Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          b872i4hweWRH1Kj5dedU2/5TFJjgVQIwlElYWMEA3fg=
Subject key identifier:   D7:64:8A:DF:7D:18:38:33:89:95:65:09:85:7E:22:13:08:38:0A:F5
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       13C14EC8FF3251BDDE8DE88B723E3C1B057E932D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48678.roa
Signing time:             Tue 08 Oct 2024 06:16:51 +0000
ROA not before:           Tue 08 Oct 2024 06:11:51 +0000
ROA not after:            Tue 07 Oct 2025 06:16:51 +0000
asID:                     48678
IP address blocks:        141.11.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:c1:4e:c8:ff:32:51:bd:de:8d:e8:8b:72:3e:3c:1b:05:7e:93:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct  8 06:11:51 2024 GMT
            Not After : Oct  7 06:16:51 2025 GMT
        Subject: CN=D7648ADF7D18383389956509857E221308380AF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7e:ac:a0:b8:f5:11:da:85:0b:50:99:52:a3:
                    71:9a:dc:42:50:8b:b0:5a:d5:dd:9f:e6:b4:0b:ac:
                    01:f2:ec:74:6a:fd:56:2e:55:3e:a5:69:91:02:b2:
                    12:16:a8:6c:9b:b5:35:72:e6:0e:f4:13:ce:3f:43:
                    ed:c5:e3:94:a6:fd:c8:db:5d:18:ff:ee:4d:9d:ae:
                    8d:91:c8:26:a0:4d:a8:82:33:eb:01:a5:b7:ae:63:
                    8a:52:1e:66:a8:ea:22:bd:4d:65:f7:00:6b:79:34:
                    51:f6:91:96:fc:1e:9d:58:b8:d1:32:77:8a:02:c3:
                    9d:a4:04:b4:b6:e3:85:27:c8:0b:b8:3e:c4:bd:74:
                    51:8e:dd:4e:67:af:09:3d:5d:c6:74:14:a0:75:b7:
                    88:18:43:2f:bc:90:4e:72:ce:f7:9e:d5:35:93:1c:
                    0f:9f:34:1b:6a:8f:98:f9:70:27:c3:19:06:20:dc:
                    fd:db:77:91:78:94:f5:37:5c:aa:cf:40:17:b8:fa:
                    18:46:de:b1:0a:d5:8a:53:76:e3:f8:22:4c:af:29:
                    b3:0c:a5:da:ce:97:44:cf:94:b0:82:dd:8f:12:9e:
                    20:53:82:22:bf:96:ce:01:b8:2b:20:e9:fc:3d:29:
                    b4:d0:f9:51:25:1f:73:2c:39:2e:ce:e0:84:2b:29:
                    30:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:64:8A:DF:7D:18:38:33:89:95:65:09:85:7E:22:13:08:38:0A:F5
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ab:c0:7f:7d:2d:69:d2:31:79:d2:e2:7f:ab:ea:0e:8b:55:
         4f:04:c7:4a:ce:78:64:ba:61:81:28:44:69:82:be:95:97:d1:
         50:5a:cd:ea:7f:e3:4f:20:81:97:3e:30:8b:f9:96:fb:b5:ab:
         9f:57:d7:d2:fd:f5:cc:42:1e:3b:45:a5:35:ba:50:ce:36:b2:
         c4:d1:57:42:dc:a6:07:06:c7:c3:9e:ed:76:98:6f:43:bc:64:
         a6:b2:21:99:23:b8:f5:02:4a:f6:e5:81:75:6e:3c:a3:2a:92:
         bf:68:3d:c0:33:27:e0:52:aa:04:2a:8c:94:43:c2:d1:2b:d0:
         82:01:a9:0c:55:a2:35:1e:83:83:76:13:f1:f1:af:52:2d:65:
         59:4c:9d:af:85:63:e2:be:c2:ba:a9:bf:46:12:85:26:82:88:
         10:2b:61:ae:76:1a:b9:97:41:fb:fa:57:a6:dd:87:74:1f:9b:
         11:1c:36:2a:c2:84:b5:6b:b7:26:27:a8:77:8f:26:7c:d4:9d:
         28:82:95:3d:da:54:ee:a3:7b:44:a4:4d:df:cf:a0:b4:a6:4e:
         45:66:e5:95:76:46:16:20:81:a2:08:01:33:ac:4c:63:c4:99:
         ab:c7:5e:f0:28:ec:be:2b:81:e7:c7:71:fb:fe:9e:f7:53:bc:
         be:51:da:27
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUE8FOyP8yUb3ejeiLcj48GwV+ky0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMDgwNjExNTFaFw0yNTEwMDcwNjE2NTFaMDMxMTAvBgNV
BAMTKEQ3NjQ4QURGN0QxODM4MzM4OTk1NjUwOTg1N0UyMjEzMDgzODBBRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9fqyguPUR2oULUJlSo3Ga3EJQ
i7Ba1d2f5rQLrAHy7HRq/VYuVT6laZECshIWqGybtTVy5g70E84/Q+3F45Sm/cjb
XRj/7k2dro2RyCagTaiCM+sBpbeuY4pSHmao6iK9TWX3AGt5NFH2kZb8Hp1YuNEy
d4oCw52kBLS244UnyAu4PsS9dFGO3U5nrwk9XcZ0FKB1t4gYQy+8kE5yzvee1TWT
HA+fNBtqj5j5cCfDGQYg3P3bd5F4lPU3XKrPQBe4+hhG3rEK1YpTduP4IkyvKbMM
pdrOl0TPlLCC3Y8SniBTgiK/ls4BuCsg6fw9KbTQ+VElH3MsOS7O4IQrKTDRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU12SK330YODOJlWUJhX4iEwg4CvUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC0Ew
DQYJKoZIhvcNAQELBQADggEBAEKrwH99LWnSMXnS4n+r6g6LVU8Ex0rOeGS6YYEo
RGmCvpWX0VBazep/408ggZc+MIv5lvu1q59X19L99cxCHjtFpTW6UM42ssTRV0Lc
pgcGx8Oe7XaYb0O8ZKayIZkjuPUCSvblgXVuPKMqkr9oPcAzJ+BSqgQqjJRDwtEr
0IIBqQxVojUeg4N2E/Hxr1ItZVlMna+FY+K+wrqpv0YShSaCiBArYa52GrmXQfv6
V6bdh3QfmxEcNirChLVrtyYnqHePJnzUnSiClT3aVO6je0SkTd/PoLSmTkVm5ZV2
RhYggaIIATOsTGPEmavHXvAo7L4rgefHcfv+nvdTvL5R2ic=
-----END CERTIFICATE-----