Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48025.roa
File:                     AS48025.roa (raw, json)
Hash identifier:          cmJ3itYXWY6h8BixpSyOJvvUSCwnGl21ohjDeP5kyuc=
Subject key identifier:   E5:4C:C3:61:66:C3:6D:E0:A5:A3:17:74:0B:3C:4B:E0:DF:D7:43:42
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7271AED6834F20ADC5E268A7AE45FA44261F3AB1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48025.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     48025
IP address blocks:        45.88.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:71:ae:d6:83:4f:20:ad:c5:e2:68:a7:ae:45:fa:44:26:1f:3a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=E54CC36166C36DE0A5A317740B3C4BE0DFD74342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:60:e8:c1:cf:5d:1f:16:41:12:7d:28:16:d0:
                    e0:b8:2e:c2:86:9e:6f:26:6f:f1:68:fd:d1:a9:c2:
                    ea:c4:a7:e7:b7:43:5f:03:68:a3:61:51:11:18:dd:
                    7e:08:d2:e5:30:20:bf:9c:7d:ee:9c:15:85:6f:72:
                    a4:4b:a4:e5:cd:4f:95:d4:43:f4:32:02:a5:d9:bf:
                    5e:c7:cc:9c:a1:59:18:2b:7b:8c:44:45:6f:0d:f3:
                    4e:4c:7d:cc:c3:57:ba:0b:5d:23:ac:a2:1d:c6:8e:
                    95:35:a1:2a:45:06:7d:e3:b2:4b:f6:49:00:f5:39:
                    c4:86:08:af:7d:c9:1e:0a:fc:d5:fa:93:13:6a:28:
                    b6:47:a5:21:84:23:ad:ca:fc:b6:c4:2b:ae:ad:6d:
                    8c:22:c1:60:44:22:95:7d:78:9a:3d:96:9b:92:0a:
                    1d:28:42:b7:5a:c7:2e:f0:e1:b2:de:d8:62:08:59:
                    4a:92:e1:ab:84:00:12:b5:d8:26:55:1e:e4:b2:ce:
                    fe:e8:34:6f:91:05:0d:be:35:f7:70:6c:3e:f0:ff:
                    7b:15:76:83:ad:65:de:ae:b8:b0:f8:c3:8a:8a:ca:
                    85:6c:20:78:24:f8:de:91:f9:60:10:12:24:9c:5b:
                    3e:78:5d:22:22:f3:6c:5b:f4:d8:52:43:85:92:25:
                    61:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:4C:C3:61:66:C3:6D:E0:A5:A3:17:74:0B:3C:4B:E0:DF:D7:43:42
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:9d:e0:6e:c9:5a:d3:40:20:0d:08:7d:3c:c8:f5:eb:f6:5f:
         02:d9:27:d6:71:6f:4d:5a:92:a7:47:30:34:b6:5f:ac:47:66:
         ea:2b:c3:d3:13:a5:27:a1:14:8c:6a:9c:90:e6:31:f5:55:1b:
         ed:0e:f3:09:96:a6:31:cd:9d:b4:7d:8e:a4:9c:9d:f0:5b:0b:
         d6:e2:21:a9:cc:ec:26:04:45:ef:53:6a:ed:79:26:01:9b:39:
         43:86:d7:ea:38:df:db:3d:6b:72:66:40:09:05:a9:fe:97:ad:
         91:7b:50:0e:77:ed:5f:3a:da:a1:9e:a5:b3:18:cc:f6:c5:aa:
         df:d9:45:22:78:93:49:d7:e8:e5:6d:db:1c:02:66:af:b5:25:
         a6:c7:88:3a:de:f0:8a:6d:13:5c:59:46:a2:c3:52:a0:68:36:
         65:ae:40:0b:75:b5:6f:37:d5:00:94:60:5f:92:82:9e:73:32:
         75:79:9e:da:84:f6:32:ae:b0:e6:04:ea:f0:f0:3e:79:2e:47:
         56:d0:76:4b:99:ce:17:fa:c1:70:f9:21:c0:49:eb:83:53:92:
         27:89:dc:cd:58:9c:f9:d6:8d:84:8d:da:46:ce:2b:ee:a1:8a:
         ba:60:dd:2c:2c:c3:a0:5a:96:0d:4d:58:2b:97:47:dd:fa:44:
         33:4f:1e:43
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUcnGu1oNPIK3F4minrkX6RCYfOrEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKEU1NENDMzYxNjZDMzZERTBBNUEzMTc3NDBCM0M0QkUwREZENzQzNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJYOjBz10fFkESfSgW0OC4LsKG
nm8mb/Fo/dGpwurEp+e3Q18DaKNhUREY3X4I0uUwIL+cfe6cFYVvcqRLpOXNT5XU
Q/QyAqXZv17HzJyhWRgre4xERW8N805MfczDV7oLXSOsoh3GjpU1oSpFBn3jskv2
SQD1OcSGCK99yR4K/NX6kxNqKLZHpSGEI63K/LbEK66tbYwiwWBEIpV9eJo9lpuS
Ch0oQrdaxy7w4bLe2GIIWUqS4auEABK12CZVHuSyzv7oNG+RBQ2+NfdwbD7w/3sV
doOtZd6uuLD4w4qKyoVsIHgk+N6R+WAQEiScWz54XSIi82xb9NhSQ4WSJWG3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU5UzDYWbDbeCloxd0CzxL4N/XQ0IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDgwMjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWGAw
DQYJKoZIhvcNAQELBQADggEBAAid4G7JWtNAIA0IfTzI9ev2XwLZJ9Zxb01akqdH
MDS2X6xHZuorw9MTpSehFIxqnJDmMfVVG+0O8wmWpjHNnbR9jqScnfBbC9biIanM
7CYERe9Tau15JgGbOUOG1+o439s9a3JmQAkFqf6XrZF7UA537V862qGepbMYzPbF
qt/ZRSJ4k0nX6OVt2xwCZq+1JabHiDre8IptE1xZRqLDUqBoNmWuQAt1tW831QCU
YF+Sgp5zMnV5ntqE9jKusOYE6vDwPnkuR1bQdkuZzhf6wXD5IcBJ64NTkieJ3M1Y
nPnWjYSN2kbOK+6hirpg3Swsw6Balg1NWCuXR936RDNPHkM=
-----END CERTIFICATE-----