Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48011.roa
File:                     AS48011.roa (raw, json)
Hash identifier:          31noUs2aw29aSBjbcOBCzUWTjAZh1Lx4Vxvxx+QLkZg=
Subject key identifier:   EF:7B:D1:94:C4:3C:40:21:6B:32:2C:B4:B4:E3:45:B2:8D:14:7F:84
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       5A836864388129343BF284936999A48F1A6F474D
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48011.roa
Signing time:             Mon 03 Feb 2025 19:42:39 +0000
ROA not before:           Mon 03 Feb 2025 19:37:39 +0000
ROA not after:            Mon 02 Feb 2026 19:42:39 +0000
asID:                     48011
IP address blocks:        5.133.124.0/23 maxlen: 23
                          5.133.126.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 01:19:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:83:68:64:38:81:29:34:3b:f2:84:93:69:99:a4:8f:1a:6f:47:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Feb  3 19:37:39 2025 GMT
            Not After : Feb  2 19:42:39 2026 GMT
        Subject: CN=EF7BD194C43C40216B322CB4B4E345B28D147F84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6e:67:40:bb:50:01:ae:31:0c:1b:d8:47:5b:
                    fc:a5:0e:be:d8:a2:21:f9:a6:9a:13:7b:54:10:31:
                    a5:a4:6a:eb:0f:ea:e2:4b:a2:0f:88:30:b7:47:c2:
                    f4:6e:e9:6b:47:6c:22:93:9d:be:8e:f3:aa:26:73:
                    ac:da:a9:6f:ae:96:3c:dd:92:07:fc:de:c3:f4:75:
                    d8:34:ab:13:37:1c:27:f5:e2:47:1a:5f:58:4d:0c:
                    9c:ee:70:b0:fd:0c:8f:d8:05:e8:3e:03:8e:00:65:
                    cc:ca:6f:78:28:23:91:14:d8:0e:5e:19:14:70:42:
                    dd:f2:bb:3e:23:bf:b9:e0:65:78:77:b7:43:47:77:
                    1e:28:18:30:dd:13:c9:1b:cb:03:04:2e:25:50:19:
                    59:05:f3:12:23:52:01:f8:7d:f9:3e:cf:11:4c:a3:
                    f2:13:70:46:79:fd:9a:0a:f8:79:3e:2c:ee:43:86:
                    ec:5b:27:0d:ba:56:9a:53:86:24:8d:e6:8b:92:82:
                    cb:7b:e0:eb:73:f9:d1:c2:55:d3:cf:ce:30:f4:16:
                    e5:7a:a4:38:a7:1e:db:65:45:97:e7:1d:7e:93:36:
                    0f:37:6f:9e:56:d5:4f:3b:66:87:9e:9e:2f:55:ae:
                    da:b6:53:e5:cc:d8:0f:fa:c2:8b:65:05:33:4c:04:
                    94:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:7B:D1:94:C4:3C:40:21:6B:32:2C:B4:B4:E3:45:B2:8D:14:7F:84
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48011.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:9c:5f:31:a5:f1:16:66:39:94:0d:4e:14:a1:ed:c8:f3:37:
         43:e9:ca:75:56:4c:3e:10:a1:71:20:0f:cc:fe:5c:ed:ee:e0:
         05:f4:6f:a8:88:74:43:ed:f1:73:64:82:94:a0:cf:51:24:ec:
         bc:a0:4c:0e:a9:cd:85:27:f0:49:5f:f8:7f:71:32:e3:61:11:
         8d:8a:1a:2e:65:25:d1:0f:5d:e2:5f:b8:d3:12:63:eb:6b:e4:
         6c:14:b9:dd:0e:25:6e:41:20:f3:a3:58:6f:e7:0d:2d:32:be:
         77:52:8c:26:86:0c:66:ee:38:15:64:03:1f:cb:68:a8:a4:af:
         c6:4e:ce:56:82:90:1c:f7:94:5f:d9:95:60:4b:5b:69:f4:d3:
         46:83:cf:a3:9c:07:3e:9b:43:e1:80:7e:b0:62:80:85:a6:2c:
         dd:0c:fc:eb:4d:72:8e:39:12:70:dc:65:f6:76:9f:dc:f5:6c:
         08:25:d7:ec:2f:a3:49:b8:45:c7:8b:9e:49:6f:0a:af:be:74:
         f8:5a:d8:2f:01:e7:a5:ae:ef:64:fa:e5:40:5f:3b:35:d1:42:
         71:44:3b:c3:a8:28:ec:5a:1a:0e:b7:c3:d7:6d:a0:61:ad:81:
         f2:28:b6:29:79:33:bb:9d:f9:b1:74:63:94:4b:6f:35:7e:b2:
         7a:2c:24:24
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWoNoZDiBKTQ78oSTaZmkjxpvR00wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAyMDMxOTM3MzlaFw0yNjAyMDIxOTQyMzlaMDMxMTAvBgNV
BAMTKEVGN0JEMTk0QzQzQzQwMjE2QjMyMkNCNEI0RTM0NUIyOEQxNDdGODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTbmdAu1ABrjEMG9hHW/ylDr7Y
oiH5ppoTe1QQMaWkausP6uJLog+IMLdHwvRu6WtHbCKTnb6O86omc6zaqW+uljzd
kgf83sP0ddg0qxM3HCf14kcaX1hNDJzucLD9DI/YBeg+A44AZczKb3goI5EU2A5e
GRRwQt3yuz4jv7ngZXh3t0NHdx4oGDDdE8kbywMELiVQGVkF8xIjUgH4ffk+zxFM
o/ITcEZ5/ZoK+Hk+LO5DhuxbJw26VppThiSN5ouSgst74Otz+dHCVdPPzjD0FuV6
pDinHttlRZfnHX6TNg83b55W1U87Zoeeni9Vrtq2U+XM2A/6wotlBTNMBJRBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU73vRlMQ8QCFrMiy0tONFso0Uf4QwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTNDgwMTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIFhXww
DQYJKoZIhvcNAQELBQADggEBAIWcXzGl8RZmOZQNThSh7cjzN0PpynVWTD4QoXEg
D8z+XO3u4AX0b6iIdEPt8XNkgpSgz1Ek7LygTA6pzYUn8Elf+H9xMuNhEY2KGi5l
JdEPXeJfuNMSY+tr5GwUud0OJW5BIPOjWG/nDS0yvndSjCaGDGbuOBVkAx/LaKik
r8ZOzlaCkBz3lF/ZlWBLW2n000aDz6OcBz6bQ+GAfrBigIWmLN0M/OtNco45EnDc
ZfZ2n9z1bAgl1+wvo0m4RceLnklvCq++dPha2C8B56Wu72T65UBfOzXRQnFEO8Oo
KOxaGg63w9dtoGGtgfIotil5M7ud+bF0Y5RLbzV+snosJCQ=
-----END CERTIFICATE-----