Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          Sn98cPyV+Ungxn7rm7WBgX75BpCVcXARN3xk1iPdEm0=
Subject key identifier:   80:A4:D2:63:B9:A4:DC:1D:5E:40:8D:EA:53:6E:4C:3D:48:18:54:88
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4565BA8AA759949D201D632EC8A8016B198DCF95
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa
Signing time:             Wed 30 Jul 2025 08:57:06 +0000
ROA not before:           Wed 30 Jul 2025 08:52:06 +0000
ROA not after:            Wed 29 Jul 2026 08:57:06 +0000
asID:                     63023
IP address blocks:        96.62.77.0/24 maxlen: 24
                          143.14.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:65:ba:8a:a7:59:94:9d:20:1d:63:2e:c8:a8:01:6b:19:8d:cf:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 30 08:52:06 2025 GMT
            Not After : Jul 29 08:57:06 2026 GMT
        Subject: CN=80A4D263B9A4DC1D5E408DEA536E4C3D48185488
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fb:7d:52:14:9b:dd:ca:bc:08:8e:2b:f5:d2:
                    79:0f:8e:ba:a5:7f:d3:62:94:3f:47:9a:a6:cc:66:
                    e7:54:4f:a6:ad:ff:d5:8d:39:73:32:cc:6e:25:86:
                    e0:fb:84:06:16:e5:3b:73:fb:51:67:06:2b:af:68:
                    7a:fb:64:57:4f:13:61:f1:00:9b:76:ed:ca:ea:1e:
                    31:05:30:2c:01:50:6d:9f:e5:71:a6:12:74:41:bc:
                    fd:f6:4c:73:31:9c:02:1f:e9:de:d7:3b:98:2a:ea:
                    00:f8:6a:2a:85:16:d5:9a:d5:0a:ed:9c:8c:34:f4:
                    79:4d:82:47:c2:47:75:6b:5b:68:72:0e:39:d5:f3:
                    cd:de:13:1b:87:18:95:56:17:46:5d:e4:d9:1d:ba:
                    c3:1d:c0:3d:ba:86:fa:db:63:62:dc:12:9c:96:89:
                    a8:a7:b5:5f:f4:01:4a:41:54:2b:e2:89:23:7b:d8:
                    5d:0e:ed:c2:42:c2:07:53:96:2e:39:12:fe:0e:49:
                    71:bf:7b:d9:86:cc:6d:71:36:51:ab:92:a6:b0:ec:
                    af:38:1b:f4:19:d2:0f:91:74:6a:01:57:8b:42:36:
                    f7:ea:42:93:ad:34:c1:6b:82:1d:4c:e1:c9:b7:24:
                    4a:3c:e8:24:a2:2b:a6:4e:93:a2:3d:6f:d6:1d:d9:
                    28:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A4:D2:63:B9:A4:DC:1D:5E:40:8D:EA:53:6E:4C:3D:48:18:54:88
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.77.0/24
                  143.14.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:ba:79:a8:24:e3:e3:96:6e:54:fe:89:42:e5:08:bb:87:25:
         db:f7:ca:ae:45:ec:34:76:93:05:6e:0e:d8:7a:78:cc:e4:8c:
         df:c3:82:c0:31:30:ef:42:c5:48:18:df:74:b1:a9:8d:48:54:
         63:e5:29:6c:d0:1a:6d:2c:14:6b:63:9c:78:72:29:8a:74:02:
         54:87:54:08:34:92:91:fe:10:21:b2:b5:eb:60:e3:cf:5f:ff:
         01:32:72:1c:34:bc:b9:70:f9:1f:51:16:54:97:1e:23:17:a9:
         df:bf:58:3f:33:e4:89:80:ac:fb:2d:59:a4:e4:ce:5f:dd:7d:
         56:f5:3e:7b:0d:a5:4f:4a:51:0e:b4:97:0c:d9:af:91:bb:a7:
         b9:c1:95:1e:e1:85:bb:ca:4c:d7:d8:6d:3e:02:f5:e9:e2:25:
         12:fe:bd:6b:b3:5e:26:b0:9d:21:fc:10:9e:93:51:23:4d:42:
         89:d6:c0:33:6b:db:b0:60:74:9c:85:00:04:43:67:06:9f:eb:
         84:9a:94:96:7a:ba:93:c4:c4:f4:be:3a:3f:26:9c:8c:d7:b1:
         ce:08:3d:c4:01:9e:06:b5:22:6c:4b:7e:c5:65:ba:fe:87:5f:
         da:75:06:90:78:31:ba:8c:b0:03:21:6c:bf:fd:97:2c:ce:f9:
         79:97:13:4e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIURWW6iqdZlJ0gHWMuyKgBaxmNz5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MzAwODUyMDZaFw0yNjA3MjkwODU3MDZaMDMxMTAvBgNV
BAMTKDgwQTREMjYzQjlBNERDMUQ1RTQwOERFQTUzNkU0QzNENDgxODU0ODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa+31SFJvdyrwIjiv10nkPjrql
f9NilD9HmqbMZudUT6at/9WNOXMyzG4lhuD7hAYW5Ttz+1FnBiuvaHr7ZFdPE2Hx
AJt27crqHjEFMCwBUG2f5XGmEnRBvP32THMxnAIf6d7XO5gq6gD4aiqFFtWa1Qrt
nIw09HlNgkfCR3VrW2hyDjnV883eExuHGJVWF0Zd5NkdusMdwD26hvrbY2LcEpyW
iaintV/0AUpBVCviiSN72F0O7cJCwgdTli45Ev4OSXG/e9mGzG1xNlGrkqaw7K84
G/QZ0g+RdGoBV4tCNvfqQpOtNMFrgh1M4cm3JEo86CSiK6ZOk6I9b9Yd2ShrAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUgKTSY7mk3B1eQI3qU25MPUgYVIgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPk0D
BACPDq4wDQYJKoZIhvcNAQELBQADggEBAKS6eagk4+OWblT+iULlCLuHJdv3yq5F
7DR2kwVuDth6eMzkjN/DgsAxMO9CxUgY33SxqY1IVGPlKWzQGm0sFGtjnHhyKYp0
AlSHVAg0kpH+ECGytetg489f/wEychw0vLlw+R9RFlSXHiMXqd+/WD8z5ImArPst
WaTkzl/dfVb1PnsNpU9KUQ60lwzZr5G7p7nBlR7hhbvKTNfYbT4C9eniJRL+vWuz
XiawnSH8EJ6TUSNNQonWwDNr27BgdJyFAARDZwaf64SalJZ6upPExPS+Oj8mnIzX
sc4IPcQBnga1ImxLfsVluv6HX9p1BpB4MbqMsAMhbL/9lyzO+XmXE04=
-----END CERTIFICATE-----