Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          XlXVSKTomO0vvp0gCqFNKJg43Ch+N0Hz5HbW6TTKVN0=
Subject key identifier:   4E:A9:0C:65:77:3D:E7:57:6A:A3:98:39:85:3B:09:84:EE:4F:D6:12
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       79AA39CC1097D966EB87B65F6DC5A5B8BBC30F30
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS48678.roa
Signing time:             Fri 31 Oct 2025 06:55:12 +0000
ROA not before:           Fri 31 Oct 2025 06:50:12 +0000
ROA not after:            Fri 30 Oct 2026 06:55:12 +0000
asID:                     48678
IP address blocks:        2a13:9500:102::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 09:53:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:aa:39:cc:10:97:d9:66:eb:87:b6:5f:6d:c5:a5:b8:bb:c3:0f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 31 06:50:12 2025 GMT
            Not After : Oct 30 06:55:12 2026 GMT
        Subject: CN=4EA90C65773DE7576AA39839853B0984EE4FD612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9a:39:ed:be:94:52:f9:ac:aa:71:78:43:c8:
                    b3:6c:78:d4:b8:31:4c:bd:1b:39:b6:2c:f1:e1:e3:
                    81:34:eb:39:89:91:fa:70:26:0c:e2:2d:04:c6:93:
                    e4:76:72:9a:0b:64:b0:40:f9:f4:f3:a9:b7:b4:99:
                    5c:c0:82:33:a7:d9:05:c6:1e:95:63:19:5f:03:be:
                    e1:67:dc:60:c6:cf:5d:f7:9d:35:12:92:3d:c0:14:
                    81:ec:b8:49:eb:84:63:39:21:47:df:e5:40:ac:c7:
                    c9:38:a1:f8:68:35:90:24:a9:af:b2:55:3c:09:77:
                    d8:7f:10:85:68:93:51:e8:e4:52:14:e8:8a:19:86:
                    cf:e4:30:28:49:39:82:ca:d0:7f:db:49:00:38:b1:
                    b3:82:92:a8:0b:2e:95:88:8e:20:c0:d6:b6:2f:1d:
                    10:ec:30:70:62:a5:1c:2b:0e:18:fa:2a:7b:72:c8:
                    e2:d9:16:3c:7e:08:07:d9:d3:22:e4:c6:9e:1f:42:
                    25:15:c8:97:cf:ce:70:f4:f9:21:86:5b:02:fb:47:
                    9c:07:34:cb:10:e7:c7:29:85:4e:39:74:f0:a9:0c:
                    e8:06:49:ec:03:53:ec:7c:59:95:6c:de:f3:77:6b:
                    4a:36:48:6d:4f:d8:18:2d:94:d7:2b:bc:48:9d:b5:
                    b9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:A9:0C:65:77:3D:E7:57:6A:A3:98:39:85:3B:09:84:EE:4F:D6:12
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:102::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:db:f3:3b:c2:cd:20:83:cc:97:55:4d:f5:b8:32:da:1b:92:
         70:4d:a3:f0:24:a1:10:34:64:6e:fd:8d:ce:a5:18:a0:8b:41:
         50:a9:a3:4a:26:1e:35:fd:85:7c:17:00:b6:74:f3:6a:05:b6:
         c3:1b:86:b9:c7:c3:ff:93:a7:50:99:d8:3a:5d:e6:24:55:d1:
         eb:47:cf:a4:0f:69:20:73:6d:95:48:00:00:bf:d8:b7:20:79:
         a2:34:89:2b:43:de:91:eb:58:eb:1d:1e:15:28:95:00:eb:23:
         c8:49:46:67:cf:f6:b2:85:ef:90:08:25:84:11:85:59:f0:6c:
         2a:54:40:29:97:c2:aa:24:f1:64:49:04:72:8b:26:5f:67:75:
         46:c6:56:e1:b9:d2:54:d0:9f:9d:03:45:a7:aa:81:f5:c9:dd:
         bd:f5:cb:a2:c2:80:85:2f:59:c8:a5:48:50:58:cc:d6:92:c1:
         9c:8b:9e:18:76:f2:39:5e:7a:90:33:9b:70:b7:f6:ed:e5:f5:
         0c:a4:40:ef:1f:8f:b9:bf:f7:3e:e1:96:5f:6f:49:18:e0:12:
         c1:1a:e4:bf:48:d7:86:40:12:ad:d9:01:43:a1:5c:53:cf:72:
         01:dd:c9:30:e1:37:af:3c:4f:41:a1:ec:85:3a:3a:da:32:b9:
         e9:93:0a:d6
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUeao5zBCX2Wbrh7ZfbcWluLvDDzAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMzEwNjUwMTJaFw0yNjEwMzAwNjU1MTJaMDMxMTAvBgNV
BAMTKDRFQTkwQzY1NzczREU3NTc2QUEzOTgzOTg1M0IwOTg0RUU0RkQ2MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRmjntvpRS+ayqcXhDyLNseNS4
MUy9Gzm2LPHh44E06zmJkfpwJgziLQTGk+R2cpoLZLBA+fTzqbe0mVzAgjOn2QXG
HpVjGV8DvuFn3GDGz133nTUSkj3AFIHsuEnrhGM5IUff5UCsx8k4ofhoNZAkqa+y
VTwJd9h/EIVok1Ho5FIU6IoZhs/kMChJOYLK0H/bSQA4sbOCkqgLLpWIjiDA1rYv
HRDsMHBipRwrDhj6KntyyOLZFjx+CAfZ0yLkxp4fQiUVyJfPznD0+SGGWwL7R5wH
NMsQ58cphU45dPCpDOgGSewDU+x8WZVs3vN3a0o2SG1P2BgtlNcrvEidtblDAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUTqkMZXc951dqo5g5hTsJhO5P1hIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDg2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AQIwDQYJKoZIhvcNAQELBQADggEBAEfb8zvCzSCDzJdVTfW4MtobknBNo/AkoRA0
ZG79jc6lGKCLQVCpo0omHjX9hXwXALZ082oFtsMbhrnHw/+Tp1CZ2Dpd5iRV0etH
z6QPaSBzbZVIAAC/2LcgeaI0iStD3pHrWOsdHhUolQDrI8hJRmfP9rKF75AIJYQR
hVnwbCpUQCmXwqok8WRJBHKLJl9ndUbGVuG50lTQn50DRaeqgfXJ3b31y6LCgIUv
WcilSFBYzNaSwZyLnhh28jleepAzm3C39u3l9QykQO8fj7m/9z7hll9vSRjgEsEa
5L9I14ZAEq3ZAUOhXFPPcgHdyTDhN688T0Gh7IU6OtoyuemTCtY=
-----END CERTIFICATE-----