Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS48925.roa
File:                     AS48925.roa (raw, json)
Hash identifier:          OcucM/8luIFkEj8H98QUSITshbkDJVuNGcNhbRWHtn8=
Subject key identifier:   86:70:97:A0:F0:96:86:A7:48:76:5D:D3:C6:4F:63:77:B9:28:4E:8A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       084F6981DF40569199E19E3E28FE6EA24D0FE572
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS48925.roa
Signing time:             Sat 28 Jun 2025 16:08:24 +0000
ROA not before:           Sat 28 Jun 2025 16:03:24 +0000
ROA not after:            Sat 27 Jun 2026 16:08:24 +0000
asID:                     48925
IP address blocks:        143.20.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:4f:69:81:df:40:56:91:99:e1:9e:3e:28:fe:6e:a2:4d:0f:e5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 28 16:03:24 2025 GMT
            Not After : Jun 27 16:08:24 2026 GMT
        Subject: CN=867097A0F09686A748765DD3C64F6377B9284E8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1d:48:ea:30:68:6e:2f:dd:2c:f4:28:bf:4a:
                    bb:07:01:9f:07:4e:7e:85:da:6b:71:86:4d:c7:4a:
                    c5:18:eb:e5:36:09:b5:eb:07:62:7e:b4:5d:64:a3:
                    76:e5:f4:f8:5b:00:87:78:3e:28:ed:32:e9:a4:3f:
                    4e:66:90:d9:24:f4:da:89:41:c1:86:c7:cf:ce:f0:
                    6f:cb:82:0d:46:cf:b8:38:00:0d:4f:b5:74:02:4f:
                    d9:57:ff:cf:ab:51:55:93:d4:1f:44:80:4f:0c:02:
                    c9:52:44:39:3f:75:a2:fe:c2:bf:7b:b2:96:7b:ac:
                    35:ba:80:b3:3d:10:15:da:31:da:3d:fa:ca:39:e0:
                    11:ee:3c:ea:c1:c4:ce:e6:93:36:94:b6:15:bd:a9:
                    4d:a7:7f:f5:9d:82:85:a6:1f:0d:94:27:ca:1e:37:
                    e9:9b:ff:92:ab:70:50:e9:3d:54:5e:78:2b:da:ed:
                    b7:25:04:7c:c9:a8:b2:31:55:1b:1c:e2:79:de:4f:
                    af:a5:25:5c:b5:bb:aa:fb:61:13:25:ad:e1:23:3a:
                    05:2a:3a:90:2f:a8:f4:27:ad:c1:9c:9f:8a:6e:06:
                    f8:df:e9:75:ab:8e:cf:51:a7:5a:95:f6:62:43:f0:
                    57:e6:57:01:f5:65:51:92:64:eb:9c:e4:8c:bd:cc:
                    e1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:70:97:A0:F0:96:86:A7:48:76:5D:D3:C6:4F:63:77:B9:28:4E:8A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS48925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:04:7f:26:58:5e:22:7d:71:80:17:47:98:66:bc:6c:1d:37:
         8d:ee:3d:df:0f:f5:35:c6:0d:52:5b:54:3d:4b:61:36:47:c8:
         34:83:dd:fa:60:db:31:a8:db:5d:cd:3b:e3:8e:dd:41:d4:a5:
         06:b2:76:78:58:75:ac:62:89:73:d0:be:89:33:1b:b2:a7:e5:
         8a:8c:7a:f2:0e:cb:da:83:5b:00:07:ac:a4:3a:5a:0c:70:6a:
         d5:82:e3:4f:0c:f8:b3:36:9a:26:ba:65:21:80:de:88:e9:fb:
         64:c1:32:49:3d:07:23:60:ae:52:7e:ab:fc:50:55:be:55:05:
         55:dd:78:27:d8:6e:43:19:be:05:53:3e:ad:e7:44:e3:b4:ef:
         17:39:de:2f:fe:6e:26:f8:27:26:64:7c:de:12:55:8b:7b:e8:
         20:f9:5b:52:de:3d:bc:01:21:6f:0d:23:75:0a:8c:a1:08:70:
         59:2b:56:b4:07:3e:f2:3f:0a:2e:21:23:11:18:f2:b7:a8:35:
         d1:88:1d:cd:d7:da:b7:94:34:d4:58:d1:8c:5e:45:ac:81:34:
         33:e7:ab:e8:1e:2a:17:e6:81:d0:63:6a:d6:53:1b:44:c7:79:
         26:cd:10:8c:9c:bd:59:ad:58:23:51:e2:e8:63:68:14:f0:3a:
         2f:56:cb:0d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCE9pgd9AVpGZ4Z4+KP5uok0P5XIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjgxNjAzMjRaFw0yNjA2MjcxNjA4MjRaMDMxMTAvBgNV
BAMTKDg2NzA5N0EwRjA5Njg2QTc0ODc2NUREM0M2NEY2Mzc3QjkyODRFOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFHUjqMGhuL90s9Ci/SrsHAZ8H
Tn6F2mtxhk3HSsUY6+U2CbXrB2J+tF1ko3bl9PhbAId4PijtMumkP05mkNkk9NqJ
QcGGx8/O8G/Lgg1Gz7g4AA1PtXQCT9lX/8+rUVWT1B9EgE8MAslSRDk/daL+wr97
spZ7rDW6gLM9EBXaMdo9+so54BHuPOrBxM7mkzaUthW9qU2nf/WdgoWmHw2UJ8oe
N+mb/5KrcFDpPVReeCva7bclBHzJqLIxVRsc4nneT6+lJVy1u6r7YRMlreEjOgUq
OpAvqPQnrcGcn4puBvjf6XWrjs9Rp1qV9mJD8FfmVwH1ZVGSZOuc5Iy9zOFHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUhnCXoPCWhqdIdl3Txk9jd7koToowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDg5MjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFGYw
DQYJKoZIhvcNAQELBQADggEBAHEEfyZYXiJ9cYAXR5hmvGwdN43uPd8P9TXGDVJb
VD1LYTZHyDSD3fpg2zGo213NO+OO3UHUpQaydnhYdaxiiXPQvokzG7Kn5YqMevIO
y9qDWwAHrKQ6WgxwatWC408M+LM2mia6ZSGA3ojp+2TBMkk9ByNgrlJ+q/xQVb5V
BVXdeCfYbkMZvgVTPq3nROO07xc53i/+bib4JyZkfN4SVYt76CD5W1LePbwBIW8N
I3UKjKEIcFkrVrQHPvI/Ci4hIxEY8reoNdGIHc3X2reUNNRY0YxeRayBNDPnq+ge
KhfmgdBjatZTG0THeSbNEIycvVmtWCNR4uhjaBTwOi9Wyw0=
-----END CERTIFICATE-----