Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS2488.roa
File:                     AS2488.roa (raw, json)
Hash identifier:          d1ro1rTJNorB0LJ0CEyOGONayK9rYSVfYmwH9mcTFUM=
Subject key identifier:   AE:DA:D8:7A:06:98:81:17:4E:34:67:A5:6D:36:21:51:B3:FA:60:30
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       2FA0C7F9C0052AC602E5E6A35C3B671967DD74A4
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS2488.roa
Signing time:             Wed 04 Mar 2026 08:30:28 +0000
ROA not before:           Wed 04 Mar 2026 08:25:28 +0000
ROA not after:            Wed 03 Mar 2027 08:30:28 +0000
asID:                     2488
IP address blocks:        147.125.0.0/17 maxlen: 17
                          2001:67c:1b70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:48:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a0:c7:f9:c0:05:2a:c6:02:e5:e6:a3:5c:3b:67:19:67:dd:74:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 08:25:28 2026 GMT
            Not After : Mar  3 08:30:28 2027 GMT
        Subject: CN=AEDAD87A069881174E3467A56D362151B3FA6030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:78:43:a2:fb:df:dc:ce:0a:02:09:6a:d2:56:
                    3d:45:16:8a:6e:e1:31:2e:c6:1a:02:a3:0a:90:3c:
                    b9:fd:c6:48:92:e2:b5:ad:04:73:3d:23:f0:96:e4:
                    84:9f:31:82:17:98:68:4b:6d:09:fe:de:6e:4a:85:
                    80:d8:c6:6c:f1:e9:d7:a0:c4:f6:62:2c:61:38:4f:
                    10:c1:26:68:18:f2:b5:9f:0e:3f:85:a0:cb:2a:46:
                    91:6f:fa:9b:1c:03:77:40:5f:5b:50:eb:9e:74:7e:
                    27:cb:d2:f7:ab:90:68:26:f1:78:91:46:ee:37:9c:
                    6c:22:0d:67:f2:0a:a3:66:5f:69:7d:db:60:36:77:
                    ed:33:5f:35:fd:37:03:30:0a:31:9c:25:2f:87:64:
                    07:5a:6f:cc:77:45:72:32:9a:c0:29:62:cc:0b:83:
                    05:19:c6:37:d8:c1:4b:c4:b1:1f:0c:1f:ee:33:2b:
                    4d:05:6e:32:f1:5b:e1:65:90:af:f1:85:e2:ae:72:
                    b9:1a:a5:d0:6c:40:6b:b2:95:73:07:05:0a:ea:ec:
                    d4:dc:da:74:e3:cf:07:ce:b4:74:d8:f1:c1:ac:9e:
                    45:28:1a:84:96:84:51:5e:77:f2:c6:54:c2:48:d8:
                    e7:66:87:a6:ee:ed:18:82:f2:ec:dd:ba:bc:7e:d5:
                    0d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:DA:D8:7A:06:98:81:17:4E:34:67:A5:6D:36:21:51:B3:FA:60:30
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS2488.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.0.0/17
                IPv6:
                  2001:67c:1b70::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:18:af:3e:a2:ce:81:98:8e:1c:b9:6f:2a:df:67:f1:60:06:
         71:eb:1b:d6:df:f0:03:33:32:78:da:d6:88:46:27:3f:66:86:
         e0:af:e9:cf:ee:f4:36:e6:e9:a4:ba:3f:39:73:43:62:2b:ed:
         34:65:b9:6b:95:7f:5d:3c:24:85:67:b2:fa:63:f3:ce:ad:9e:
         70:a0:12:c9:a4:38:50:05:bf:70:fc:c7:19:4f:37:6c:e0:0c:
         5d:9f:87:46:98:97:d0:6a:de:39:0a:ed:10:46:62:fc:31:12:
         a6:37:72:9d:98:df:6b:20:7c:6a:60:33:dc:a8:cd:b6:2d:6d:
         80:ce:ae:cf:a5:41:3c:56:e3:18:4e:c2:f5:50:1e:23:54:6f:
         02:90:70:52:cd:ff:7c:ee:ad:43:af:14:66:74:48:d7:a1:1c:
         ab:a9:59:ce:7a:b2:3c:ea:83:60:2a:00:4e:82:f2:db:26:15:
         e5:01:04:a4:e3:66:10:ba:9e:96:77:4a:08:2b:62:78:26:bc:
         c0:5d:0f:2f:bf:51:70:37:ec:99:36:df:bc:9c:75:38:4e:9b:
         bd:59:a8:92:90:35:8a:86:51:35:66:f6:d5:fe:3e:53:66:98:
         79:96:e1:18:81:4f:64:bc:f8:6c:95:16:d8:43:8e:15:37:fb:
         c8:fd:89:2b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIUL6DH+cAFKsYC5eajXDtnGWfddKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQwODI1MjhaFw0yNzAzMDMwODMwMjhaMDMxMTAvBgNV
BAMTKEFFREFEODdBMDY5ODgxMTc0RTM0NjdBNTZEMzYyMTUxQjNGQTYwMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqeEOi+9/czgoCCWrSVj1FFopu
4TEuxhoCowqQPLn9xkiS4rWtBHM9I/CW5ISfMYIXmGhLbQn+3m5KhYDYxmzx6deg
xPZiLGE4TxDBJmgY8rWfDj+FoMsqRpFv+pscA3dAX1tQ6550fifL0verkGgm8XiR
Ru43nGwiDWfyCqNmX2l922A2d+0zXzX9NwMwCjGcJS+HZAdab8x3RXIymsApYswL
gwUZxjfYwUvEsR8MH+4zK00FbjLxW+FlkK/xheKucrkapdBsQGuylXMHBQrq7NTc
2nTjzwfOtHTY8cGsnkUoGoSWhFFed/LGVMJI2Odmh6bu7RiC8uzdurx+1Q1pAgMB
AAGjggIZMIICFTAdBgNVHQ4EFgQUrtrYegaYgRdONGelbTYhUbP6YDAwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMjQ4OC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEB5N9ADAP
BAIAAjAJAwcAIAEGfBtwMA0GCSqGSIb3DQEBCwUAA4IBAQA4GK8+os6BmI4cuW8q
32fxYAZx6xvW3/ADMzJ42taIRic/Zobgr+nP7vQ25umkuj85c0NiK+00ZblrlX9d
PCSFZ7L6Y/POrZ5woBLJpDhQBb9w/McZTzds4Axdn4dGmJfQat45Cu0QRmL8MRKm
N3KdmN9rIHxqYDPcqM22LW2Azq7PpUE8VuMYTsL1UB4jVG8CkHBSzf987q1DrxRm
dEjXoRyrqVnOerI86oNgKgBOgvLbJhXlAQSk42YQup6Wd0oIK2J4JrzAXQ8vv1Fw
N+yZNt+8nHU4Tpu9WaiSkDWKhlE1ZvbV/j5TZph5luEYgU9kvPhslRbYQ44VN/vI
/Ykr
-----END CERTIFICATE-----