Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20648.roa
File:                     AS20648.roa (raw, json)
Hash identifier:          IB1LELXegWyOmsUNGAVZVH1KCNjCQEBquads/rzGoR0=
Subject key identifier:   3A:8D:E0:9E:5B:50:99:81:2B:5E:95:F2:4D:81:09:E2:68:85:1D:9D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5C6CDD4AC3C5AC0DAA75063EE41DC95E211125AF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20648.roa
Signing time:             Mon 29 Sep 2025 07:44:44 +0000
ROA not before:           Mon 29 Sep 2025 07:39:44 +0000
ROA not after:            Mon 28 Sep 2026 07:44:44 +0000
asID:                     20648
IP address blocks:        191.96.181.0/24 maxlen: 24
                          191.101.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:6c:dd:4a:c3:c5:ac:0d:aa:75:06:3e:e4:1d:c9:5e:21:11:25:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 29 07:39:44 2025 GMT
            Not After : Sep 28 07:44:44 2026 GMT
        Subject: CN=3A8DE09E5B5099812B5E95F24D8109E268851D9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:50:bb:1e:fc:1d:40:65:56:00:0f:b4:45:6d:
                    b7:71:49:c7:6f:92:33:97:0b:60:11:5f:7a:3f:34:
                    d7:97:76:f7:12:82:ae:b1:81:e6:a5:5f:ff:48:a8:
                    2b:8a:e8:42:16:6f:10:ed:d6:9a:a4:9c:33:47:2a:
                    39:fa:c6:c8:30:12:41:41:a0:97:57:90:8d:1e:de:
                    4e:08:38:6c:cc:ca:64:c1:d2:6c:6b:2b:ed:0d:9b:
                    e7:4a:02:cd:04:88:0f:43:4c:09:01:a0:63:31:3f:
                    4d:50:18:b0:89:c0:c5:a9:bb:45:ea:d7:b3:09:6e:
                    06:3e:3a:02:1c:f5:60:6f:1b:c4:b6:8d:82:d7:06:
                    76:7d:68:9d:fc:7c:33:d4:b8:6d:cc:f1:aa:22:eb:
                    0b:f2:55:3a:b3:a0:bf:8e:bb:80:84:2f:12:78:ff:
                    b7:dd:e0:31:d8:20:c5:bc:f9:8b:22:dc:da:eb:8b:
                    bf:48:c5:74:00:8d:0d:49:e4:fa:36:2a:63:6b:b6:
                    a0:a8:fa:0b:ed:56:6c:06:d4:bd:8b:e3:df:d8:34:
                    60:80:a6:25:89:d5:f0:a6:5d:cd:3e:2a:a7:13:e9:
                    d0:96:71:ae:da:98:24:73:9c:5a:df:01:2b:cf:8a:
                    40:6d:7d:00:cf:f8:64:ee:5b:f7:f4:0f:6d:26:56:
                    b4:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:8D:E0:9E:5B:50:99:81:2B:5E:95:F2:4D:81:09:E2:68:85:1D:9D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.181.0/24
                  191.101.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:33:36:32:fc:2f:3d:4b:36:d5:9d:03:f1:4b:37:df:9c:02:
         b1:46:5f:41:55:95:25:ec:25:26:72:0d:27:83:3c:21:30:87:
         7e:4b:89:7f:3f:a3:20:a8:b3:e1:46:df:43:7a:07:16:75:82:
         f6:f9:57:1e:f9:93:04:9f:8a:f4:86:26:8b:f3:ca:68:7e:3a:
         97:a3:aa:ef:38:bf:a5:42:59:7c:a3:c1:33:8f:d4:b8:e0:55:
         c5:35:1c:a6:5a:ef:14:35:e9:00:0e:cd:cb:17:50:8c:10:77:
         ad:20:6e:66:03:79:cc:82:fc:e9:65:1e:f8:54:44:85:1d:f6:
         17:4c:83:26:1e:fb:ed:cd:91:d6:e1:54:6b:8d:86:e3:95:19:
         5f:ad:e9:30:b4:39:81:d7:3d:e9:95:15:8b:3c:b7:b5:dd:37:
         7d:96:f2:22:d9:32:51:51:46:de:70:93:c6:98:e2:ca:7c:3c:
         ba:3f:f1:4d:60:11:4d:60:b9:35:8c:c8:bf:e6:a4:c5:b6:42:
         56:a8:27:4b:ba:c5:49:77:e4:dd:a5:63:39:56:c3:fb:ee:90:
         8f:05:f3:92:29:00:b0:e4:36:a4:89:0c:b6:9b:ee:19:43:ea:
         d5:28:2f:59:0c:47:44:44:2c:74:ff:db:07:d7:ac:4f:7b:84:
         dc:20:35:16
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUXGzdSsPFrA2qdQY+5B3JXiERJa8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MjkwNzM5NDRaFw0yNjA5MjgwNzQ0NDRaMDMxMTAvBgNV
BAMTKDNBOERFMDlFNUI1MDk5ODEyQjVFOTVGMjREODEwOUUyNjg4NTFEOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCULse/B1AZVYAD7RFbbdxScdv
kjOXC2ARX3o/NNeXdvcSgq6xgealX/9IqCuK6EIWbxDt1pqknDNHKjn6xsgwEkFB
oJdXkI0e3k4IOGzMymTB0mxrK+0Nm+dKAs0EiA9DTAkBoGMxP01QGLCJwMWpu0Xq
17MJbgY+OgIc9WBvG8S2jYLXBnZ9aJ38fDPUuG3M8aoi6wvyVTqzoL+Ou4CELxJ4
/7fd4DHYIMW8+Ysi3Nrri79IxXQAjQ1J5Po2KmNrtqCo+gvtVmwG1L2L49/YNGCA
piWJ1fCmXc0+KqcT6dCWca7amCRznFrfASvPikBtfQDP+GTuW/f0D20mVrTpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUOo3gnltQmYErXpXyTYEJ4miFHZ0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA2NDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC/YLUD
BAC/ZfQwDQYJKoZIhvcNAQELBQADggEBAH4zNjL8Lz1LNtWdA/FLN9+cArFGX0FV
lSXsJSZyDSeDPCEwh35LiX8/oyCos+FG30N6BxZ1gvb5Vx75kwSfivSGJovzymh+
Opejqu84v6VCWXyjwTOP1LjgVcU1HKZa7xQ16QAOzcsXUIwQd60gbmYDecyC/Oll
HvhURIUd9hdMgyYe++3NkdbhVGuNhuOVGV+t6TC0OYHXPemVFYs8t7XdN32W8iLZ
MlFRRt5wk8aY4sp8PLo/8U1gEU1guTWMyL/mpMW2QlaoJ0u6xUl35N2lYzlWw/vu
kI8F85IpALDkNqSJDLab7hlD6tUoL1kMR0RELHT/2wfXrE97hNwgNRY=
-----END CERTIFICATE-----