Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          lg3JBZi4DMp6M6TPb+5qMePflniCJVCuThRcGuMfMiE=
Subject key identifier:   53:CA:FE:57:35:75:92:09:91:2F:A7:2A:63:20:6A:8D:4D:34:F7:1E
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       08FF7909FD71554FE0ED3E3FCB407ABDCFCFEBE0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48678.roa
Signing time:             Fri 10 Nov 2023 16:27:59 +0000
ROA not before:           Fri 10 Nov 2023 16:22:59 +0000
ROA not after:            Fri 08 Nov 2024 16:27:59 +0000
asID:                     48678
IP address blocks:        141.11.174.0/23 maxlen: 24
                          141.11.216.0/23 maxlen: 24
                          141.11.218.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:ff:79:09:fd:71:55:4f:e0:ed:3e:3f:cb:40:7a:bd:cf:cf:eb:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 10 16:22:59 2023 GMT
            Not After : Nov  8 16:27:59 2024 GMT
        Subject: CN=53CAFE5735759209912FA72A63206A8D4D34F71E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:dd:17:ca:91:21:d7:0d:84:e2:ae:b3:99:b1:
                    9a:d5:31:49:55:02:c0:37:a3:1c:5a:0c:74:bc:21:
                    ed:70:56:7a:bf:29:7a:33:56:4f:e0:60:f3:31:53:
                    c5:d0:26:01:b6:98:8e:25:c0:d7:ef:23:7e:bd:74:
                    6f:66:b8:73:e1:e6:5b:ed:d4:3e:01:a0:fb:25:8d:
                    75:a4:9d:2a:10:e8:30:fc:18:c6:f7:08:6e:2f:0f:
                    eb:36:3e:fc:10:f8:74:6a:20:4f:2f:26:f9:0f:40:
                    1e:cd:d5:1a:a2:be:e9:f5:58:d1:da:4c:64:0b:41:
                    eb:51:2b:ab:30:15:e7:77:4a:91:12:c3:5e:ef:a8:
                    14:bc:50:30:f5:f5:a7:36:22:cf:49:d8:f4:9d:dd:
                    5a:a4:4f:2e:7b:1d:ac:7c:bf:42:17:ea:a7:fa:c5:
                    43:16:f4:20:ec:8d:63:11:dd:ff:23:96:8c:98:5e:
                    4b:9d:66:e9:53:80:ce:7f:30:b8:28:27:2d:c7:f8:
                    68:3c:f2:c3:17:18:43:ec:bf:4a:73:36:a7:73:6e:
                    2e:bc:49:01:3e:7b:f3:b8:be:9f:6c:04:40:91:a9:
                    56:f0:db:c9:c0:24:02:e0:93:87:17:b6:05:75:cf:
                    67:42:db:7f:5b:01:d2:7e:a4:a9:42:1a:7b:08:36:
                    cb:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:CA:FE:57:35:75:92:09:91:2F:A7:2A:63:20:6A:8D:4D:34:F7:1E
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.174.0/23
                  141.11.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c7:6a:0c:05:4e:e3:2e:f7:1a:5e:d8:78:33:6d:81:ee:1c:19:
         8f:c7:00:14:87:01:d8:a6:34:39:e5:05:ae:20:44:50:ca:0a:
         6c:31:15:c7:5e:29:3e:44:57:f4:4b:8a:dd:f8:5a:03:85:93:
         9b:1e:34:38:89:e5:44:45:e2:d8:a1:78:36:76:fc:46:75:bd:
         ba:b0:50:c5:e3:78:fa:99:cb:f2:25:f2:68:73:e5:c2:da:d0:
         4a:02:0e:f4:6d:fc:35:67:11:31:39:7e:d8:6e:5d:b2:3d:3f:
         f8:00:b6:07:44:56:fe:66:4f:c0:d3:c6:ec:46:bf:c7:50:5a:
         72:5a:0a:51:05:f5:5e:41:b3:06:36:13:52:7b:1b:38:a2:09:
         2f:33:72:53:7f:39:93:6e:70:a6:09:28:0d:b2:ce:6c:15:92:
         2c:6d:26:38:10:8e:55:71:70:b7:23:87:5b:ba:59:69:13:83:
         a1:ed:0c:39:d1:7a:55:20:e2:89:5b:f9:cb:09:72:41:7b:28:
         6d:37:6c:e1:40:92:b4:bb:2c:d3:e1:13:da:71:58:8d:c8:73:
         89:d0:d9:cd:e4:38:56:d9:be:ba:72:9a:b6:13:a1:c2:ac:4e:
         35:db:fc:20:71:e1:21:cf:0b:b6:22:1c:51:e4:19:5a:cf:98:
         e6:7f:3f:39
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUCP95Cf1xVU/g7T4/y0B6vc/P6+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMTAxNjIyNTlaFw0yNDExMDgxNjI3NTlaMDMxMTAvBgNV
BAMTKDUzQ0FGRTU3MzU3NTkyMDk5MTJGQTcyQTYzMjA2QThENEQzNEY3MUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC63RfKkSHXDYTirrOZsZrVMUlV
AsA3oxxaDHS8Ie1wVnq/KXozVk/gYPMxU8XQJgG2mI4lwNfvI369dG9muHPh5lvt
1D4BoPsljXWknSoQ6DD8GMb3CG4vD+s2PvwQ+HRqIE8vJvkPQB7N1Rqivun1WNHa
TGQLQetRK6swFed3SpESw17vqBS8UDD19ac2Is9J2PSd3VqkTy57Hax8v0IX6qf6
xUMW9CDsjWMR3f8jloyYXkudZulTgM5/MLgoJy3H+Gg88sMXGEPsv0pzNqdzbi68
SQE+e/O4vp9sBECRqVbw28nAJALgk4cXtgV1z2dC239bAdJ+pKlCGnsINssZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUU8r+VzV1kgmRL6cqYyBqjU009x4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAGNC64D
BAKNC9gwDQYJKoZIhvcNAQELBQADggEBAMdqDAVO4y73Gl7YeDNtge4cGY/HABSH
AdimNDnlBa4gRFDKCmwxFcdeKT5EV/RLit34WgOFk5seNDiJ5URF4tiheDZ2/EZ1
vbqwUMXjePqZy/Il8mhz5cLa0EoCDvRt/DVnETE5fthuXbI9P/gAtgdEVv5mT8DT
xuxGv8dQWnJaClEF9V5BswY2E1J7GziiCS8zclN/OZNucKYJKA2yzmwVkixtJjgQ
jlVxcLcjh1u6WWkTg6HtDDnRelUg4olb+csJckF7KG03bOFAkrS7LNPhE9pxWI3I
c4nQ2c3kOFbZvrpymrYTocKsTjXb/CBx4SHPC7YiHFHkGVrPmOZ/Pzk=
-----END CERTIFICATE-----