Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48925.roa
File:                     AS48925.roa (raw, json)
Hash identifier:          30/ExYkR4ZEJWZnSsIRhZpfZ9F1fW3HVmZkUHy/UsD0=
Subject key identifier:   03:A0:93:32:42:15:A9:D8:8A:92:FA:A0:64:B0:27:ED:29:A1:33:D2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7BB12F131E021A348B9FE5C6DC8C19D4C9133F83
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48925.roa
Signing time:             Mon 13 Oct 2025 11:55:08 +0000
ROA not before:           Mon 13 Oct 2025 11:50:08 +0000
ROA not after:            Mon 12 Oct 2026 11:55:08 +0000
asID:                     48925
IP address blocks:        181.215.63.0/24 maxlen: 24
                          191.96.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:b1:2f:13:1e:02:1a:34:8b:9f:e5:c6:dc:8c:19:d4:c9:13:3f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 13 11:50:08 2025 GMT
            Not After : Oct 12 11:55:08 2026 GMT
        Subject: CN=03A093324215A9D88A92FAA064B027ED29A133D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ce:86:d4:32:2d:60:60:c4:d3:0f:8d:fe:28:
                    ed:d9:0d:64:01:5d:20:20:79:a6:63:a8:24:5a:bc:
                    a3:ba:66:87:d3:5c:44:b4:f8:62:7d:f0:3e:42:c7:
                    29:fe:4b:98:a8:9c:cf:74:81:23:7a:e3:04:5e:63:
                    e2:da:47:6f:55:d7:7c:47:89:ab:ee:e4:b4:8d:86:
                    a0:a2:5a:45:f0:4e:c8:8a:35:3e:a6:a5:e6:fc:0e:
                    44:d7:80:90:87:79:3b:8d:a2:37:2e:fb:9b:2f:1d:
                    f8:93:38:a9:46:b1:7c:c6:02:bf:25:3a:2b:b3:60:
                    72:3f:a5:1a:1b:15:a2:d4:67:5c:2b:b3:2e:49:e1:
                    6e:62:4b:34:84:fc:78:93:b6:1f:f4:7a:a7:5a:f3:
                    9b:2a:6b:0d:22:18:36:7a:1f:0a:52:b2:e0:e0:6f:
                    e1:12:d5:ac:74:0f:49:17:59:82:0a:ec:7e:82:4c:
                    c3:0b:ef:c9:e5:5f:b3:0c:c4:a0:9f:47:56:f5:1e:
                    82:e9:36:7d:47:e8:75:3a:ef:b5:b5:40:0f:76:d2:
                    d6:16:2b:74:3e:22:b2:1d:5a:db:38:69:ba:22:f4:
                    f4:c8:1e:67:45:ed:b5:42:73:42:76:4d:b6:e6:5e:
                    33:04:53:40:77:11:d2:ff:83:d3:54:04:5f:ce:a7:
                    4f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:A0:93:32:42:15:A9:D8:8A:92:FA:A0:64:B0:27:ED:29:A1:33:D2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.63.0/24
                  191.96.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:c9:c4:b8:2b:f6:23:a6:a8:3d:a3:c8:e7:04:9e:35:6f:47:
         1f:48:76:34:15:dc:b1:60:73:9d:83:73:c3:37:c0:50:ab:89:
         ba:30:69:8e:9d:82:3f:51:75:8e:5d:8e:8d:73:50:17:8f:fc:
         49:71:0d:95:89:2b:fb:10:b0:5c:bc:f8:ae:cc:9a:4b:ee:30:
         92:b7:a7:f7:b3:af:95:76:1f:e8:ae:04:3b:15:23:0a:94:68:
         dc:51:7a:88:ae:6e:b1:dc:34:b9:dc:10:ba:02:8b:11:f1:c6:
         9e:6d:dd:59:fd:21:0f:70:93:45:1e:f9:4d:48:7a:a2:a3:a7:
         c4:01:80:ab:65:5d:47:b3:37:1f:5d:de:46:79:52:b8:78:e0:
         d3:fd:5f:25:1d:6f:c2:06:e4:f3:07:b8:72:04:1a:de:1d:3c:
         e0:27:d8:a5:19:0d:1b:2a:55:aa:f7:b3:8b:1b:70:c2:c8:47:
         0f:0f:ba:84:58:50:c9:3b:fd:97:a9:e6:0b:ec:cf:41:7f:16:
         17:2e:9c:99:ec:78:79:71:4b:d7:b9:21:62:2b:e5:a0:b4:e8:
         be:2f:07:8f:1c:b9:d4:83:fe:ac:8d:4e:95:bc:e9:76:73:f0:
         33:08:24:49:80:86:31:04:cc:14:f1:4c:08:2b:2f:96:bd:56:
         e4:15:94:bd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUe7EvEx4CGjSLn+XG3IwZ1MkTP4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMTMxMTUwMDhaFw0yNjEwMTIxMTU1MDhaMDMxMTAvBgNV
BAMTKDAzQTA5MzMyNDIxNUE5RDg4QTkyRkFBMDY0QjAyN0VEMjlBMTMzRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAzobUMi1gYMTTD43+KO3ZDWQB
XSAgeaZjqCRavKO6ZofTXES0+GJ98D5Cxyn+S5ionM90gSN64wReY+LaR29V13xH
iavu5LSNhqCiWkXwTsiKNT6mpeb8DkTXgJCHeTuNojcu+5svHfiTOKlGsXzGAr8l
OiuzYHI/pRobFaLUZ1wrsy5J4W5iSzSE/HiTth/0eqda85sqaw0iGDZ6HwpSsuDg
b+ES1ax0D0kXWYIK7H6CTMML78nlX7MMxKCfR1b1HoLpNn1H6HU677W1QA920tYW
K3Q+IrIdWts4aboi9PTIHmdF7bVCc0J2TbbmXjMEU0B3EdL/g9NUBF/Op0/XAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUA6CTMkIVqdiKkvqgZLAn7SmhM9IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDg5MjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11z8D
BAC/YJgwDQYJKoZIhvcNAQELBQADggEBAIbJxLgr9iOmqD2jyOcEnjVvRx9IdjQV
3LFgc52Dc8M3wFCribowaY6dgj9RdY5djo1zUBeP/ElxDZWJK/sQsFy8+K7Mmkvu
MJK3p/ezr5V2H+iuBDsVIwqUaNxReoiubrHcNLncELoCixHxxp5t3Vn9IQ9wk0Ue
+U1IeqKjp8QBgKtlXUezNx9d3kZ5Urh44NP9XyUdb8IG5PMHuHIEGt4dPOAn2KUZ
DRsqVar3s4sbcMLIRw8PuoRYUMk7/Zep5gvsz0F/FhcunJnseHlxS9e5IWIr5aC0
6L4vB48cudSD/qyNTpW86XZz8DMIJEmAhjEEzBTxTAgrL5a9VuQVlL0=
-----END CERTIFICATE-----