Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          J+W6X96Ap3rnYTpJkXJoj2zgVgKvpv3d5tElbEYi2LI=
Subject key identifier:   7C:1F:A8:C8:F6:29:AC:FA:D7:2D:70:28:14:B4:5B:EE:3B:94:88:E0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1759F1FFFEA105DFE9AD186327E82A36189333F6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa
Signing time:             Wed 18 Jun 2025 08:04:55 +0000
ROA not before:           Wed 18 Jun 2025 07:59:55 +0000
ROA not after:            Wed 17 Jun 2026 08:04:55 +0000
asID:                     63023
IP address blocks:        96.62.77.0/24 maxlen: 24
                          155.117.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:59:f1:ff:fe:a1:05:df:e9:ad:18:63:27:e8:2a:36:18:93:33:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 18 07:59:55 2025 GMT
            Not After : Jun 17 08:04:55 2026 GMT
        Subject: CN=7C1FA8C8F629ACFAD72D702814B45BEE3B9488E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f2:98:92:fe:39:b0:84:11:17:0c:4b:7d:7b:
                    69:79:bd:b1:0c:d7:c8:8b:68:ed:87:1e:6a:be:4a:
                    2a:b6:77:65:85:e1:e2:39:95:04:2e:f6:95:31:4f:
                    2c:37:c6:56:d1:b4:bd:c3:28:d0:5a:ee:38:d2:d3:
                    a5:c3:7f:2a:cd:39:9b:4b:f3:3d:2f:51:0e:81:bb:
                    ff:6b:03:43:82:91:e7:a1:55:26:5f:a5:92:b4:ab:
                    9c:c1:50:71:d3:f3:23:78:72:e9:8e:4e:28:a5:c9:
                    6a:3a:23:5b:b4:8f:3a:84:67:41:97:80:09:ab:29:
                    28:db:8a:92:57:05:cf:b8:9e:47:76:82:3f:65:5e:
                    88:af:25:bc:6f:e0:b9:42:76:66:11:86:59:85:4c:
                    fb:1a:2f:ce:17:87:43:33:5b:2d:ac:66:b4:bd:e2:
                    f8:79:b1:b4:aa:b5:fc:c4:d5:a2:df:e7:74:2e:da:
                    81:25:e0:b5:38:8d:80:77:33:28:3a:5f:19:9b:c7:
                    79:ee:27:f2:85:12:9b:57:b0:b8:6a:c5:cc:b2:62:
                    d4:95:76:bd:0c:d5:e5:2d:07:5a:76:12:bb:a4:19:
                    90:1a:ee:14:cd:96:1b:3a:ec:d6:11:1c:90:87:11:
                    d5:2a:4b:57:64:ee:75:ed:6d:28:47:24:b0:cc:44:
                    ea:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:1F:A8:C8:F6:29:AC:FA:D7:2D:70:28:14:B4:5B:EE:3B:94:88:E0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.77.0/24
                  155.117.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:10:5c:d0:a6:28:06:e7:41:39:ee:8c:03:8e:18:85:f9:0c:
         5a:45:06:59:84:22:78:ab:f6:30:19:05:47:f2:11:31:2e:b9:
         f0:66:77:73:c5:af:a0:f2:13:48:66:fa:c1:0c:6f:be:2e:a2:
         3a:67:e5:79:de:d0:75:0b:22:70:c3:a5:f1:50:a7:29:08:cc:
         92:ff:88:18:17:c5:eb:3e:ea:b3:f0:01:c4:62:cc:7b:8a:76:
         b8:83:19:37:1e:8c:cf:91:eb:66:39:d2:f9:17:a2:74:d1:13:
         e8:83:79:b5:35:31:12:ea:03:a4:90:72:97:09:53:26:bd:92:
         dc:69:aa:d8:22:8d:c5:ee:25:12:6f:05:cf:53:97:b8:d1:11:
         1e:36:02:25:27:ee:f8:4f:18:36:1b:23:40:b3:80:78:8d:de:
         b7:5e:98:0d:f5:13:af:ce:a9:38:85:12:13:96:5d:60:23:53:
         9a:3e:82:35:78:ea:0c:58:32:8e:3c:0e:2f:79:09:5d:56:4c:
         26:f1:64:b7:6c:f1:e5:d0:60:89:e9:6f:5e:b1:a6:14:12:2e:
         87:e2:ed:20:4e:49:3e:5c:63:5a:ec:9b:74:da:85:2a:9f:5a:
         fa:ab:b2:10:bf:18:a1:19:89:bd:fc:e3:f5:74:f9:11:dd:b4:
         5f:d8:bc:41
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUF1nx//6hBd/prRhjJ+gqNhiTM/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MTgwNzU5NTVaFw0yNjA2MTcwODA0NTVaMDMxMTAvBgNV
BAMTKDdDMUZBOEM4RjYyOUFDRkFENzJENzAyODE0QjQ1QkVFM0I5NDg4RTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk8piS/jmwhBEXDEt9e2l5vbEM
18iLaO2HHmq+Siq2d2WF4eI5lQQu9pUxTyw3xlbRtL3DKNBa7jjS06XDfyrNOZtL
8z0vUQ6Bu/9rA0OCkeehVSZfpZK0q5zBUHHT8yN4cumOTiilyWo6I1u0jzqEZ0GX
gAmrKSjbipJXBc+4nkd2gj9lXoivJbxv4LlCdmYRhlmFTPsaL84Xh0MzWy2sZrS9
4vh5sbSqtfzE1aLf53Qu2oEl4LU4jYB3Myg6Xxmbx3nuJ/KFEptXsLhqxcyyYtSV
dr0M1eUtB1p2ErukGZAa7hTNlhs67NYRHJCHEdUqS1dk7nXtbShHJLDMROqlAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUfB+oyPYprPrXLXAoFLRb7juUiOAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPk0D
BACbdXIwDQYJKoZIhvcNAQELBQADggEBABMQXNCmKAbnQTnujAOOGIX5DFpFBlmE
Inir9jAZBUfyETEuufBmd3PFr6DyE0hm+sEMb74uojpn5Xne0HULInDDpfFQpykI
zJL/iBgXxes+6rPwAcRizHuKdriDGTcejM+R62Y50vkXonTRE+iDebU1MRLqA6SQ
cpcJUya9ktxpqtgijcXuJRJvBc9Tl7jRER42AiUn7vhPGDYbI0CzgHiN3rdemA31
E6/OqTiFEhOWXWAjU5o+gjV46gxYMo48Di95CV1WTCbxZLds8eXQYInpb16xphQS
Lofi7SBOST5cY1rsm3TahSqfWvqrshC/GKEZib384/V0+RHdtF/YvEE=
-----END CERTIFICATE-----