Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS7488.roa
File:                     AS7488.roa (raw, json)
Hash identifier:          5Br53Wt6PNZ2SGHTvjBGYajM459LH8CC9jUCPDLNfBg=
Subject key identifier:   84:D8:8A:9B:72:70:31:E7:22:D0:41:5C:A4:2D:AB:7C:B7:E7:45:C9
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       3215012B73AE751CF8A6DD248062DE448EA26305
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS7488.roa
Signing time:             Fri 15 May 2026 07:46:35 +0000
ROA not before:           Fri 15 May 2026 07:41:35 +0000
ROA not after:            Fri 14 May 2027 07:46:35 +0000
asID:                     7488
IP address blocks:        2a14:7583:eff6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:15:01:2b:73:ae:75:1c:f8:a6:dd:24:80:62:de:44:8e:a2:63:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 15 07:41:35 2026 GMT
            Not After : May 14 07:46:35 2027 GMT
        Subject: CN=84D88A9B727031E722D0415CA42DAB7CB7E745C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:37:5d:b1:5b:ea:d5:86:a2:76:bf:dd:da:da:
                    06:a6:98:a8:3e:c0:75:66:52:8e:19:dc:5a:27:74:
                    c6:ab:b4:d1:8a:ec:22:d3:e6:be:1f:53:45:61:07:
                    0d:91:74:65:c7:59:80:c2:81:84:31:6b:cd:10:43:
                    a4:67:ad:5c:a8:e3:5a:1a:f0:5c:79:68:36:cd:fd:
                    9f:e2:44:ca:4f:72:5b:4c:31:b7:9a:2f:85:01:b6:
                    5f:ce:2b:1e:1c:41:24:03:07:58:a9:ab:c5:52:23:
                    f9:29:da:0a:28:23:42:94:19:d4:0b:e2:ca:88:18:
                    93:e3:75:db:6f:dc:ce:b1:3d:92:2e:b6:88:97:85:
                    72:10:1b:ac:b0:7e:71:91:50:37:7a:ea:55:1f:11:
                    ef:82:48:cc:ec:a4:fa:09:32:63:ce:28:e9:a7:ef:
                    76:45:3a:dc:5e:df:94:d6:f2:f9:8d:96:c2:73:b8:
                    fb:35:30:ec:4a:6d:a8:fd:2a:91:78:a4:75:c0:19:
                    c4:6f:d5:5c:54:7f:47:6e:85:56:23:e1:30:c5:86:
                    1e:64:16:5b:ac:d5:eb:94:31:49:20:b0:d8:a4:ab:
                    6b:fd:03:d3:57:cf:ce:2f:0e:29:b7:e7:1b:1a:93:
                    2b:51:b9:46:cb:82:eb:21:d5:99:50:2f:42:36:0c:
                    56:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:D8:8A:9B:72:70:31:E7:22:D0:41:5C:A4:2D:AB:7C:B7:E7:45:C9
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS7488.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:eff6::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:28:ac:86:9f:c1:65:86:14:4a:a0:b7:f8:8d:6d:75:a2:07:
         74:59:f0:6e:47:05:6d:75:cd:0d:30:16:55:e2:a6:d2:5e:e2:
         d4:55:7b:1e:37:d2:b3:35:34:ab:c7:3f:9f:7c:77:20:51:96:
         5b:aa:d2:ad:d0:ad:fc:2a:0a:2b:d2:b8:d3:b6:bf:0d:ae:87:
         0d:c5:8c:17:12:02:4d:ba:38:dc:56:0f:75:f8:28:d2:1a:50:
         ec:8e:2b:8b:6e:60:b6:d9:df:da:3a:ba:31:a5:93:22:41:d2:
         5e:1d:6f:db:d3:a2:fb:b3:c1:56:55:44:1f:e0:e6:29:75:ff:
         42:ef:45:5c:81:1d:37:35:eb:9f:bf:f8:a6:62:59:e1:90:0e:
         2d:67:3a:c8:35:bc:23:06:2c:3b:4d:77:1c:1d:41:a6:fa:e0:
         61:9f:38:ba:be:18:71:01:03:63:0b:ff:6c:72:a7:b2:ee:30:
         cb:66:d9:95:d5:86:e2:31:f0:f1:d1:c5:60:d7:5d:b2:9a:93:
         6f:5d:99:de:14:00:cf:f5:89:f0:8f:49:2a:19:df:72:c1:f9:
         0a:ec:2b:7c:3d:49:e4:45:be:0e:1b:9f:13:a5:79:99:3e:d1:
         96:a2:95:bd:32:ef:f7:9d:8e:7c:31:8c:c4:c6:3c:c8:07:5c:
         85:06:88:45
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUMhUBK3OudRz4pt0kgGLeRI6iYwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MTUwNzQxMzVaFw0yNzA1MTQwNzQ2MzVaMDMxMTAvBgNV
BAMTKDg0RDg4QTlCNzI3MDMxRTcyMkQwNDE1Q0E0MkRBQjdDQjdFNzQ1QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkN12xW+rVhqJ2v93a2gammKg+
wHVmUo4Z3FondMartNGK7CLT5r4fU0VhBw2RdGXHWYDCgYQxa80QQ6RnrVyo41oa
8Fx5aDbN/Z/iRMpPcltMMbeaL4UBtl/OKx4cQSQDB1ipq8VSI/kp2gooI0KUGdQL
4sqIGJPjddtv3M6xPZIutoiXhXIQG6ywfnGRUDd66lUfEe+CSMzspPoJMmPOKOmn
73ZFOtxe35TW8vmNlsJzuPs1MOxKbaj9KpF4pHXAGcRv1VxUf0duhVYj4TDFhh5k
Flus1euUMUkgsNikq2v9A9NXz84vDim35xsakytRuUbLgush1ZlQL0I2DFa7AgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUhNiKm3JwMeci0EFcpC2rfLfnRckwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNzQ4OC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoUdYPv
9jANBgkqhkiG9w0BAQsFAAOCAQEAFiishp/BZYYUSqC3+I1tdaIHdFnwbkcFbXXN
DTAWVeKm0l7i1FV7HjfSszU0q8c/n3x3IFGWW6rSrdCt/CoKK9K407a/Da6HDcWM
FxICTbo43FYPdfgo0hpQ7I4ri25gttnf2jq6MaWTIkHSXh1v29Oi+7PBVlVEH+Dm
KXX/Qu9FXIEdNzXrn7/4pmJZ4ZAOLWc6yDW8IwYsO013HB1BpvrgYZ84ur4YcQED
Ywv/bHKnsu4wy2bZldWG4jHw8dHFYNddspqTb12Z3hQAz/WJ8I9JKhnfcsH5Cuwr
fD1J5EW+DhufE6V5mT7RlqKVvTLv952OfDGMxMY8yAdchQaIRQ==
-----END CERTIFICATE-----