Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          gZkXve0ZvMmvmPc0lRLlwDjM4OF6Yw3VEEHVh+S4aAY=
Subject key identifier:   A3:BF:0B:CD:FA:BC:2B:8E:20:B0:5B:AB:89:A3:7B:B7:C8:7B:A2:95
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       FC651AC736E2F44057A4D24F6B593170FE01E6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48678.roa
Signing time:             Thu 19 Feb 2026 16:01:43 +0000
ROA not before:           Thu 19 Feb 2026 15:56:43 +0000
ROA not after:            Thu 18 Feb 2027 16:01:43 +0000
asID:                     48678
IP address blocks:        185.158.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            fc:65:1a:c7:36:e2:f4:40:57:a4:d2:4f:6b:59:31:70:fe:01:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 19 15:56:43 2026 GMT
            Not After : Feb 18 16:01:43 2027 GMT
        Subject: CN=A3BF0BCDFABC2B8E20B05BAB89A37BB7C87BA295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:68:c0:1d:09:c5:aa:c1:69:3d:34:bf:f4:f9:
                    43:b9:a9:79:fd:99:4a:2f:e9:6f:55:aa:64:db:05:
                    60:91:6b:ba:b5:33:04:3f:f4:0a:9f:44:03:23:18:
                    82:de:42:5b:f2:ec:d0:27:aa:ac:23:4b:f5:fc:65:
                    b6:61:a9:e3:c0:2d:01:ad:0c:87:5c:41:38:1e:fa:
                    39:bc:e3:b1:97:36:9b:bc:f4:6e:d7:8d:48:bd:3f:
                    2d:d1:46:02:27:7b:b8:29:ef:26:f2:ea:b5:34:c1:
                    fd:2b:3d:30:c5:e0:5d:74:71:60:63:bc:ef:84:0e:
                    f3:18:ca:64:b2:6e:a3:2b:f2:d1:46:dc:2d:25:2a:
                    5f:d0:a1:ae:42:88:8f:11:91:ab:7a:32:b4:70:3c:
                    75:d4:22:b1:b5:aa:0e:1b:b9:01:46:82:e5:f4:1a:
                    db:48:9d:a4:b1:bd:50:5d:04:4e:df:aa:ed:ca:13:
                    50:1c:7b:dd:0d:8c:54:a5:a3:2d:7a:20:cd:87:3a:
                    62:f6:ea:8a:6d:57:a1:ce:3e:15:bd:8a:b2:ba:b1:
                    ad:3e:71:24:f4:f1:4a:f7:aa:94:1d:bc:94:76:37:
                    89:9f:d1:59:45:8c:53:b8:99:2c:e7:ac:74:bd:a7:
                    83:68:1c:a8:63:c9:19:cf:7c:67:15:2c:52:f7:a9:
                    31:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:BF:0B:CD:FA:BC:2B:8E:20:B0:5B:AB:89:A3:7B:B7:C8:7B:A2:95
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b2:64:82:76:22:aa:6d:11:23:2f:e1:e0:44:ea:11:e8:2d:
         f7:8c:db:19:05:56:51:5b:73:29:74:a6:88:e1:7f:30:08:d7:
         29:5d:0d:da:6f:bf:3b:94:fa:5c:d1:e4:7e:60:be:ea:76:a5:
         4d:51:6e:63:48:e7:23:27:f4:a1:fe:fe:34:70:67:21:f0:3e:
         de:a7:4e:96:90:8e:b2:13:28:d4:21:85:b5:a1:ae:6b:fc:0e:
         fe:0d:6c:25:bc:95:74:a1:47:ac:4e:f2:9d:9b:b0:8a:f1:b6:
         cf:bf:cf:df:10:8d:26:a4:b4:7c:e5:fc:89:36:fd:80:40:2e:
         56:cb:82:80:70:55:16:af:59:1c:45:ed:a4:0f:5d:27:72:5b:
         bf:a1:19:52:67:2e:98:e6:90:cd:54:7a:c4:cd:d4:7b:27:dc:
         fd:d3:73:2a:5f:5c:81:f0:c2:29:b3:e8:3a:e5:61:75:e8:f4:
         13:a9:63:51:45:af:cd:d6:85:14:00:1d:7a:d4:03:c8:82:30:
         79:fe:9f:78:97:20:96:c4:a6:3c:6e:66:5a:3f:e2:5e:09:90:
         c9:5c:c2:59:6a:39:32:25:ab:99:b3:5d:47:a4:5d:c5:9d:6f:
         71:81:51:24:6e:60:44:29:ed:fc:f2:18:0c:34:62:93:2c:56:
         7a:ee:d2:fb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAPxlGsc24vRAV6TST2tZMXD+AeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTkxNTU2NDNaFw0yNzAyMTgxNjAxNDNaMDMxMTAvBgNV
BAMTKEEzQkYwQkNERkFCQzJCOEUyMEIwNUJBQjg5QTM3QkI3Qzg3QkEyOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZaMAdCcWqwWk9NL/0+UO5qXn9
mUov6W9VqmTbBWCRa7q1MwQ/9AqfRAMjGILeQlvy7NAnqqwjS/X8ZbZhqePALQGt
DIdcQTge+jm847GXNpu89G7XjUi9Py3RRgIne7gp7yby6rU0wf0rPTDF4F10cWBj
vO+EDvMYymSybqMr8tFG3C0lKl/Qoa5CiI8Rkat6MrRwPHXUIrG1qg4buQFGguX0
GttInaSxvVBdBE7fqu3KE1Ace90NjFSloy16IM2HOmL26optV6HOPhW9irK6sa0+
cST08Ur3qpQdvJR2N4mf0VlFjFO4mSznrHS9p4NoHKhjyRnPfGcVLFL3qTHtAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUo78Lzfq8K44gsFuriaN7t8h7opUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5npcw
DQYJKoZIhvcNAQELBQADggEBAHGyZIJ2IqptESMv4eBE6hHoLfeM2xkFVlFbcyl0
pojhfzAI1yldDdpvvzuU+lzR5H5gvup2pU1RbmNI5yMn9KH+/jRwZyHwPt6nTpaQ
jrITKNQhhbWhrmv8Dv4NbCW8lXShR6xO8p2bsIrxts+/z98QjSaktHzl/Ik2/YBA
LlbLgoBwVRavWRxF7aQPXSdyW7+hGVJnLpjmkM1UesTN1Hsn3P3TcypfXIHwwimz
6DrlYXXo9BOpY1FFr83WhRQAHXrUA8iCMHn+n3iXIJbEpjxuZlo/4l4JkMlcwllq
OTIlq5mzXUekXcWdb3GBUSRuYEQp7fzyGAw0YpMsVnru0vs=
-----END CERTIFICATE-----