Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48925.roa
File:                     AS48925.roa (raw, json)
Hash identifier:          M/E5d3rHmlRs25EeAiuKS6DvWq72aVKmpGboynbylQE=
Subject key identifier:   88:3F:5F:34:B7:93:59:59:18:48:BB:80:E7:70:BB:87:8D:59:74:89
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2B4AFD043DB62116BC199AA99AA425265996FDC7
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48925.roa
Signing time:             Thu 12 Mar 2026 10:06:38 +0000
ROA not before:           Thu 12 Mar 2026 10:01:38 +0000
ROA not after:            Thu 11 Mar 2027 10:06:38 +0000
asID:                     48925
IP address blocks:        45.151.44.0/24 maxlen: 24
                          45.158.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:4a:fd:04:3d:b6:21:16:bc:19:9a:a9:9a:a4:25:26:59:96:fd:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 12 10:01:38 2026 GMT
            Not After : Mar 11 10:06:38 2027 GMT
        Subject: CN=883F5F34B79359591848BB80E770BB878D597489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:94:40:db:42:aa:46:7b:3a:cb:c7:ea:2f:08:
                    d5:b3:c6:16:ca:bf:d1:65:11:c1:2e:f3:43:a3:d0:
                    86:57:a6:dd:aa:31:06:75:66:2e:4b:17:0c:f2:27:
                    db:8f:f8:e5:66:d9:19:8f:d2:23:a9:20:1d:8b:85:
                    fc:af:10:0b:cd:3e:d3:66:50:53:f8:f3:e3:e7:66:
                    fb:f8:03:19:c6:b3:16:df:f0:ef:c8:7b:66:67:4a:
                    27:a0:98:5d:91:06:7d:97:3a:fb:61:f1:7a:b1:b1:
                    d6:97:6d:4b:8c:6b:af:ef:0a:18:19:04:43:0d:9c:
                    46:c4:02:bf:3c:e9:ef:3c:04:91:2f:d8:7a:4c:ef:
                    59:09:a0:eb:03:74:c9:37:cb:73:e4:8e:33:ff:a2:
                    ac:4c:cc:9b:f2:03:d2:e0:f4:fd:8e:c2:c6:9e:e7:
                    a9:f6:63:52:a5:dd:9a:2a:52:1c:08:15:ae:c2:10:
                    1e:9a:85:eb:51:1a:f8:fd:5b:34:72:81:0f:1e:49:
                    03:a2:06:34:42:00:31:03:d0:53:7f:d6:14:3d:17:
                    0d:32:06:34:1b:0c:e8:42:88:2e:57:0c:c3:d8:93:
                    03:7d:6b:96:0a:24:33:7b:7b:4e:7d:c5:4d:8f:d4:
                    09:75:a1:93:8f:1c:33:5b:b9:5a:2b:d0:72:53:9f:
                    ce:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:3F:5F:34:B7:93:59:59:18:48:BB:80:E7:70:BB:87:8D:59:74:89
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS48925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.44.0/24
                  45.158.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:27:db:c1:4a:00:45:bd:39:1e:c8:67:f6:a9:d9:8b:cd:c6:
         80:c4:bf:a3:f9:50:1e:69:c2:78:bb:0b:53:52:bf:e1:32:f0:
         5a:bd:72:b5:97:e7:5f:91:fa:0f:9b:dc:d0:fd:6d:88:b3:2c:
         6b:2b:a6:03:e3:d8:05:bf:56:5d:d4:72:b9:98:05:d0:f7:24:
         f3:e6:5e:1f:ff:d6:9e:5e:46:87:51:28:2d:7f:bd:26:a0:b7:
         b5:e6:e5:db:0f:11:de:9f:1d:37:b3:9f:a7:44:2a:fb:48:52:
         ff:54:62:af:86:b9:02:57:66:ab:22:24:12:18:e1:29:03:9f:
         14:60:dd:28:43:19:bd:68:0b:08:e2:dd:0a:0f:0a:85:79:b2:
         b4:05:c2:52:4d:e0:1b:7e:8c:1c:95:0a:09:64:25:86:2a:53:
         13:e3:8b:03:e9:79:a8:07:bb:5e:a5:5b:50:ca:f5:f0:04:38:
         ea:b3:f6:8c:d0:6a:5b:af:32:54:66:92:0a:de:b2:33:f3:04:
         00:a7:e9:db:6b:28:fd:23:35:d5:5c:98:57:02:68:e7:48:64:
         f9:80:4e:18:5c:2e:3d:5c:40:20:ae:25:3f:5a:9b:cd:d1:52:
         1d:82:a8:ae:1c:19:d5:22:1e:be:2c:f0:5a:b7:c0:d7:3e:d2:
         29:aa:ee:c4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUK0r9BD22IRa8GZqpmqQlJlmW/ccwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTIxMDAxMzhaFw0yNzAzMTExMDA2MzhaMDMxMTAvBgNV
BAMTKDg4M0Y1RjM0Qjc5MzU5NTkxODQ4QkI4MEU3NzBCQjg3OEQ1OTc0ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3lEDbQqpGezrLx+ovCNWzxhbK
v9FlEcEu80Oj0IZXpt2qMQZ1Zi5LFwzyJ9uP+OVm2RmP0iOpIB2LhfyvEAvNPtNm
UFP48+PnZvv4AxnGsxbf8O/Ie2ZnSiegmF2RBn2XOvth8XqxsdaXbUuMa6/vChgZ
BEMNnEbEAr886e88BJEv2HpM71kJoOsDdMk3y3PkjjP/oqxMzJvyA9Lg9P2Owsae
56n2Y1Kl3ZoqUhwIFa7CEB6ahetRGvj9WzRygQ8eSQOiBjRCADED0FN/1hQ9Fw0y
BjQbDOhCiC5XDMPYkwN9a5YKJDN7e059xU2P1Al1oZOPHDNbuVor0HJTn86xAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUiD9fNLeTWVkYSLuA53C7h41ZdIkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDg5MjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtlywD
BAAtnqswDQYJKoZIhvcNAQELBQADggEBAG4n28FKAEW9OR7IZ/ap2YvNxoDEv6P5
UB5pwni7C1NSv+Ey8Fq9crWX51+R+g+b3ND9bYizLGsrpgPj2AW/Vl3UcrmYBdD3
JPPmXh//1p5eRodRKC1/vSagt7Xm5dsPEd6fHTezn6dEKvtIUv9UYq+GuQJXZqsi
JBIY4SkDnxRg3ShDGb1oCwji3QoPCoV5srQFwlJN4Bt+jByVCglkJYYqUxPjiwPp
eagHu16lW1DK9fAEOOqz9ozQaluvMlRmkgresjPzBACn6dtrKP0jNdVcmFcCaOdI
ZPmAThhcLj1cQCCuJT9am83RUh2CqK4cGdUiHr4s8Fq3wNc+0imq7sQ=
-----END CERTIFICATE-----