Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS51847.roa
File:                     AS51847.roa (raw, json)
Hash identifier:          J2Wc97pw0RS9a/18d5vtNDd6mWLzzYJSfrutDecU0aA=
Subject key identifier:   C3:79:40:9D:85:F3:D5:A4:B0:61:15:C4:74:EE:DC:25:41:70:45:45
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0A32F2B8EBBD532F4B82BB287DA90879870C0D86
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS51847.roa
Signing time:             Fri 07 Nov 2025 00:11:09 +0000
ROA not before:           Fri 07 Nov 2025 00:06:09 +0000
ROA not after:            Fri 06 Nov 2026 00:11:09 +0000
asID:                     51847
IP address blocks:        46.203.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:32:f2:b8:eb:bd:53:2f:4b:82:bb:28:7d:a9:08:79:87:0c:0d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov  7 00:06:09 2025 GMT
            Not After : Nov  6 00:11:09 2026 GMT
        Subject: CN=C379409D85F3D5A4B06115C474EEDC2541704545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:28:b5:e1:59:1c:9f:53:37:69:8f:d2:e4:12:
                    e1:c3:c6:d3:bc:5b:ed:84:98:67:0c:9f:54:70:01:
                    69:cc:c4:f1:06:28:25:2d:c5:7a:52:46:b1:d1:61:
                    cd:1f:f6:10:1a:03:b1:25:7c:0a:1e:e6:53:6e:1d:
                    0e:50:a9:49:87:11:fa:38:66:8c:a6:76:7d:c2:56:
                    d9:2a:58:2c:f1:e9:cc:8c:8e:86:c5:69:d0:2d:90:
                    ae:46:be:2c:01:ce:52:ea:02:a6:aa:2a:6e:13:5f:
                    6a:f4:59:1c:78:95:db:86:48:7e:4f:78:9c:14:35:
                    6b:70:3d:36:ac:d9:06:3a:e3:f0:72:6f:c1:b0:89:
                    f5:7d:b6:4c:b7:c4:74:4a:7b:31:51:9c:e4:21:c7:
                    c7:d0:a1:e5:2c:f2:59:a5:ea:4f:9c:40:51:c1:b8:
                    88:63:b1:18:f4:8a:40:5c:a7:33:43:6d:7e:e2:c5:
                    c1:6b:16:fb:c6:52:7d:5c:bf:d8:7c:bf:75:91:7b:
                    4d:0d:d8:46:ba:2d:32:8c:63:1e:b6:f8:16:d3:7c:
                    c9:c9:e6:5d:5c:c1:58:60:58:44:94:e0:bc:0a:d2:
                    bf:b9:b0:da:b2:bb:71:63:d8:8c:fe:9e:b2:0a:75:
                    64:fb:48:3b:9d:e6:7c:93:93:85:91:43:5f:c1:b8:
                    57:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:79:40:9D:85:F3:D5:A4:B0:61:15:C4:74:EE:DC:25:41:70:45:45
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS51847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:9f:81:1b:fc:ae:f6:13:f1:f9:a1:b8:cd:1b:5a:40:d1:dd:
         d1:9b:5e:44:30:9d:50:9a:4d:be:d5:71:e0:f3:0a:f6:1b:96:
         b8:84:c9:ed:57:cf:ef:4b:81:a8:8b:d2:e6:5c:48:e7:bf:a9:
         db:74:7c:86:28:76:a0:cc:31:46:3a:14:2e:2a:89:da:a0:2c:
         98:33:3c:44:34:1d:38:a5:48:4b:02:e6:c0:08:1b:32:04:77:
         c8:31:ee:53:2e:19:51:76:6a:a4:c5:6d:ff:a9:ce:68:e1:3d:
         43:8d:f8:d7:3f:15:6f:8e:92:05:80:bb:47:71:29:8b:f7:99:
         97:4e:76:15:4d:81:50:87:7a:41:50:27:88:ef:af:4e:dc:5e:
         3a:72:4f:51:27:f5:30:00:24:c4:81:ae:d0:e1:b2:ae:9b:aa:
         4e:f6:5a:a9:94:de:63:b3:14:94:17:3b:12:26:ef:a1:18:3c:
         39:b2:3d:29:44:c6:f2:03:0f:3a:61:f3:e4:e0:88:b1:1e:e2:
         53:39:ee:02:32:58:09:e3:44:b1:da:e9:08:96:9f:68:41:28:
         74:29:b6:2c:64:5f:06:ca:49:15:af:c2:da:40:3a:0d:8d:1f:
         58:80:e6:ba:e3:2c:24:92:a4:89:14:02:15:b5:f7:86:25:cc:
         5b:06:9f:a9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCjLyuOu9Uy9LgrsofakIeYcMDYYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTExMDcwMDA2MDlaFw0yNjExMDYwMDExMDlaMDMxMTAvBgNV
BAMTKEMzNzk0MDlEODVGM0Q1QTRCMDYxMTVDNDc0RUVEQzI1NDE3MDQ1NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsKLXhWRyfUzdpj9LkEuHDxtO8
W+2EmGcMn1RwAWnMxPEGKCUtxXpSRrHRYc0f9hAaA7ElfAoe5lNuHQ5QqUmHEfo4
Zoymdn3CVtkqWCzx6cyMjobFadAtkK5GviwBzlLqAqaqKm4TX2r0WRx4lduGSH5P
eJwUNWtwPTas2QY64/Byb8GwifV9tky3xHRKezFRnOQhx8fQoeUs8lml6k+cQFHB
uIhjsRj0ikBcpzNDbX7ixcFrFvvGUn1cv9h8v3WRe00N2Ea6LTKMYx62+BbTfMnJ
5l1cwVhgWESU4LwK0r+5sNqyu3Fj2Iz+nrIKdWT7SDud5nyTk4WRQ1/BuFcRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUw3lAnYXz1aSwYRXEdO7cJUFwRUUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTE4NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEuy3ww
DQYJKoZIhvcNAQELBQADggEBAAKfgRv8rvYT8fmhuM0bWkDR3dGbXkQwnVCaTb7V
ceDzCvYblriEye1Xz+9LgaiL0uZcSOe/qdt0fIYodqDMMUY6FC4qidqgLJgzPEQ0
HTilSEsC5sAIGzIEd8gx7lMuGVF2aqTFbf+pzmjhPUON+Nc/FW+OkgWAu0dxKYv3
mZdOdhVNgVCHekFQJ4jvr07cXjpyT1En9TAAJMSBrtDhsq6bqk72WqmU3mOzFJQX
OxIm76EYPDmyPSlExvIDDzph8+TgiLEe4lM57gIyWAnjRLHa6QiWn2hBKHQptixk
XwbKSRWvwtpAOg2NH1iA5rrjLCSSpIkUAhW194YlzFsGn6k=
-----END CERTIFICATE-----