Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48605.roa
File:                     AS48605.roa (raw, json)
Hash identifier:          raCzzdZMmMqekW/Rj/zW6xFzsahSJkHgjRt/xc30xpY=
Subject key identifier:   28:C8:A7:2F:FE:EA:61:49:99:D8:49:79:73:7F:D3:4B:EE:DC:CA:FB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       496A0C2646C374EAFE1D1D5ECDD79C13342417B5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48605.roa
Signing time:             Thu 29 Feb 2024 15:05:14 +0000
ROA not before:           Thu 29 Feb 2024 15:00:14 +0000
ROA not after:            Thu 27 Feb 2025 15:05:14 +0000
asID:                     48605
IP address blocks:        181.215.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:6a:0c:26:46:c3:74:ea:fe:1d:1d:5e:cd:d7:9c:13:34:24:17:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 29 15:00:14 2024 GMT
            Not After : Feb 27 15:05:14 2025 GMT
        Subject: CN=28C8A72FFEEA614999D84979737FD34BEEDCCAFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:58:cb:a2:8a:9e:6e:49:29:01:1e:06:7c:8a:
                    2c:d4:c9:ea:e3:29:6a:a1:f5:ed:50:29:6e:5b:e7:
                    e1:c0:d2:49:81:1b:a7:33:ab:54:8e:26:1e:7b:ab:
                    c5:b0:4a:8d:30:60:03:3d:e1:af:ec:d0:ab:a3:06:
                    52:44:46:96:7b:8a:a3:ff:df:b6:7d:26:1d:8d:fa:
                    ab:6e:db:9f:af:bb:aa:6d:d8:c8:82:11:8e:f6:ae:
                    ef:1b:08:2e:df:f3:dd:a8:7d:ca:52:9a:d9:d4:e8:
                    84:bd:04:9c:a2:1c:1a:29:23:cc:34:51:9b:d6:47:
                    e2:54:8f:e5:3b:15:cf:f8:78:c1:0b:e8:b0:3f:da:
                    68:92:b0:84:b5:3d:11:d8:5d:85:94:30:61:01:1f:
                    7f:9f:20:dc:bf:61:a0:46:0b:f0:27:18:ed:07:4f:
                    6d:3c:5c:4b:44:cb:39:63:23:0f:03:64:74:fd:1f:
                    be:3f:07:cf:2a:28:c4:c7:f7:39:e6:ce:7c:48:44:
                    ad:02:d5:d4:91:0c:0a:f8:5d:a7:3a:bf:30:4c:eb:
                    9e:ba:9a:3c:44:00:64:39:a8:14:9f:43:e3:dc:20:
                    fc:2b:81:b3:35:c6:c2:91:57:14:a6:cb:6c:e1:b3:
                    de:6f:9e:14:ef:b0:f2:9f:bb:51:e0:9c:b1:32:d3:
                    1c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C8:A7:2F:FE:EA:61:49:99:D8:49:79:73:7F:D3:4B:EE:DC:CA:FB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:1d:4f:48:4d:8f:b9:cd:4f:d6:e0:35:6d:cf:8d:ea:60:56:
         39:43:0e:45:a0:27:6e:c4:2f:0f:74:a0:e6:d8:1f:ee:2e:12:
         60:ca:94:5c:b1:b6:a0:f7:1d:f9:76:a4:ab:a3:29:6a:3a:d0:
         07:56:f4:dc:9d:55:44:8e:e1:a7:fd:aa:66:55:39:2e:f4:47:
         43:a9:21:f3:bf:cf:3f:04:37:ae:22:bb:aa:11:d7:40:0b:67:
         e5:1a:22:5f:3b:49:46:b4:0e:ff:1c:d3:0a:c6:1d:be:90:7c:
         81:52:ce:3b:5a:06:1d:7b:ef:8c:43:40:77:61:82:fc:94:a7:
         eb:b3:07:55:d7:9f:fc:52:4e:47:68:8c:3f:26:fb:e6:ba:d1:
         a0:31:74:c2:c6:b9:c1:e4:b3:7f:a5:6d:91:87:aa:f1:89:9b:
         c4:63:02:0b:64:27:69:ca:9c:c3:aa:3a:80:f0:0f:5a:0b:b8:
         38:90:fa:ab:0f:57:8e:5c:69:21:6a:f5:38:87:34:df:e4:ab:
         13:7a:3b:f1:09:14:64:2a:9f:f8:9a:be:9d:17:7f:7a:cd:80:
         a9:e1:85:df:d3:b8:03:8c:0c:26:c9:6b:1b:2f:23:06:3a:db:
         21:72:c1:c6:81:34:3d:d4:de:4c:af:1d:e4:7d:c1:06:da:3c:
         9f:56:ce:f7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSWoMJkbDdOr+HR1ezdecEzQkF7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMjkxNTAwMTRaFw0yNTAyMjcxNTA1MTRaMDMxMTAvBgNV
BAMTKDI4QzhBNzJGRkVFQTYxNDk5OUQ4NDk3OTczN0ZEMzRCRUVEQ0NBRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChWMuiip5uSSkBHgZ8iizUyerj
KWqh9e1QKW5b5+HA0kmBG6czq1SOJh57q8WwSo0wYAM94a/s0KujBlJERpZ7iqP/
37Z9Jh2N+qtu25+vu6pt2MiCEY72ru8bCC7f892ofcpSmtnU6IS9BJyiHBopI8w0
UZvWR+JUj+U7Fc/4eMEL6LA/2miSsIS1PRHYXYWUMGEBH3+fINy/YaBGC/AnGO0H
T208XEtEyzljIw8DZHT9H74/B88qKMTH9znmznxIRK0C1dSRDAr4Xac6vzBM6566
mjxEAGQ5qBSfQ+PcIPwrgbM1xsKRVxSmy2zhs95vnhTvsPKfu1HgnLEy0xzbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUKMinL/7qYUmZ2El5c3/TS+7cyvswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDg2MDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11yAw
DQYJKoZIhvcNAQELBQADggEBAHAdT0hNj7nNT9bgNW3PjepgVjlDDkWgJ27ELw90
oObYH+4uEmDKlFyxtqD3Hfl2pKujKWo60AdW9NydVUSO4af9qmZVOS70R0OpIfO/
zz8EN64iu6oR10ALZ+UaIl87SUa0Dv8c0wrGHb6QfIFSzjtaBh1774xDQHdhgvyU
p+uzB1XXn/xSTkdojD8m++a60aAxdMLGucHks3+lbZGHqvGJm8RjAgtkJ2nKnMOq
OoDwD1oLuDiQ+qsPV45caSFq9TiHNN/kqxN6O/EJFGQqn/iavp0Xf3rNgKnhhd/T
uAOMDCbJaxsvIwY62yFywcaBND3U3kyvHeR9wQbaPJ9Wzvc=
-----END CERTIFICATE-----