Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS48266.roa
File:                     AS48266.roa (raw, json)
Hash identifier:          IVO5z1EjNgCvMvAqzkbahhRDQyMjzradfcmNYeE0mlM=
Subject key identifier:   E3:6F:8F:8A:5E:E4:EF:28:3E:29:E0:1A:39:D7:4F:FE:C0:CA:E5:F1
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       13332CD0C751FA73FE423EFDED9A5A249C6C5A82
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS48266.roa
Signing time:             Tue 22 Apr 2025 00:00:46 +0000
ROA not before:           Mon 21 Apr 2025 23:55:46 +0000
ROA not after:            Tue 21 Apr 2026 00:00:46 +0000
asID:                     48266
IP address blocks:        91.124.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:33:2c:d0:c7:51:fa:73:fe:42:3e:fd:ed:9a:5a:24:9c:6c:5a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 21 23:55:46 2025 GMT
            Not After : Apr 21 00:00:46 2026 GMT
        Subject: CN=E36F8F8A5EE4EF283E29E01A39D74FFEC0CAE5F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c1:00:bb:7b:2c:ee:1d:fe:73:96:2c:3b:ef:
                    9e:9c:cb:c9:32:8c:cc:04:42:b5:43:9d:0f:16:ea:
                    d6:e7:47:57:e8:99:ee:5b:fd:d9:38:dd:63:7d:82:
                    d5:77:91:3e:01:f6:a9:90:bd:a4:bb:a4:52:7d:ec:
                    2f:b5:53:98:19:bd:77:0a:54:3f:b0:44:e6:77:64:
                    3e:5a:cc:a2:88:89:48:ea:1c:9e:78:3a:17:78:e2:
                    cc:ce:fb:6d:32:62:b6:2c:bc:32:68:15:0d:be:43:
                    5d:2f:20:2a:47:17:63:97:7e:72:95:85:cc:e5:6a:
                    62:f8:90:b9:5a:76:b3:c1:ef:c5:07:04:6c:b5:4b:
                    bf:92:55:b4:3e:47:a0:d5:49:2e:89:4b:aa:3c:65:
                    17:78:58:dd:65:1e:56:9a:2a:a1:1f:e7:1b:8e:db:
                    ef:52:2e:66:64:32:ce:d9:48:7e:64:47:32:0d:e5:
                    30:9c:cf:75:a1:3b:85:ca:fc:3e:0f:93:2e:1f:fe:
                    46:ae:f1:38:e5:c3:bc:07:1d:37:5f:39:24:fd:ed:
                    f8:21:c5:da:95:4e:2c:63:0f:85:5f:f4:16:e9:f8:
                    08:ff:99:46:4f:d5:ad:47:4b:5c:a9:51:7b:be:bc:
                    14:a6:b1:2f:bb:e9:0a:71:5b:80:a7:28:e2:e0:84:
                    6f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:6F:8F:8A:5E:E4:EF:28:3E:29:E0:1A:39:D7:4F:FE:C0:CA:E5:F1
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS48266.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:85:58:e2:bd:aa:aa:8f:f3:04:ce:8b:78:44:90:6c:36:f6:
         ba:2c:1b:c4:8a:52:29:2d:da:e8:48:9c:35:fb:a7:37:df:3c:
         89:37:fe:39:a6:31:95:a2:33:fc:d1:5a:c9:11:de:6d:e3:4c:
         db:64:b4:9f:d7:17:3f:b7:bd:90:71:56:2b:cd:e0:13:91:63:
         ae:01:c2:84:c9:72:89:34:c9:2e:f8:77:9f:00:6f:cd:11:12:
         0f:5a:38:37:20:0a:09:da:2a:68:27:8d:63:91:99:d0:a4:e3:
         77:5e:a3:fc:29:15:05:da:28:a3:af:b2:b5:64:dc:51:8d:d1:
         28:a7:e4:a0:aa:20:e2:a4:b3:37:58:49:bb:be:ea:38:7a:47:
         bb:f6:12:29:6c:11:5c:03:7e:2c:41:2c:ab:a6:03:d1:9c:00:
         06:60:25:d9:69:7d:df:68:1a:04:2b:19:16:93:74:df:ea:bd:
         96:67:75:a7:0a:24:47:e6:52:a8:d9:e7:55:83:68:24:dc:3d:
         c4:17:74:ff:e9:07:f4:f3:24:9d:02:c7:03:97:8e:77:4a:b2:
         4d:62:8e:fe:a8:8b:05:b4:fb:73:80:6c:6f:03:e0:be:32:21:
         39:36:6f:14:35:91:b7:30:2f:b1:f2:a7:03:f1:0e:0a:76:bf:
         d0:b0:0a:de
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEzMs0MdR+nP+Qj797ZpaJJxsWoIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MjEyMzU1NDZaFw0yNjA0MjEwMDAwNDZaMDMxMTAvBgNV
BAMTKEUzNkY4RjhBNUVFNEVGMjgzRTI5RTAxQTM5RDc0RkZFQzBDQUU1RjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOwQC7eyzuHf5zliw7756cy8ky
jMwEQrVDnQ8W6tbnR1fome5b/dk43WN9gtV3kT4B9qmQvaS7pFJ97C+1U5gZvXcK
VD+wROZ3ZD5azKKIiUjqHJ54Ohd44szO+20yYrYsvDJoFQ2+Q10vICpHF2OXfnKV
hczlamL4kLladrPB78UHBGy1S7+SVbQ+R6DVSS6JS6o8ZRd4WN1lHlaaKqEf5xuO
2+9SLmZkMs7ZSH5kRzIN5TCcz3WhO4XK/D4Pky4f/kau8Tjlw7wHHTdfOST97fgh
xdqVTixjD4Vf9Bbp+Aj/mUZP1a1HS1ypUXu+vBSmsS+76QpxW4CnKOLghG+FAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU42+Pil7k7yg+KeAaOddP/sDK5fEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDgyNjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfAYw
DQYJKoZIhvcNAQELBQADggEBAFiFWOK9qqqP8wTOi3hEkGw29rosG8SKUikt2uhI
nDX7pzffPIk3/jmmMZWiM/zRWskR3m3jTNtktJ/XFz+3vZBxVivN4BORY64BwoTJ
cok0yS74d58Ab80REg9aODcgCgnaKmgnjWORmdCk43deo/wpFQXaKKOvsrVk3FGN
0Sin5KCqIOKkszdYSbu+6jh6R7v2EilsEVwDfixBLKumA9GcAAZgJdlpfd9oGgQr
GRaTdN/qvZZndacKJEfmUqjZ51WDaCTcPcQXdP/pB/TzJJ0CxwOXjndKsk1ijv6o
iwW0+3OAbG8D4L4yITk2bxQ1kbcwL7HypwPxDgp2v9CwCt4=
-----END CERTIFICATE-----