxHGOj3MwAer6Kiy6I23sViK
5ZLW1vLVsWITK1yRSVFzpM6NOOYikHbSlvEihJhmWR6RcoE=
-----END CERTIFICATE-----