Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          SLkDd4fGkGbKjvtcWeuC0WD8rUswsvqFyvNoZ5mS4Tk=
Subject key identifier:   A5:E8:CB:38:81:AC:2F:B3:DD:BE:2D:72:E0:AC:68:A5:BC:D4:EC:31
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       642557A5281725AA4D999EB9B3818801D59499CA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63023.roa
Signing time:             Fri 27 Feb 2026 18:38:26 +0000
ROA not before:           Fri 27 Feb 2026 18:33:26 +0000
ROA not after:            Fri 26 Feb 2027 18:38:26 +0000
asID:                     63023
IP address blocks:        82.22.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:25:57:a5:28:17:25:aa:4d:99:9e:b9:b3:81:88:01:d5:94:99:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 27 18:33:26 2026 GMT
            Not After : Feb 26 18:38:26 2027 GMT
        Subject: CN=A5E8CB3881AC2FB3DDBE2D72E0AC68A5BCD4EC31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:57:b6:ed:b8:1f:0f:1e:8b:af:a4:be:df:15:
                    70:ff:14:d1:68:d6:2b:2e:99:89:76:ba:1c:c1:15:
                    5f:8d:da:4d:a6:11:1f:28:52:22:75:73:69:3a:64:
                    e8:86:1b:07:94:36:ed:c5:19:8c:5a:13:dc:c2:af:
                    a2:40:cb:02:72:d6:6b:92:74:ae:80:0f:bc:0c:21:
                    bd:7f:48:af:24:da:6c:b5:2c:05:90:c1:a0:22:46:
                    3b:b6:27:4b:40:6c:e7:fd:09:90:42:05:9b:06:7e:
                    1a:c7:cc:8f:76:55:e6:34:87:eb:85:4d:27:a2:ca:
                    1f:8e:2e:33:e6:2b:79:fc:74:32:cd:63:a7:9f:32:
                    7e:03:96:dc:87:42:22:e9:b9:cd:73:4b:7b:15:53:
                    cb:18:24:6e:87:c7:9b:ec:df:45:bd:0e:65:6b:d4:
                    c6:b6:98:78:19:28:9e:ec:23:06:e4:d2:bd:85:ab:
                    42:60:a5:14:cf:08:f8:be:1e:f1:54:7a:4e:96:97:
                    0e:9c:ac:41:2a:d7:cf:0c:be:c6:d9:d2:97:59:2b:
                    9c:e0:30:24:9b:be:60:57:83:ce:03:c6:04:3e:29:
                    60:bf:d1:60:af:31:f3:bc:69:2c:cc:95:cc:58:69:
                    ed:8c:d1:74:e3:c9:6f:8d:fa:1a:67:5b:40:9e:17:
                    ca:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:E8:CB:38:81:AC:2F:B3:DD:BE:2D:72:E0:AC:68:A5:BC:D4:EC:31
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:6b:90:d7:b4:cc:60:5d:27:68:8f:4d:2d:21:37:0d:8e:cd:
         e9:11:69:b9:cd:97:06:3b:7f:0d:64:d5:b6:2b:b0:fc:2b:c3:
         98:b7:ef:ee:fd:88:81:02:0c:57:93:84:aa:a0:d9:9d:f0:cf:
         a6:64:14:0f:59:ed:db:48:9f:bd:79:80:bd:58:71:81:a9:d6:
         d1:0e:89:a5:2d:b8:fe:e1:0c:51:65:91:c6:5a:fa:b7:9c:91:
         90:ba:df:5b:00:20:1a:19:50:0d:ff:dd:02:74:80:f3:43:6d:
         fd:e9:07:05:bf:62:77:67:f9:87:15:cd:ef:6e:23:50:d0:5d:
         3f:7b:20:95:2b:37:9b:15:c0:25:53:01:c2:2e:96:c6:66:4f:
         ea:8e:20:e3:04:c9:59:19:ec:49:0e:3e:dd:36:3e:ba:aa:22:
         99:a1:d9:af:6a:5d:69:cb:bb:0b:26:f9:7d:9a:32:16:f4:2a:
         ea:de:56:d3:e3:ad:71:3c:9b:8a:84:33:a5:3a:84:6e:c5:2d:
         5a:88:65:e3:8a:b4:1a:5a:1b:d7:27:9c:8d:5a:98:d4:ca:79:
         c7:cb:1b:00:86:e9:a5:d4:df:4b:f7:a0:62:9b:92:60:27:4f:
         3d:4c:73:15:a2:0f:ff:43:49:b4:1e:a4:b3:10:af:ac:81:6d:
         a8:34:ff:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZCVXpSgXJapNmZ65s4GIAdWUmcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMjcxODMzMjZaFw0yNzAyMjYxODM4MjZaMDMxMTAvBgNV
BAMTKEE1RThDQjM4ODFBQzJGQjNEREJFMkQ3MkUwQUM2OEE1QkNENEVDMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2V7btuB8PHouvpL7fFXD/FNFo
1isumYl2uhzBFV+N2k2mER8oUiJ1c2k6ZOiGGweUNu3FGYxaE9zCr6JAywJy1muS
dK6AD7wMIb1/SK8k2my1LAWQwaAiRju2J0tAbOf9CZBCBZsGfhrHzI92VeY0h+uF
TSeiyh+OLjPmK3n8dDLNY6efMn4DltyHQiLpuc1zS3sVU8sYJG6Hx5vs30W9DmVr
1Ma2mHgZKJ7sIwbk0r2Fq0JgpRTPCPi+HvFUek6Wlw6crEEq188MvsbZ0pdZK5zg
MCSbvmBXg84DxgQ+KWC/0WCvMfO8aSzMlcxYae2M0XTjyW+N+hpnW0CeF8rFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUpejLOIGsL7Pdvi1y4KxopbzU7DEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFhUw
DQYJKoZIhvcNAQELBQADggEBAJNrkNe0zGBdJ2iPTS0hNw2OzekRabnNlwY7fw1k
1bYrsPwrw5i37+79iIECDFeThKqg2Z3wz6ZkFA9Z7dtIn715gL1YcYGp1tEOiaUt
uP7hDFFlkcZa+reckZC631sAIBoZUA3/3QJ0gPNDbf3pBwW/Yndn+YcVze9uI1DQ
XT97IJUrN5sVwCVTAcIulsZmT+qOIOMEyVkZ7EkOPt02PrqqIpmh2a9qXWnLuwsm
+X2aMhb0KureVtPjrXE8m4qEM6U6hG7FLVqIZeOKtBpaG9cnnI1amNTKecfLGwCG
6aXU30v3oGKbkmAnTz1McxWiD/9DSbQepLMQr6yBbag0/7E=
-----END CERTIFICATE-----