Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63473.roa
File:                     AS63473.roa (raw, json)
Hash identifier:          VK6phfEa3oXkNFJRhPW98KBT4XJfcdaH1Idw/XrVwgg=
Subject key identifier:   DA:6F:04:7E:1E:EB:E5:5F:2E:0E:9B:FA:7A:44:17:31:DC:B5:D2:5E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       15D6D84A24FBA7C7F7E3A0D7371B7ACD11890AC6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63473.roa
Signing time:             Wed 11 Jun 2025 03:51:00 +0000
ROA not before:           Wed 11 Jun 2025 03:46:00 +0000
ROA not after:            Wed 10 Jun 2026 03:51:00 +0000
asID:                     63473
IP address blocks:        82.24.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:d6:d8:4a:24:fb:a7:c7:f7:e3:a0:d7:37:1b:7a:cd:11:89:0a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 11 03:46:00 2025 GMT
            Not After : Jun 10 03:51:00 2026 GMT
        Subject: CN=DA6F047E1EEBE55F2E0E9BFA7A441731DCB5D25E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:0c:0e:8c:3e:df:cd:81:cf:dd:bc:c3:4b:37:
                    e8:fc:59:70:cf:d3:bd:f8:47:ff:0d:75:4a:92:54:
                    98:98:d5:61:b4:d9:cb:9b:62:89:fa:0f:fe:95:b6:
                    da:bc:52:7b:0a:c4:21:56:42:b6:cf:d8:d0:6d:b3:
                    cd:84:2e:62:c6:99:88:53:64:72:98:bb:53:9a:b9:
                    eb:04:bb:b3:25:5c:d1:88:39:b0:df:58:85:3b:c8:
                    96:f9:85:d7:3e:a1:fe:53:62:f1:15:11:75:ba:f9:
                    a1:00:e3:85:7e:91:3e:0b:d3:12:03:52:1c:fc:1a:
                    9f:a8:f1:f4:17:57:5f:35:dc:0c:ae:98:c3:1f:55:
                    20:58:e6:fa:1a:db:47:63:43:bc:3e:01:c9:7b:85:
                    26:35:a2:56:62:c7:a6:10:08:70:da:e2:41:1b:2b:
                    ef:b3:f4:e0:fd:ee:be:0d:7b:14:9c:2a:eb:40:38:
                    f8:4b:fb:1d:8b:3d:5c:ae:4f:8e:cb:7a:9c:3c:39:
                    f4:58:26:51:9d:cb:53:29:a5:48:bd:a4:6a:60:38:
                    20:de:64:34:d6:ed:53:70:55:68:15:9f:33:46:c4:
                    d0:47:ae:d3:17:4f:c5:49:11:2c:25:e3:7f:fa:92:
                    71:38:f5:b6:a4:07:56:e7:6b:fb:59:61:ae:6b:80:
                    8b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:6F:04:7E:1E:EB:E5:5F:2E:0E:9B:FA:7A:44:17:31:DC:B5:D2:5E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ea:17:d8:ae:73:f9:3c:d7:30:4b:ee:7a:97:0e:fb:84:02:
         df:ee:03:b0:fb:e1:66:ac:e7:75:0e:c7:93:69:f6:70:b3:50:
         d0:09:9b:76:1e:0e:b0:9a:ef:af:2b:06:7d:06:35:42:ba:87:
         6c:fd:0b:be:cf:51:68:6f:52:ab:8a:f4:82:a8:bd:57:9c:29:
         7e:ab:68:24:4b:27:3c:9f:04:17:92:a9:6b:ec:a3:0d:92:68:
         dc:cb:53:a3:67:62:b4:de:59:2c:e8:90:dc:50:06:38:b7:a1:
         e3:56:bc:9e:f8:ba:04:ae:b2:91:b3:55:65:12:6c:68:65:07:
         7d:7c:12:d4:8e:5e:b0:24:0b:07:39:3d:87:04:2c:fc:67:d3:
         20:b5:97:56:90:7f:fb:3e:50:ce:53:f0:4e:ca:6b:b4:72:cb:
         ba:0e:57:1a:b3:41:5e:0f:83:35:68:2e:71:bc:c6:d3:c7:02:
         42:53:8e:6d:ab:e0:4c:20:cc:ee:5c:f4:83:ca:db:35:39:41:
         67:03:ba:18:b4:15:46:c1:a0:a8:fd:b3:dc:9e:31:cf:41:f3:
         0a:82:65:af:a6:d8:ff:25:0c:15:6d:ad:79:4b:89:2a:f4:f4:
         1b:d9:06:6c:fe:6e:c0:cc:b9:dd:20:ce:f1:64:a2:88:a5:08:
         79:0b:73:80
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFdbYSiT7p8f346DXNxt6zRGJCsYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTEwMzQ2MDBaFw0yNjA2MTAwMzUxMDBaMDMxMTAvBgNV
BAMTKERBNkYwNDdFMUVFQkU1NUYyRTBFOUJGQTdBNDQxNzMxRENCNUQyNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDDA6MPt/Ngc/dvMNLN+j8WXDP
0734R/8NdUqSVJiY1WG02cubYon6D/6Vttq8UnsKxCFWQrbP2NBts82ELmLGmYhT
ZHKYu1OauesEu7MlXNGIObDfWIU7yJb5hdc+of5TYvEVEXW6+aEA44V+kT4L0xID
Uhz8Gp+o8fQXV1813AyumMMfVSBY5voa20djQ7w+Acl7hSY1olZix6YQCHDa4kEb
K++z9OD97r4NexScKutAOPhL+x2LPVyuT47Lepw8OfRYJlGdy1MppUi9pGpgOCDe
ZDTW7VNwVWgVnzNGxNBHrtMXT8VJESwl43/6knE49bakB1bna/tZYa5rgIsLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU2m8Efh7r5V8uDpv6ekQXMdy10l4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNjM0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGDkw
DQYJKoZIhvcNAQELBQADggEBAHTqF9iuc/k81zBL7nqXDvuEAt/uA7D74Was53UO
x5Np9nCzUNAJm3YeDrCa768rBn0GNUK6h2z9C77PUWhvUquK9IKovVecKX6raCRL
JzyfBBeSqWvsow2SaNzLU6NnYrTeWSzokNxQBji3oeNWvJ74ugSuspGzVWUSbGhl
B318EtSOXrAkCwc5PYcELPxn0yC1l1aQf/s+UM5T8E7Ka7Ryy7oOVxqzQV4PgzVo
LnG8xtPHAkJTjm2r4EwgzO5c9IPK2zU5QWcDuhi0FUbBoKj9s9yeMc9B8wqCZa+m
2P8lDBVtrXlLiSr09BvZBmz+bsDMud0gzvFkooilCHkLc4A=
-----END CERTIFICATE-----