Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          rMY2p1y/aRqDIUv3yfVhrbU+BHYdJqGy0jmtROD3BhM=
Subject key identifier:   C7:A2:C5:44:90:A4:2B:33:0C:6E:C6:51:8C:62:8F:71:44:65:B8:DC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4421F87DC776F1135DF94E9D604739CC04849709
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48678.roa
Signing time:             Wed 30 Oct 2024 11:39:19 +0000
ROA not before:           Wed 30 Oct 2024 11:34:19 +0000
ROA not after:            Wed 29 Oct 2025 11:39:19 +0000
asID:                     48678
IP address blocks:        45.157.16.0/24 maxlen: 24
                          91.198.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:21:f8:7d:c7:76:f1:13:5d:f9:4e:9d:60:47:39:cc:04:84:97:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 30 11:34:19 2024 GMT
            Not After : Oct 29 11:39:19 2025 GMT
        Subject: CN=C7A2C54490A42B330C6EC6518C628F714465B8DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:55:84:42:61:55:0e:bc:15:93:fd:d7:0c:05:
                    47:a9:83:4b:0c:e9:65:d1:78:a1:ca:4c:c7:d9:7a:
                    e6:ba:15:94:43:71:8d:f1:76:b7:d4:99:ff:19:60:
                    7f:3c:aa:56:57:45:c3:a0:b7:8d:34:9d:28:e4:99:
                    f1:51:ba:9c:e0:19:e1:2b:e9:a7:df:80:e2:88:f5:
                    49:44:40:b4:db:72:ce:28:33:97:4c:72:75:10:58:
                    a7:bc:db:16:2d:8b:26:a1:35:46:9f:dd:38:c4:aa:
                    af:60:5f:8a:af:d3:f4:27:83:80:1e:49:fb:a6:92:
                    54:b5:09:fb:77:f7:39:05:f0:fb:38:53:2b:71:ae:
                    6a:3e:71:15:8c:25:f7:c5:54:a1:05:ec:bd:97:0b:
                    95:70:9b:fb:d7:da:b1:cc:4a:c9:e7:cd:4e:14:8c:
                    43:30:67:3c:fe:6c:06:3a:69:dc:3c:0c:de:d4:a5:
                    81:67:9c:6a:da:94:28:92:98:1a:4b:ae:05:c7:a5:
                    c8:2f:c0:e0:76:fd:07:c5:4a:a2:c2:38:5a:1a:1d:
                    f7:69:29:ea:a3:17:dd:8b:3d:2b:09:54:b3:06:c1:
                    43:09:35:86:c5:f0:c9:74:ce:85:8a:ea:c9:c7:ee:
                    20:dc:b4:ed:bd:4b:d2:1c:47:ce:9d:6b:b1:09:07:
                    cf:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:A2:C5:44:90:A4:2B:33:0C:6E:C6:51:8C:62:8F:71:44:65:B8:DC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.16.0/24
                  91.198.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a5:36:16:0d:fa:49:4e:96:3f:4b:b1:c8:68:25:7a:b2:dd:
         4c:ca:04:82:de:80:c3:fa:1c:06:a5:e6:a4:ae:b0:51:41:e0:
         9c:56:58:3c:54:6e:4b:87:f9:4d:00:0f:43:46:39:84:ed:92:
         ab:bd:b6:6f:7e:02:e5:d1:13:10:30:d5:5d:b0:7c:9c:ac:8d:
         ea:13:a3:ba:37:74:ad:61:35:56:64:bb:49:e8:c5:d2:53:0d:
         8e:f3:f0:e0:18:0f:97:ea:d8:14:28:64:a4:72:ad:a4:17:99:
         e8:5e:3d:c6:c4:9b:02:cc:5b:78:c7:11:08:4c:27:00:76:b9:
         54:a1:46:26:db:3c:2b:45:8a:46:dc:ee:b9:39:2d:af:44:bc:
         de:da:43:97:f9:21:c3:06:37:2a:f3:10:f2:3a:4b:4a:b2:b0:
         f6:37:61:60:c4:89:35:ec:87:5a:4c:f9:9b:e2:9d:dc:90:83:
         07:92:9a:43:aa:10:37:06:52:c0:7e:b5:88:83:3e:bf:ee:49:
         1d:19:aa:93:c2:de:e6:65:81:3a:ad:90:f8:00:82:61:c9:1e:
         9a:26:40:71:81:c6:4d:28:80:da:7f:cd:ac:47:c2:dc:7a:a9:
         b2:28:14:d2:54:05:10:14:55:06:27:45:46:48:e3:b6:10:55:
         10:e9:e8:ae
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIURCH4fcd28RNd+U6dYEc5zASElwkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMzAxMTM0MTlaFw0yNTEwMjkxMTM5MTlaMDMxMTAvBgNV
BAMTKEM3QTJDNTQ0OTBBNDJCMzMwQzZFQzY1MThDNjI4RjcxNDQ2NUI4REMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4VYRCYVUOvBWT/dcMBUepg0sM
6WXReKHKTMfZeua6FZRDcY3xdrfUmf8ZYH88qlZXRcOgt400nSjkmfFRupzgGeEr
6affgOKI9UlEQLTbcs4oM5dMcnUQWKe82xYtiyahNUaf3TjEqq9gX4qv0/Qng4Ae
SfumklS1Cft39zkF8Ps4Uytxrmo+cRWMJffFVKEF7L2XC5Vwm/vX2rHMSsnnzU4U
jEMwZzz+bAY6adw8DN7UpYFnnGralCiSmBpLrgXHpcgvwOB2/QfFSqLCOFoaHfdp
KeqjF92LPSsJVLMGwUMJNYbF8Ml0zoWK6snH7iDctO29S9IcR86da7EJB8+TAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUx6LFRJCkKzMMbsZRjGKPcURluNwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtnRAD
BABbxkIwDQYJKoZIhvcNAQELBQADggEBAJqlNhYN+klOlj9LschoJXqy3UzKBILe
gMP6HAal5qSusFFB4JxWWDxUbkuH+U0AD0NGOYTtkqu9tm9+AuXRExAw1V2wfJys
jeoTo7o3dK1hNVZku0noxdJTDY7z8OAYD5fq2BQoZKRyraQXmehePcbEmwLMW3jH
EQhMJwB2uVShRibbPCtFikbc7rk5La9EvN7aQ5f5IcMGNyrzEPI6S0qysPY3YWDE
iTXsh1pM+ZvindyQgweSmkOqEDcGUsB+tYiDPr/uSR0ZqpPC3uZlgTqtkPgAgmHJ
HpomQHGBxk0ogNp/zaxHwtx6qbIoFNJUBRAUVQYnRUZI47YQVRDp6K4=
-----END CERTIFICATE-----