Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48925.roa
File:                     AS48925.roa (raw, json)
Hash identifier:          DvdYljV0KnXCrPRc8GOdzcLGc8SkXdqHmY1SBTPMAJI=
Subject key identifier:   74:0F:D6:B8:0B:85:A1:C0:76:87:CF:7A:D2:7B:F1:7D:78:73:75:F5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       54A5880957936304E3B4A25252CAEC35107C8F36
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48925.roa
Signing time:             Mon 11 Nov 2024 11:54:06 +0000
ROA not before:           Mon 11 Nov 2024 11:49:06 +0000
ROA not after:            Mon 10 Nov 2025 11:54:06 +0000
asID:                     48925
IP address blocks:        181.215.63.0/24 maxlen: 24
                          191.96.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:a5:88:09:57:93:63:04:e3:b4:a2:52:52:ca:ec:35:10:7c:8f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 11 11:49:06 2024 GMT
            Not After : Nov 10 11:54:06 2025 GMT
        Subject: CN=740FD6B80B85A1C07687CF7AD27BF17D787375F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:59:01:bd:d0:23:bb:77:41:d9:a7:bc:52:5c:
                    44:1a:1e:4c:69:0f:d6:f2:d9:98:8f:b5:0f:c1:76:
                    9c:74:43:d7:71:bf:2c:4c:c0:b8:ab:ec:e5:49:7e:
                    15:cd:ea:47:c5:22:e4:77:03:89:c5:20:1b:35:95:
                    a7:4e:60:c9:53:eb:ff:71:2e:10:0d:ed:bb:00:25:
                    6b:d6:fb:9f:73:9e:11:93:ab:ab:5a:5d:31:f0:5d:
                    9c:e8:29:bc:7b:94:12:9f:71:fa:85:fb:9f:f5:0e:
                    2e:c1:61:dd:c3:b0:7d:a1:a4:e3:f2:78:f8:1c:d3:
                    09:5d:36:07:f8:20:16:09:2b:c1:50:8c:8b:b5:73:
                    b3:ed:04:ea:5b:ac:b1:c2:20:92:d3:0a:38:52:3f:
                    6a:97:7f:e3:f0:8b:58:62:38:4f:c5:5c:1f:5d:49:
                    2c:8b:7b:fe:5b:45:e0:3b:3b:a6:da:de:66:33:44:
                    46:30:99:2f:f8:5f:9e:2e:c3:20:ef:38:ea:11:a6:
                    2b:e4:9f:78:df:11:39:be:25:68:01:aa:60:cd:f5:
                    47:b4:5a:e9:12:65:66:4d:6a:3d:fb:f5:ab:d4:cb:
                    2f:90:c4:be:4a:3b:d6:a3:7a:40:0b:bc:bc:19:f5:
                    13:f9:38:b0:98:ed:17:2f:8b:28:b9:82:74:56:e2:
                    4a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:0F:D6:B8:0B:85:A1:C0:76:87:CF:7A:D2:7B:F1:7D:78:73:75:F5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.63.0/24
                  191.96.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:79:86:d3:5f:38:25:5c:9b:af:60:2d:09:47:03:ea:ba:27:
         b8:15:50:b0:be:a5:a9:a4:4e:95:cf:ea:c4:a7:10:eb:c8:d0:
         05:38:c9:a1:c4:38:ab:b9:d9:2e:45:99:9f:27:3a:0c:a1:4c:
         fd:65:1d:27:59:46:da:e5:6d:49:66:35:bd:a6:fc:95:a7:18:
         45:09:8b:18:aa:ff:b2:c2:73:e1:e0:6e:da:d8:bc:81:f4:31:
         4a:38:f3:ef:04:87:a3:ca:70:c0:0f:9c:db:20:30:8a:31:28:
         a2:68:3b:de:4a:cc:85:90:4c:d7:88:07:95:eb:d1:75:5c:a3:
         6f:23:a3:71:9d:7b:78:52:e9:85:58:4a:0f:1d:c0:f0:d0:e5:
         87:41:b1:0b:5f:7a:dd:5f:b7:3e:17:cd:8e:3c:ce:b7:dc:a7:
         c5:f7:e0:33:70:cf:87:33:fc:e0:95:d5:14:01:83:6a:87:91:
         d9:71:ce:ee:ac:78:92:31:c6:02:98:84:49:78:e2:4d:3c:34:
         96:52:ad:e6:95:7f:87:3d:2d:4d:6b:b6:23:ab:7c:03:bb:1f:
         3f:fe:27:af:2b:ed:cc:39:e5:c7:19:fe:05:53:e8:0e:9b:d6:
         41:f9:1c:20:01:dd:8c:ce:4a:e4:a3:a5:5d:6c:12:86:4e:74:
         81:b0:01:3d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUVKWICVeTYwTjtKJSUsrsNRB8jzYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMTExMTQ5MDZaFw0yNTExMTAxMTU0MDZaMDMxMTAvBgNV
BAMTKDc0MEZENkI4MEI4NUExQzA3Njg3Q0Y3QUQyN0JGMTdENzg3Mzc1RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/WQG90CO7d0HZp7xSXEQaHkxp
D9by2ZiPtQ/Bdpx0Q9dxvyxMwLir7OVJfhXN6kfFIuR3A4nFIBs1ladOYMlT6/9x
LhAN7bsAJWvW+59znhGTq6taXTHwXZzoKbx7lBKfcfqF+5/1Di7BYd3DsH2hpOPy
ePgc0wldNgf4IBYJK8FQjIu1c7PtBOpbrLHCIJLTCjhSP2qXf+Pwi1hiOE/FXB9d
SSyLe/5bReA7O6ba3mYzREYwmS/4X54uwyDvOOoRpivkn3jfETm+JWgBqmDN9Ue0
WukSZWZNaj379avUyy+QxL5KO9ajekALvLwZ9RP5OLCY7Rcviyi5gnRW4kplAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUdA/WuAuFocB2h8960nvxfXhzdfUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDg5MjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11z8D
BAC/YJgwDQYJKoZIhvcNAQELBQADggEBAD55htNfOCVcm69gLQlHA+q6J7gVULC+
pamkTpXP6sSnEOvI0AU4yaHEOKu52S5FmZ8nOgyhTP1lHSdZRtrlbUlmNb2m/JWn
GEUJixiq/7LCc+HgbtrYvIH0MUo48+8Eh6PKcMAPnNsgMIoxKKJoO95KzIWQTNeI
B5Xr0XVco28jo3Gde3hS6YVYSg8dwPDQ5YdBsQtfet1ftz4XzY48zrfcp8X34DNw
z4cz/OCV1RQBg2qHkdlxzu6seJIxxgKYhEl44k08NJZSreaVf4c9LU1rtiOrfAO7
Hz/+J68r7cw55ccZ/gVT6A6b1kH5HCAB3YzOSuSjpV1sEoZOdIGwAT0=
-----END CERTIFICATE-----