Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/AS48961.roa
File:                     AS48961.roa (raw, json)
Hash identifier:          3cIbAXwf9Yl1EVegsCq9QH9D9FfXgLy3FkzfZ43rjN4=
Subject key identifier:   7E:10:28:6C:B1:43:6E:09:C6:8D:7D:BC:43:B4:60:76:29:A1:A0:A8
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       5BB444D99D7BFFD0B00145462250E021FDC78F2D
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/AS48961.roa
Signing time:             Thu 29 May 2025 15:36:12 +0000
ROA not before:           Thu 29 May 2025 15:31:12 +0000
ROA not after:            Thu 28 May 2026 15:36:12 +0000
asID:                     48961
IP address blocks:        2a00:13d0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:b4:44:d9:9d:7b:ff:d0:b0:01:45:46:22:50:e0:21:fd:c7:8f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: May 29 15:31:12 2025 GMT
            Not After : May 28 15:36:12 2026 GMT
        Subject: CN=7E10286CB1436E09C68D7DBC43B4607629A1A0A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:66:23:64:cb:e1:b3:c7:87:1b:73:e1:0f:e8:
                    69:6d:8b:2d:9d:04:f2:52:7a:c0:c7:d0:c2:47:92:
                    ea:91:99:4f:59:6a:9c:90:65:87:88:5c:cf:c1:e8:
                    f3:e1:ae:23:a0:de:d8:54:fa:96:f8:3f:1a:f8:d2:
                    dc:7b:bb:20:0c:92:09:71:2b:89:d4:4d:3a:59:30:
                    06:03:dc:cb:2e:61:11:5e:6d:90:b0:91:d4:dc:42:
                    f6:44:98:5f:5c:b7:72:28:9f:4c:20:c3:62:cf:0b:
                    d8:17:10:32:64:fc:dc:95:a5:4f:55:6a:22:59:df:
                    71:2e:9d:af:11:b5:34:1f:0e:39:d1:be:19:90:d5:
                    b6:be:4e:21:57:14:3e:3f:83:00:12:4d:2f:d1:a6:
                    eb:2d:3b:cc:9a:d8:cc:83:2d:da:e5:a5:c4:68:4d:
                    b8:f5:fb:d4:ed:95:f6:11:63:4a:8f:a6:e4:7e:ac:
                    da:e8:2c:54:34:95:a5:f4:ca:a1:95:6b:9e:50:e3:
                    18:8a:f0:10:fe:96:ce:59:5f:2a:c3:12:3a:ee:65:
                    5f:e9:72:10:2e:1a:97:7e:23:d6:e1:fc:20:31:75:
                    8f:16:a8:4c:4e:d7:8e:16:3c:95:46:47:e4:9d:58:
                    55:96:f5:e3:c7:fc:58:e5:ea:0b:6b:a0:c9:0a:90:
                    41:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:10:28:6C:B1:43:6E:09:C6:8D:7D:BC:43:B4:60:76:29:A1:A0:A8
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/AS48961.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:13d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:f4:00:9b:30:4a:ed:52:b7:21:f1:97:96:d9:af:6b:94:92:
         c9:81:08:f6:a1:a2:d3:8a:3a:f0:7a:31:a9:cf:ef:81:f7:70:
         0d:fd:c9:17:0f:e7:60:49:36:32:d0:fe:9d:cf:b0:18:bf:fa:
         2a:bd:c2:e4:3d:81:54:9f:5e:69:a1:55:51:17:e3:77:c2:09:
         a3:7e:0b:1b:7d:4c:99:3b:79:bc:a3:32:4c:5c:b6:18:4b:a3:
         f3:84:ff:32:ed:8a:a4:51:0d:01:f2:84:f7:1f:ed:20:91:c2:
         20:15:28:a7:de:11:fc:b2:b3:b2:e7:5a:1a:3e:9a:09:77:39:
         a8:e0:26:18:ce:d7:5b:52:e1:31:53:4f:f9:57:18:2e:03:68:
         41:ca:64:f9:6a:60:fe:c7:59:70:32:74:df:c8:52:01:d0:f0:
         cf:0e:7f:52:2f:e4:92:47:79:27:31:6f:30:e1:c8:8c:4b:85:
         03:72:03:5f:1c:f3:70:d6:d1:b8:08:8f:91:1d:e5:3d:14:69:
         28:36:0b:97:cd:22:71:93:55:25:8f:2d:81:75:fb:49:58:3d:
         ef:ef:6c:eb:b7:53:d1:64:15:bb:03:95:e0:cc:94:d2:a3:0d:
         ea:4a:a5:4f:ea:7c:d0:b7:e0:3c:30:da:f1:84:5c:71:89:1b:
         37:db:72:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUW7RE2Z17/9CwAUVGIlDgIf3Hjy0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNTA1MjkxNTMxMTJaFw0yNjA1MjgxNTM2MTJaMDMxMTAvBgNV
BAMTKDdFMTAyODZDQjE0MzZFMDlDNjhEN0RCQzQzQjQ2MDc2MjlBMUEwQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzZiNky+Gzx4cbc+EP6Gltiy2d
BPJSesDH0MJHkuqRmU9ZapyQZYeIXM/B6PPhriOg3thU+pb4Pxr40tx7uyAMkglx
K4nUTTpZMAYD3MsuYRFebZCwkdTcQvZEmF9ct3Ion0wgw2LPC9gXEDJk/NyVpU9V
aiJZ33Euna8RtTQfDjnRvhmQ1ba+TiFXFD4/gwASTS/RpustO8ya2MyDLdrlpcRo
Tbj1+9TtlfYRY0qPpuR+rNroLFQ0laX0yqGVa55Q4xiK8BD+ls5ZXyrDEjruZV/p
chAuGpd+I9bh/CAxdY8WqExO144WPJVGR+SdWFWW9ePH/Fjl6gtroMkKkEHXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfhAobLFDbgnGjX28Q7RgdimhoKgwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzJlNmRhNWM3LTY3MGEt
NDFiMS05NmViLTM4OTkzODhiMjkyYy8wL0FTNDg5NjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqABPQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA79ACbMErtUrch8ZeW2a9rlJLJgQj2oaLTijrw
ejGpz++B93AN/ckXD+dgSTYy0P6dz7AYv/oqvcLkPYFUn15poVVRF+N3wgmjfgsb
fUyZO3m8ozJMXLYYS6PzhP8y7YqkUQ0B8oT3H+0gkcIgFSin3hH8srOy51oaPpoJ
dzmo4CYYztdbUuExU0/5VxguA2hBymT5amD+x1lwMnTfyFIB0PDPDn9SL+SSR3kn
MW8w4ciMS4UDcgNfHPNw1tG4CI+RHeU9FGkoNguXzSJxk1Uljy2BdftJWD3v72zr
t1PRZBW7A5XgzJTSow3qSqVP6nzQt+A8MNrxhFxxiRs323Ir
-----END CERTIFICATE-----