Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          vyjKmYynyepb6bdr1kG5e2UtI0pAI4vU0S7NW0E3fA4=
Subject key identifier:   A8:2B:15:2A:F8:5F:1C:49:99:20:63:11:27:92:BA:8C:D0:C4:93:9D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       75379BE70756A830E352BFF41FFD7CB47CDC0428
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48678.roa
Signing time:             Sat 01 Mar 2025 11:12:33 +0000
ROA not before:           Sat 01 Mar 2025 11:07:33 +0000
ROA not after:            Sat 28 Feb 2026 11:12:33 +0000
asID:                     48678
IP address blocks:        91.198.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:37:9b:e7:07:56:a8:30:e3:52:bf:f4:1f:fd:7c:b4:7c:dc:04:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar  1 11:07:33 2025 GMT
            Not After : Feb 28 11:12:33 2026 GMT
        Subject: CN=A82B152AF85F1C49992063112792BA8CD0C4939D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1d:f1:a8:48:6c:5d:2f:3d:ba:7d:09:30:fe:
                    90:05:df:b3:e8:77:c0:24:94:1d:d2:3b:06:52:12:
                    86:ba:a7:a5:e9:27:81:be:11:c5:3f:b1:b9:94:dc:
                    92:18:c2:db:ef:c7:be:54:28:56:2a:ad:93:04:30:
                    a8:be:e2:42:65:28:6c:b8:31:9d:10:6d:30:1d:84:
                    48:19:c4:5b:a7:8d:97:01:50:7c:18:a5:eb:20:85:
                    42:dc:9e:89:c3:eb:40:ad:b4:1c:05:c0:af:55:1e:
                    c9:41:94:14:e4:c9:3b:dc:49:33:d7:b0:64:c4:77:
                    c5:1d:d0:c7:2d:fc:75:ba:29:de:b1:09:92:c7:12:
                    1b:6c:98:99:35:68:e3:54:54:b4:fe:16:b4:3f:0e:
                    ef:da:94:84:01:ed:c3:76:f5:c0:fa:a9:38:e6:a8:
                    52:a4:35:76:80:22:89:f3:dc:2a:0f:ac:28:c1:aa:
                    bb:f3:19:4d:15:37:6c:c6:eb:e6:da:c6:64:af:e4:
                    2b:46:0b:5e:0b:81:ec:12:36:5a:73:f0:80:3d:65:
                    25:86:0d:da:f6:32:9a:c5:c5:10:9d:aa:24:2d:c9:
                    0c:bc:fb:cf:80:ae:83:4e:96:35:04:59:60:5f:0b:
                    34:86:da:27:e1:54:23:df:ab:12:0c:51:e1:df:e7:
                    f3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:2B:15:2A:F8:5F:1C:49:99:20:63:11:27:92:BA:8C:D0:C4:93:9D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:6b:16:fc:86:61:3b:f9:44:1c:47:0d:04:53:eb:d8:94:c5:
         8e:e1:3a:01:15:1b:ac:4b:90:e3:b8:84:05:a2:32:26:72:2a:
         55:e4:2c:9f:e7:88:e6:bd:c2:03:00:4b:75:aa:f5:91:28:eb:
         5e:8b:38:1c:a5:17:d3:69:49:cd:f5:30:1b:d9:96:bf:e0:4a:
         89:ca:e3:e8:0f:6e:b4:e6:13:d1:e9:4c:50:fe:19:d5:1b:1e:
         2a:fc:ae:90:45:b0:9f:18:de:72:83:e8:5b:0e:36:5a:d5:08:
         eb:41:80:eb:b7:83:75:5a:9d:61:fb:34:69:a4:bb:5a:e7:3d:
         6f:a7:7e:08:9e:74:a8:3e:07:a4:a1:02:75:ed:99:c2:9d:43:
         d7:f0:19:f6:12:6b:1d:d3:4a:46:a0:ae:9b:b9:cd:0f:7f:3d:
         31:8d:36:32:5f:e5:58:50:0b:44:31:24:8d:5a:b9:d3:ce:93:
         c5:79:2d:04:fd:ba:36:9e:a7:04:de:2f:1a:85:fc:0a:d0:16:
         1c:77:53:80:84:5e:30:43:c9:90:70:cc:3a:da:14:08:54:04:
         7c:35:4f:1b:d8:57:7d:d0:7c:8c:0c:d2:34:4b:1b:e5:6e:31:
         16:78:f3:e0:bd:a3:fd:2b:41:75:c7:5d:d7:e3:b3:77:a3:b9:
         22:2c:a0:81
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdTeb5wdWqDDjUr/0H/18tHzcBCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMDExMTA3MzNaFw0yNjAyMjgxMTEyMzNaMDMxMTAvBgNV
BAMTKEE4MkIxNTJBRjg1RjFDNDk5OTIwNjMxMTI3OTJCQThDRDBDNDkzOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzHfGoSGxdLz26fQkw/pAF37Po
d8AklB3SOwZSEoa6p6XpJ4G+EcU/sbmU3JIYwtvvx75UKFYqrZMEMKi+4kJlKGy4
MZ0QbTAdhEgZxFunjZcBUHwYpesghULcnonD60CttBwFwK9VHslBlBTkyTvcSTPX
sGTEd8Ud0Mct/HW6Kd6xCZLHEhtsmJk1aONUVLT+FrQ/Du/alIQB7cN29cD6qTjm
qFKkNXaAIonz3CoPrCjBqrvzGU0VN2zG6+baxmSv5CtGC14LgewSNlpz8IA9ZSWG
Ddr2MprFxRCdqiQtyQy8+8+AroNOljUEWWBfCzSG2ifhVCPfqxIMUeHf5/PxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUqCsVKvhfHEmZIGMRJ5K6jNDEk50wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbxkIw
DQYJKoZIhvcNAQELBQADggEBAGxrFvyGYTv5RBxHDQRT69iUxY7hOgEVG6xLkOO4
hAWiMiZyKlXkLJ/niOa9wgMAS3Wq9ZEo616LOBylF9NpSc31MBvZlr/gSonK4+gP
brTmE9HpTFD+GdUbHir8rpBFsJ8Y3nKD6FsONlrVCOtBgOu3g3VanWH7NGmku1rn
PW+nfgiedKg+B6ShAnXtmcKdQ9fwGfYSax3TSkagrpu5zQ9/PTGNNjJf5VhQC0Qx
JI1audPOk8V5LQT9ujaepwTeLxqF/ArQFhx3U4CEXjBDyZBwzDraFAhUBHw1TxvY
V33QfIwM0jRLG+VuMRZ48+C9o/0rQXXHXdfjs3ejuSIsoIE=
-----END CERTIFICATE-----