Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48925.roa
File:                     AS48925.roa (raw, json)
Hash identifier:          j5sFT6BVZEB0JXIH80VaNDgLqj58h6OvYUbpiGFLZcE=
Subject key identifier:   AF:BD:4C:13:A3:61:AA:9D:7F:FA:EE:E2:0F:A4:00:34:1C:FF:4A:70
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       656B9289A9CB78AA835DABD443193142FBF3EF4D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48925.roa
Signing time:             Sun 18 May 2025 00:00:05 +0000
ROA not before:           Sat 17 May 2025 23:55:05 +0000
ROA not after:            Sun 17 May 2026 00:00:05 +0000
asID:                     48925
IP address blocks:        141.11.59.0/24 maxlen: 24
                          141.11.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:6b:92:89:a9:cb:78:aa:83:5d:ab:d4:43:19:31:42:fb:f3:ef:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 17 23:55:05 2025 GMT
            Not After : May 17 00:00:05 2026 GMT
        Subject: CN=AFBD4C13A361AA9D7FFAEEE20FA400341CFF4A70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6e:c0:8e:b5:72:fc:6b:3a:28:b5:e5:66:2d:
                    0d:ee:73:57:02:9f:fd:30:1e:99:b8:27:d8:24:59:
                    30:61:d0:b0:42:42:8c:33:5c:6d:83:23:7b:67:37:
                    e1:ff:95:e8:b0:cf:ee:eb:e8:4b:a4:45:8d:ac:9c:
                    9a:d6:62:ae:50:18:0c:48:fa:43:b1:17:57:f2:98:
                    c8:0f:f6:20:f7:ba:f5:49:19:84:58:3d:b7:15:8e:
                    06:dd:cc:88:69:8f:3e:da:bf:14:04:c5:a4:18:c4:
                    03:49:75:8f:15:b3:a3:3f:bf:0f:79:4a:87:b2:ed:
                    a4:44:40:cc:24:68:48:a8:13:a1:57:6c:00:1b:bf:
                    48:c1:82:f9:29:7e:10:83:5b:f2:12:fc:54:3a:92:
                    51:e2:62:a6:ac:65:46:6d:c6:e7:69:16:ff:a9:f6:
                    05:fc:59:f4:8d:3e:e3:bd:96:c0:e2:70:92:c6:dd:
                    a7:a3:54:52:77:8a:2f:3d:c2:7d:a1:38:5d:4f:20:
                    ee:bb:63:b1:47:9a:44:cf:85:17:49:3c:c0:3f:e9:
                    4a:db:2f:06:b3:0b:27:15:83:28:02:9f:18:15:c6:
                    7d:be:20:02:0b:13:0a:e4:49:64:9e:8c:90:05:e4:
                    48:68:14:6e:40:28:02:31:3c:d8:fe:24:6c:92:f3:
                    66:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:BD:4C:13:A3:61:AA:9D:7F:FA:EE:E2:0F:A4:00:34:1C:FF:4A:70
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.59.0/24
                  141.11.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:ff:79:76:10:81:41:1c:16:51:88:39:b4:8e:2a:8b:a6:e0:
         d9:f5:9c:32:c8:ea:75:20:bb:c4:33:ce:ea:96:ee:b7:65:cb:
         de:94:37:28:f9:6e:d1:77:00:f2:07:80:40:0a:cb:13:42:76:
         6b:10:f7:96:c2:b2:f3:17:7d:7b:28:f3:eb:fb:6b:3f:0e:f6:
         31:4a:cf:3d:64:77:62:18:17:d8:72:7f:d5:3c:18:d7:55:c3:
         ce:60:f5:98:3c:9d:8b:26:cd:a9:c4:fe:42:3a:c3:52:e8:e4:
         89:36:85:58:7a:71:f0:55:b3:92:00:d9:69:bd:01:74:d2:19:
         44:72:a5:03:33:48:09:e3:19:ad:05:d4:80:10:44:a7:60:ca:
         09:f7:d5:4f:ed:0b:d2:fa:cc:32:43:ff:30:73:b6:60:78:fa:
         2a:ca:94:7e:9e:e8:83:c1:96:55:bd:e7:c1:1b:00:ff:63:4c:
         bc:3a:11:c4:a6:b4:11:7f:d6:0c:7a:e3:65:f8:a1:13:0e:3f:
         d1:0f:de:9b:e5:6a:80:8e:fb:ae:17:d2:02:87:c7:38:38:5e:
         ef:17:99:38:8b:84:05:9f:52:88:84:39:33:cc:c6:12:e7:6b:
         a7:64:34:5a:2d:5a:a2:51:37:89:8f:61:53:4d:e5:c9:4f:3e:
         e8:56:98:26
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUZWuSianLeKqDXavUQxkxQvvz700wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA1MTcyMzU1MDVaFw0yNjA1MTcwMDAwMDVaMDMxMTAvBgNV
BAMTKEFGQkQ0QzEzQTM2MUFBOUQ3RkZBRUVFMjBGQTQwMDM0MUNGRjRBNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSbsCOtXL8azooteVmLQ3uc1cC
n/0wHpm4J9gkWTBh0LBCQowzXG2DI3tnN+H/leiwz+7r6EukRY2snJrWYq5QGAxI
+kOxF1fymMgP9iD3uvVJGYRYPbcVjgbdzIhpjz7avxQExaQYxANJdY8Vs6M/vw95
Soey7aREQMwkaEioE6FXbAAbv0jBgvkpfhCDW/IS/FQ6klHiYqasZUZtxudpFv+p
9gX8WfSNPuO9lsDicJLG3aejVFJ3ii89wn2hOF1PIO67Y7FHmkTPhRdJPMA/6Urb
LwazCycVgygCnxgVxn2+IAILEwrkSWSejJAF5EhoFG5AKAIxPNj+JGyS82bhAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUr71ME6Nhqp1/+u7iD6QANBz/SnAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDg5MjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCzsD
BACNC2gwDQYJKoZIhvcNAQELBQADggEBAMf/eXYQgUEcFlGIObSOKoum4Nn1nDLI
6nUgu8QzzuqW7rdly96UNyj5btF3APIHgEAKyxNCdmsQ95bCsvMXfXso8+v7az8O
9jFKzz1kd2IYF9hyf9U8GNdVw85g9Zg8nYsmzanE/kI6w1Lo5Ik2hVh6cfBVs5IA
2Wm9AXTSGURypQMzSAnjGa0F1IAQRKdgygn31U/tC9L6zDJD/zBztmB4+irKlH6e
6IPBllW958EbAP9jTLw6EcSmtBF/1gx642X4oRMOP9EP3pvlaoCO+64X0gKHxzg4
Xu8XmTiLhAWfUoiEOTPMxhLna6dkNFotWqJRN4mPYVNN5clPPuhWmCY=
-----END CERTIFICATE-----