Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          anAYNredqKjQwQEtCcEyhQVtO5NWGgWy6FMOvy+pORQ=
Subject key identifier:   4D:E6:DC:F1:BB:83:EC:2E:43:D9:AA:71:0C:21:45:75:2E:2C:F8:11
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       55367114A9C99760C9CAF20E589CAC0424E3EA09
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48678.roa
Signing time:             Sun 12 Oct 2025 09:51:17 +0000
ROA not before:           Sun 12 Oct 2025 09:46:17 +0000
ROA not after:            Sun 11 Oct 2026 09:51:17 +0000
asID:                     48678
IP address blocks:        5.133.101.0/24 maxlen: 24
                          31.40.197.0/24 maxlen: 24
                          31.40.199.0/24 maxlen: 24
                          31.40.205.0/24 maxlen: 24
                          31.40.207.0/24 maxlen: 24
                          85.235.74.0/24 maxlen: 24
                          176.96.128.0/24 maxlen: 24
                          176.96.130.0/24 maxlen: 24
                          193.111.79.0/24 maxlen: 24
                          217.18.208.0/24 maxlen: 24
                          217.18.209.0/24 maxlen: 24
                          217.18.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:36:71:14:a9:c9:97:60:c9:ca:f2:0e:58:9c:ac:04:24:e3:ea:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct 12 09:46:17 2025 GMT
            Not After : Oct 11 09:51:17 2026 GMT
        Subject: CN=4DE6DCF1BB83EC2E43D9AA710C2145752E2CF811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5f:d0:27:5f:39:64:cb:4a:54:89:46:f3:90:
                    ba:d8:67:a6:a8:44:51:4b:cc:4a:5c:cb:b6:3e:ae:
                    64:c1:c1:6f:53:07:27:b3:33:67:9f:51:ea:73:b9:
                    34:69:c4:2c:e5:61:8b:2d:88:1e:04:23:fe:46:82:
                    8b:83:af:77:dd:9a:04:0e:89:5f:4d:b2:e9:23:da:
                    d4:b8:2b:b7:21:01:08:8d:29:ef:a9:d4:34:ca:86:
                    3d:32:2a:03:3f:40:6f:d9:62:fa:7b:e7:e0:15:b4:
                    5d:a0:16:8a:05:6c:40:c5:72:3b:84:8a:c1:5c:1e:
                    7b:36:a5:f2:50:7d:37:2f:82:fd:ed:fa:da:64:74:
                    f7:3f:7a:b0:39:53:e3:0b:b7:28:8a:f7:58:69:ae:
                    29:bf:30:95:e9:e6:c5:0f:35:57:b9:26:a6:44:7a:
                    93:c8:8f:ad:fd:d4:09:60:58:b0:2b:03:39:bc:73:
                    96:c8:d9:59:3a:40:f1:80:38:4f:ba:ed:1c:76:a5:
                    e2:07:23:ef:2e:64:56:27:68:4b:78:62:66:48:8c:
                    25:a1:d4:50:2b:bc:d9:a2:5e:ef:a0:5f:33:3e:43:
                    d2:7a:5b:2e:f3:92:90:bc:cd:86:3a:ba:09:41:2d:
                    ea:c6:e9:7b:59:b4:0f:70:43:e8:ca:ed:fc:9d:e3:
                    76:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E6:DC:F1:BB:83:EC:2E:43:D9:AA:71:0C:21:45:75:2E:2C:F8:11
