Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48266.roa
File:                     AS48266.roa (raw, json)
Hash identifier:          KXzWbmXIhMS/7+CuSB1/aiVqEXmqe6HhW7diMBGilks=
Subject key identifier:   85:29:C2:D6:43:E2:4A:B2:44:C1:6D:DC:85:1A:70:38:6F:C4:C6:78
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       41D6E2BC582D980DE83ECE3A9352F17CF971EF3E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48266.roa
Signing time:             Mon 14 Apr 2025 07:42:46 +0000
ROA not before:           Mon 14 Apr 2025 07:37:46 +0000
ROA not after:            Mon 13 Apr 2026 07:42:46 +0000
asID:                     48266
IP address blocks:        141.11.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 12:09:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d6:e2:bc:58:2d:98:0d:e8:3e:ce:3a:93:52:f1:7c:f9:71:ef:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 14 07:37:46 2025 GMT
            Not After : Apr 13 07:42:46 2026 GMT
        Subject: CN=8529C2D643E24AB244C16DDC851A70386FC4C678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c0:9a:5b:29:6e:bd:1c:a8:77:5d:de:7b:80:
                    77:e4:62:58:dd:93:16:b8:a4:ad:89:f1:e7:af:11:
                    40:e1:f1:23:dc:ce:62:da:ee:24:56:ae:bc:00:9e:
                    e6:5e:1e:ab:7f:c6:21:91:3d:53:a2:30:d5:4a:3f:
                    89:db:c3:57:41:b6:31:1e:31:ec:7a:7d:1c:b3:47:
                    dc:7d:15:05:0f:e4:08:b3:11:f9:76:ff:71:ae:17:
                    8b:36:12:d0:36:f1:af:fa:cb:32:69:92:50:b4:a9:
                    45:45:4a:8d:47:b8:cb:4b:b0:59:10:12:01:c6:75:
                    fb:0c:1a:60:b1:15:03:a8:e9:50:e8:92:2a:30:22:
                    bd:10:e9:61:58:da:a9:49:64:08:ca:bf:6d:86:ee:
                    82:f0:82:f6:eb:3e:19:88:3d:78:0f:c2:99:5d:c1:
                    77:93:f3:46:60:3f:f8:77:87:3f:4b:f2:af:94:97:
                    11:91:15:e5:1a:92:ef:79:50:1e:44:42:4e:85:94:
                    f3:2a:c5:aa:2f:4c:7b:09:ff:02:82:03:12:dd:de:
                    21:86:61:b9:18:d6:75:47:d6:d5:d9:09:ac:c5:70:
                    4a:c7:ec:1c:88:8c:fa:86:55:ef:ae:3b:07:1f:b3:
                    18:04:30:96:8f:b5:81:d3:25:5e:b3:73:42:df:7a:
                    6f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:29:C2:D6:43:E2:4A:B2:44:C1:6D:DC:85:1A:70:38:6F:C4:C6:78
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS48266.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:2b:b9:89:c0:d0:77:3f:3e:ce:a8:e6:a3:50:15:a7:23:7b:
         f0:12:e3:e4:96:83:71:9d:28:5c:ed:89:05:ab:87:8a:57:a6:
         a8:32:8d:68:de:c0:ec:77:ed:10:0c:55:81:59:c3:e2:fa:47:
         4a:be:51:f3:cc:19:74:c2:aa:40:47:85:55:db:37:ad:b1:66:
         01:b5:ec:91:64:37:83:0f:b6:29:92:26:07:8a:9c:c5:7d:d5:
         83:04:5a:38:30:27:7e:91:16:00:96:0c:48:da:d4:f5:e1:5a:
         64:1c:74:59:40:02:51:10:2a:3e:d8:6e:11:11:90:d8:7f:21:
         c0:2f:40:5c:67:af:0a:fe:20:97:47:87:1f:7f:77:f9:87:1c:
         f9:8f:f5:7b:5b:e9:83:63:19:86:5c:45:74:b4:e6:b6:28:9d:
         91:72:f2:0d:d7:e6:6d:d3:59:32:f4:73:b6:2c:1d:61:b7:11:
         c0:d6:14:72:cd:83:57:11:71:68:74:8a:73:41:87:1b:62:07:
         09:70:eb:73:ad:0d:d6:81:99:c1:ab:dc:ec:69:13:ae:d8:9a:
         29:76:87:f4:e0:75:88:8d:b0:b5:3f:86:bd:bd:ef:32:ea:9d:
         ab:85:8d:6c:f7:01:2e:76:01:79:25:4c:b9:7f:73:22:9a:50:
         e8:36:f7:a7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQdbivFgtmA3oPs46k1LxfPlx7z4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MTQwNzM3NDZaFw0yNjA0MTMwNzQyNDZaMDMxMTAvBgNV
BAMTKDg1MjlDMkQ2NDNFMjRBQjI0NEMxNkREQzg1MUE3MDM4NkZDNEM2NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtwJpbKW69HKh3Xd57gHfkYljd
kxa4pK2J8eevEUDh8SPczmLa7iRWrrwAnuZeHqt/xiGRPVOiMNVKP4nbw1dBtjEe
Mex6fRyzR9x9FQUP5AizEfl2/3GuF4s2EtA28a/6yzJpklC0qUVFSo1HuMtLsFkQ
EgHGdfsMGmCxFQOo6VDokiowIr0Q6WFY2qlJZAjKv22G7oLwgvbrPhmIPXgPwpld
wXeT80ZgP/h3hz9L8q+UlxGRFeUaku95UB5EQk6FlPMqxaovTHsJ/wKCAxLd3iGG
YbkY1nVH1tXZCazFcErH7ByIjPqGVe+uOwcfsxgEMJaPtYHTJV6zc0Lfem9nAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUhSnC1kPiSrJEwW3chRpwOG/ExngwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDgyNjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/Mw
DQYJKoZIhvcNAQELBQADggEBAEEruYnA0Hc/Ps6o5qNQFacje/AS4+SWg3GdKFzt
iQWrh4pXpqgyjWjewOx37RAMVYFZw+L6R0q+UfPMGXTCqkBHhVXbN62xZgG17JFk
N4MPtimSJgeKnMV91YMEWjgwJ36RFgCWDEja1PXhWmQcdFlAAlEQKj7YbhERkNh/
IcAvQFxnrwr+IJdHhx9/d/mHHPmP9Xtb6YNjGYZcRXS05rYonZFy8g3X5m3TWTL0
c7YsHWG3EcDWFHLNg1cRcWh0inNBhxtiBwlw63OtDdaBmcGr3OxpE67Ymil2h/Tg
dYiNsLU/hr297zLqnauFjWz3AS52AXklTLl/cyKaUOg296c=
-----END CERTIFICATE-----