Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          DbVMAnl2vnmwx58Six5s7k/YLOn7YuCI6dDiQOxWd2M=
Subject key identifier:   C4:1E:16:E7:81:68:B2:2F:8A:01:6D:53:B7:07:EE:72:68:00:97:6C
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       43F04238DE072570652D441BCDC9C83BDF5F2578
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48678.roa
Signing time:             Wed 15 Jan 2025 16:57:45 +0000
ROA not before:           Wed 15 Jan 2025 16:52:45 +0000
ROA not after:            Wed 14 Jan 2026 16:57:45 +0000
asID:                     48678
IP address blocks:        217.18.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:f0:42:38:de:07:25:70:65:2d:44:1b:cd:c9:c8:3b:df:5f:25:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:52:45 2025 GMT
            Not After : Jan 14 16:57:45 2026 GMT
        Subject: CN=C41E16E78168B22F8A016D53B707EE726800976C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0a:e0:bd:eb:4a:c8:51:d0:27:dc:76:6e:18:
                    26:ae:7c:cd:19:92:36:42:39:4b:bd:9a:3a:a1:ca:
                    05:ed:c2:a8:e6:e5:ba:50:51:56:07:fe:52:2a:5c:
                    c2:bf:f6:11:6e:4c:fe:e4:93:7e:80:f9:29:2f:49:
                    a4:ff:c8:41:d7:48:87:6d:8d:f6:9f:f8:f8:70:76:
                    b6:ef:be:50:73:0c:0e:db:65:76:bd:86:c4:71:cc:
                    84:43:d2:35:a3:75:2c:21:84:74:82:a8:0a:69:a1:
                    00:7c:b4:50:17:62:bc:a8:a2:70:b7:4e:1c:72:fd:
                    cb:e2:7b:42:e4:6b:6c:96:46:87:54:3e:7e:26:36:
                    e3:19:a3:e2:ae:3f:ce:f2:0a:b0:25:66:ae:c5:38:
                    54:11:0d:f5:cc:ce:bb:b2:72:c7:d0:82:f5:e7:c8:
                    6a:1c:f8:33:ca:d4:49:67:a3:2b:45:3f:14:d2:f4:
                    61:88:6c:a2:e1:c4:9c:40:fb:9f:da:6c:50:75:f7:
                    ea:cd:ec:21:2e:26:3f:7e:a2:0a:54:87:45:6f:32:
                    aa:3d:c7:52:94:36:cb:b1:f0:e0:1e:5d:e4:68:99:
                    bb:ff:58:32:49:a8:d2:13:c4:67:84:59:8a:9e:07:
                    d7:c2:3f:0a:8b:9d:e0:8d:0d:e9:b5:01:33:4a:86:
                    49:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:1E:16:E7:81:68:B2:2F:8A:01:6D:53:B7:07:EE:72:68:00:97:6C
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e2:59:0a:f6:6e:69:dd:5e:f5:ad:f7:e5:99:ed:5b:80:f0:
         f7:8f:c0:e3:48:5c:a4:3a:2b:00:db:b5:d7:c3:c3:37:88:a5:
         27:c4:b0:0d:b2:91:7c:cd:93:ee:80:8f:c5:d0:f5:15:2a:67:
         8a:6a:d2:2d:0d:3b:b2:40:fa:3b:fe:f4:3b:ef:82:61:24:1f:
         c7:0c:74:80:fc:25:db:33:e4:b3:0e:f0:3d:e3:92:26:22:d8:
         fa:97:4f:4d:18:5c:03:b6:a3:37:dd:11:b9:e3:d5:91:bc:5a:
         39:06:48:a0:35:59:bd:7d:67:f1:3e:73:5e:c3:f6:15:e7:47:
         9e:5b:16:11:7a:8a:96:29:1a:9b:3f:47:aa:15:f3:2c:f3:9e:
         2b:15:eb:ec:aa:50:52:c1:97:f4:05:0a:f6:6d:b0:62:df:60:
         ca:9e:7a:1e:15:12:50:40:c3:7b:90:c5:a5:27:79:37:89:d8:
         6d:3d:ee:db:1b:b9:c4:76:56:a3:a6:5f:c9:ca:57:98:f9:a1:
         fc:b9:aa:0b:6b:7e:1e:72:29:cf:12:d8:97:50:2d:3e:c4:75:
         ed:92:e7:7f:a8:bc:08:22:21:9c:d7:6f:17:73:ea:0a:bc:82:
         f2:cc:2b:45:14:1e:1f:ee:97:54:0d:24:eb:0f:d2:f8:a0:58:
         b4:7d:25:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQ/BCON4HJXBlLUQbzcnIO99fJXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjUyNDVaFw0yNjAxMTQxNjU3NDVaMDMxMTAvBgNV
BAMTKEM0MUUxNkU3ODE2OEIyMkY4QTAxNkQ1M0I3MDdFRTcyNjgwMDk3NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcCuC960rIUdAn3HZuGCaufM0Z
kjZCOUu9mjqhygXtwqjm5bpQUVYH/lIqXMK/9hFuTP7kk36A+SkvSaT/yEHXSIdt
jfaf+PhwdrbvvlBzDA7bZXa9hsRxzIRD0jWjdSwhhHSCqAppoQB8tFAXYryoonC3
Thxy/cvie0Lka2yWRodUPn4mNuMZo+KuP87yCrAlZq7FOFQRDfXMzruycsfQgvXn
yGoc+DPK1ElnoytFPxTS9GGIbKLhxJxA+5/abFB19+rN7CEuJj9+ogpUh0VvMqo9
x1KUNsux8OAeXeRombv/WDJJqNITxGeEWYqeB9fCPwqLneCNDem1ATNKhklFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUxB4W54Fosi+KAW1TtwfucmgAl2wwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZEtEw
DQYJKoZIhvcNAQELBQADggEBADfiWQr2bmndXvWt9+WZ7VuA8PePwONIXKQ6KwDb
tdfDwzeIpSfEsA2ykXzNk+6Aj8XQ9RUqZ4pq0i0NO7JA+jv+9DvvgmEkH8cMdID8
Jdsz5LMO8D3jkiYi2PqXT00YXAO2ozfdEbnj1ZG8WjkGSKA1Wb19Z/E+c17D9hXn
R55bFhF6ipYpGps/R6oV8yzznisV6+yqUFLBl/QFCvZtsGLfYMqeeh4VElBAw3uQ
xaUneTeJ2G097tsbucR2VqOmX8nKV5j5ofy5qgtrfh5yKc8S2JdQLT7Ede2S53+o
vAgiIZzXbxdz6gq8gvLMK0UUHh/ul1QNJOsP0vigWLR9JZs=
-----END CERTIFICATE-----