Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          +x+37rh5Ogx2HEUegHzWYnT3zVB8T1soGmftKdWqdrM=
Subject key identifier:   C0:A1:99:B3:4E:2E:DC:E5:71:80:F8:D5:C0:5A:99:31:53:77:E3:89
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       20571319DD34B1D778C93618761931360053FC72
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63023.roa
Signing time:             Thu 23 Oct 2025 02:22:11 +0000
ROA not before:           Thu 23 Oct 2025 02:17:11 +0000
ROA not after:            Thu 22 Oct 2026 02:22:11 +0000
asID:                     63023
IP address blocks:        82.22.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 09:53:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:57:13:19:dd:34:b1:d7:78:c9:36:18:76:19:31:36:00:53:fc:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 23 02:17:11 2025 GMT
            Not After : Oct 22 02:22:11 2026 GMT
        Subject: CN=C0A199B34E2EDCE57180F8D5C05A99315377E389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:eb:c8:2f:97:03:bb:98:24:31:cd:06:20:38:
                    ca:07:3e:03:5f:3f:97:74:eb:7d:15:f9:e4:7a:8c:
                    35:e4:90:02:3d:7d:ee:9c:a7:76:eb:06:63:e3:1d:
                    ea:c6:75:ed:e5:d7:a9:95:36:62:a5:b3:98:93:0a:
                    f3:d5:f3:88:a9:5d:cb:f8:d2:20:6b:66:20:e8:e4:
                    fd:8d:f7:74:ad:ea:33:be:b7:7a:e4:f4:d0:d4:ea:
                    0d:1f:8a:46:56:66:17:86:32:95:79:20:6f:d0:8d:
                    ec:4e:74:0d:6e:89:97:5e:a2:ae:84:25:ba:4f:4a:
                    4a:49:2c:28:6b:f9:ba:c6:ad:dd:36:d8:06:f0:b8:
                    20:17:7e:b6:f5:c3:8a:d5:c5:04:61:46:f6:8a:b9:
                    4d:88:db:d2:eb:6c:d3:a9:e5:d7:47:ce:b1:0d:d3:
                    9a:7e:95:6e:04:e8:d1:74:b5:46:d2:8b:e8:49:2b:
                    ef:4d:b0:d9:db:60:93:a5:38:43:de:00:f8:e0:77:
                    d9:53:69:3b:24:af:a4:b9:82:19:94:66:1f:e8:23:
                    23:cb:1b:2f:20:ea:3f:41:33:6b:cc:9a:22:e4:16:
                    cb:89:ee:b3:8d:ad:5c:e0:45:3e:54:59:65:1a:af:
                    33:1f:f7:a4:6c:bd:cf:dc:25:9d:64:92:f7:b9:ea:
                    1e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:A1:99:B3:4E:2E:DC:E5:71:80:F8:D5:C0:5A:99:31:53:77:E3:89
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:8d:56:4a:5d:ca:db:b4:9a:10:64:4d:ea:e4:0b:b3:0f:57:
         ae:42:62:6d:ed:20:d8:da:a7:47:4a:93:e8:7e:a6:c8:f3:e9:
         a6:a1:ac:56:8a:1c:34:27:67:03:59:65:17:53:52:63:99:08:
         d2:08:96:3c:fb:92:64:f5:0c:e2:4f:55:20:73:60:3d:85:67:
         81:07:95:1f:cb:a1:0c:7b:d4:24:90:11:9b:3c:f9:3a:6a:e1:
         20:d3:7f:90:bb:a2:d8:a9:00:43:c1:90:cc:82:7a:35:ce:58:
         4c:61:42:d4:d4:cd:44:0d:b6:9b:a8:e1:3c:9d:bc:3c:54:50:
         25:90:02:07:fa:9a:5e:72:8a:a3:cb:55:dd:d7:7a:06:db:d8:
         2b:61:9a:2c:41:3b:d4:35:25:64:38:e2:32:f3:69:13:32:1f:
         8a:0e:b9:7f:3a:ed:a8:d5:92:bb:ef:25:0b:a9:ec:7e:61:e4:
         61:f2:11:59:c9:3a:65:16:77:66:2e:bb:61:b6:e2:45:e4:3c:
         60:36:6c:84:84:b5:51:d2:b6:8a:56:20:f4:2e:68:c0:10:1c:
         26:37:e7:bb:cc:c6:8f:84:73:3a:ef:06:da:3c:a1:87:83:38:
         5a:37:da:8d:e0:7f:7c:6c:0f:09:75:21:52:bf:6e:e0:29:45:
         fd:10:a2:07
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUIFcTGd00sdd4yTYYdhkxNgBT/HIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjMwMjE3MTFaFw0yNjEwMjIwMjIyMTFaMDMxMTAvBgNV
BAMTKEMwQTE5OUIzNEUyRURDRTU3MTgwRjhENUMwNUE5OTMxNTM3N0UzODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJ68gvlwO7mCQxzQYgOMoHPgNf
P5d0630V+eR6jDXkkAI9fe6cp3brBmPjHerGde3l16mVNmKls5iTCvPV84ipXcv4
0iBrZiDo5P2N93St6jO+t3rk9NDU6g0fikZWZheGMpV5IG/QjexOdA1uiZdeoq6E
JbpPSkpJLChr+brGrd022AbwuCAXfrb1w4rVxQRhRvaKuU2I29LrbNOp5ddHzrEN
05p+lW4E6NF0tUbSi+hJK+9NsNnbYJOlOEPeAPjgd9lTaTskr6S5ghmUZh/oIyPL
Gy8g6j9BM2vMmiLkFsuJ7rONrVzgRT5UWWUarzMf96Rsvc/cJZ1kkve56h5FAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwKGZs04u3OVxgPjVwFqZMVN344kwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFhUw
DQYJKoZIhvcNAQELBQADggEBAEWNVkpdytu0mhBkTerkC7MPV65CYm3tINjap0dK
k+h+psjz6aahrFaKHDQnZwNZZRdTUmOZCNIIljz7kmT1DOJPVSBzYD2FZ4EHlR/L
oQx71CSQEZs8+Tpq4SDTf5C7otipAEPBkMyCejXOWExhQtTUzUQNtpuo4TydvDxU
UCWQAgf6ml5yiqPLVd3Xegbb2CthmixBO9Q1JWQ44jLzaRMyH4oOuX867ajVkrvv
JQup7H5h5GHyEVnJOmUWd2Yuu2G24kXkPGA2bISEtVHStopWIPQuaMAQHCY357vM
xo+EczrvBto8oYeDOFo32o3gf3xsDwl1IVK/buApRf0Qogc=
-----END CERTIFICATE-----