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.101.0/24
                  31.40.197.0/24
                  31.40.199.0/24
                  31.40.205.0/24
                  31.40.207.0/24
                  85.235.74.0/24
                  176.96.128.0/24
                  176.96.130.0/24
                  193.111.79.0/24
                  217.18.208.0/23
                  217.18.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:05:21:d3:32:ba:59:2d:66:c0:bc:74:65:74:6e:bb:24:e4:
         fa:0f:51:94:71:8e:cb:b6:45:15:f6:82:d0:fb:e6:25:77:22:
         ec:4d:5c:c3:1b:bc:73:4f:3e:05:2b:51:39:bd:4d:b4:d9:28:
         28:34:6e:e8:d8:5d:12:ec:72:79:7c:7b:cb:72:ca:ac:1a:84:
         40:35:36:10:ea:63:de:92:3a:a5:ee:e7:b9:97:46:82:93:0f:
         a7:a1:f8:fd:17:cf:f5:ae:4a:5b:61:c2:28:76:22:e7:3b:17:
         00:99:19:8e:c5:2e:15:0c:2b:d8:23:89:ab:dc:5c:0b:b5:19:
         ad:db:74:ed:2e:9a:14:ec:4a:bc:c2:37:3d:35:94:b7:65:89:
         ae:ad:e8:9d:75:10:73:9f:56:2d:8a:0e:d5:f9:fa:b9:1c:cc:
         f5:dc:96:37:45:9f:0d:d8:bc:50:d8:1c:89:04:cd:2b:eb:ce:
         63:dc:50:9c:d5:a6:e1:b8:65:3f:dc:61:8c:ae:11:3d:68:06:
         53:a3:29:1b:2b:d8:f9:f7:23:39:7e:95:46:d5:7c:fd:1f:73:
         54:49:ea:95:14:23:22:14:ac:11:88:2b:8e:f2:fd:46:d8:c7:
         d0:1c:95:26:cd:4c:f3:bb:df:10:09:da:f7:c6:d0:a6:0c:9a:
         6a:6c:71:c0
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIUVTZxFKnJl2DJyvIOWJysBCTj6gkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMTIwOTQ2MTdaFw0yNjEwMTEwOTUxMTdaMDMxMTAvBgNV
BAMTKDRERTZEQ0YxQkI4M0VDMkU0M0Q5QUE3MTBDMjE0NTc1MkUyQ0Y4MTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGX9AnXzlky0pUiUbzkLrYZ6ao
RFFLzEpcy7Y+rmTBwW9TByezM2efUepzuTRpxCzlYYstiB4EI/5GgouDr3fdmgQO
iV9Nsukj2tS4K7chAQiNKe+p1DTKhj0yKgM/QG/ZYvp75+AVtF2gFooFbEDFcjuE
isFcHns2pfJQfTcvgv3t+tpkdPc/erA5U+MLtyiK91hprim/MJXp5sUPNVe5JqZE
epPIj6391AlgWLArAzm8c5bI2Vk6QPGAOE+67Rx2peIHI+8uZFYnaEt4YmZIjCWh
1FArvNmiXu+gXzM+Q9J6Wy7zkpC8zYY6uglBLerG6XtZtA9wQ+jK7fyd43aDAgMB
AAGjggJFMIICQTAdBgNVHQ4EFgQUTebc8buD7C5D2apxDCFFdS4s+BEwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBAAFhWUD
BAAfKMUDBAAfKMcDBAAfKM0DBAAfKM8DBABV60oDBACwYIADBACwYIIDBADBb08D
BAHZEtADBADZEtMwDQYJKoZIhvcNAQELBQADggEBADAFIdMyulktZsC8dGV0brsk
5PoPUZRxjsu2RRX2gtD75iV3IuxNXMMbvHNPPgUrUTm9TbTZKCg0bujYXRLscnl8
e8tyyqwahEA1NhDqY96SOqXu57mXRoKTD6eh+P0Xz/WuSlthwih2Iuc7FwCZGY7F
LhUMK9gjiavcXAu1Ga3bdO0umhTsSrzCNz01lLdlia6t6J11EHOfVi2KDtX5+rkc
zPXcljdFnw3YvFDYHIkEzSvrzmPcUJzVpuG4ZT/cYYyuET1oBlOjKRsr2Pn3Izl+
lUbVfP0fc1RJ6pUUIyIUrBGIK47y/UbYx9AclSbNTPO73xAJ2vfG0KYMmmpsccA=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:40 2025 by rpki-client