Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          cd1eK1XW2VUbWKXLZB3C696cwmFNYzSPt64d7x19JCI=
Subject key identifier:   AF:B8:61:55:BA:A6:18:B2:DD:94:EC:76:95:19:C7:9A:14:88:F1:F0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       463F7E1F8878C0428BE0831D38525D33948366FB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa
Signing time:             Mon 06 Oct 2025 14:23:47 +0000
ROA not before:           Mon 06 Oct 2025 14:18:47 +0000
ROA not after:            Mon 05 Oct 2026 14:23:47 +0000
asID:                     63023
IP address blocks:        96.62.77.0/24 maxlen: 24
                          143.14.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:3f:7e:1f:88:78:c0:42:8b:e0:83:1d:38:52:5d:33:94:83:66:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  6 14:18:47 2025 GMT
            Not After : Oct  5 14:23:47 2026 GMT
        Subject: CN=AFB86155BAA618B2DD94EC769519C79A1488F1F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ac:fd:3a:21:59:1b:de:e4:18:be:52:54:2f:
                    7c:d0:d1:be:a3:d0:c5:51:45:b4:79:5b:de:84:7d:
                    33:7e:af:65:c4:80:78:cc:68:ef:e5:12:9f:a8:26:
                    1e:83:44:81:e1:7d:98:0e:91:a6:2b:3f:7a:c7:91:
                    c5:c8:89:cd:52:3b:87:93:b6:22:4f:a3:2d:e1:12:
                    ba:05:ef:b4:01:d7:f4:35:84:82:aa:b2:bc:92:28:
                    e6:e8:b3:42:00:4d:1e:51:9e:82:f6:44:a9:27:c3:
                    2f:85:b1:18:f1:8c:1b:ea:f2:c0:cd:e2:e6:b0:34:
                    cb:a7:a0:d8:a6:a0:2a:bf:ce:3e:a8:6d:14:fd:c8:
                    f9:ec:4a:0d:8f:72:d5:c5:b8:2b:82:03:d9:3e:72:
                    ed:d8:18:d6:a8:1a:c6:8d:e8:6a:ab:cf:6a:fc:34:
                    03:07:18:28:46:a5:b7:cc:43:71:f0:95:61:84:02:
                    b4:d6:1c:07:60:f1:75:4b:51:41:6e:85:ad:a6:af:
                    ee:20:4e:92:e9:2f:2e:d8:55:a0:5a:16:32:1c:b0:
                    b6:5c:2d:62:49:1d:d0:16:fc:0c:fe:42:c3:b9:c6:
                    0a:48:4d:6a:4a:bb:e4:20:a2:4a:f8:a0:36:63:88:
                    fd:9d:b4:85:94:01:07:b7:ee:42:30:ed:1e:25:e4:
                    b0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B8:61:55:BA:A6:18:B2:DD:94:EC:76:95:19:C7:9A:14:88:F1:F0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.77.0/24
                  143.14.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:5e:81:08:b4:c8:97:c1:ad:31:49:f5:5e:d3:8a:9f:c2:48:
         74:37:e2:97:83:21:2f:9e:d8:c8:ad:7b:87:30:12:e1:b7:0a:
         e9:45:06:73:2a:94:d9:b7:90:9a:3e:14:77:28:51:a8:80:e7:
         5f:f7:f0:22:59:33:7c:98:60:21:b3:4d:18:8b:b6:3b:21:a8:
         ce:e8:20:db:4a:79:6d:ea:2f:73:9d:68:21:17:9d:a9:d3:4c:
         74:c0:7b:a4:6f:9e:d3:3e:2f:95:67:25:b2:d1:ad:fd:4e:16:
         d5:ad:70:31:22:d2:14:54:e2:0e:5e:ad:0b:3d:74:4e:88:02:
         9f:ac:78:ad:b6:55:e4:ce:07:46:dd:3a:3a:e7:c7:47:2d:7c:
         77:92:92:5a:cc:01:41:40:5d:c7:35:ad:fe:fa:62:46:34:99:
         3a:a4:39:a3:ad:a8:db:ef:18:3e:ce:ac:bc:ab:68:f6:e2:79:
         9d:c1:52:4f:91:d8:e7:d0:9b:e8:ce:15:fc:14:2f:aa:54:a5:
         3a:a6:bf:53:87:99:c1:4c:f9:85:0f:e2:44:9d:6f:bd:07:2a:
         30:7e:13:a8:c2:ff:ba:f3:a3:0e:50:07:57:f3:56:84:09:28:
         9d:76:78:28:52:08:32:90:dd:51:cf:dd:57:1e:10:46:15:27:
         f9:ad:b2:36
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIURj9+H4h4wEKL4IMdOFJdM5SDZvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDYxNDE4NDdaFw0yNjEwMDUxNDIzNDdaMDMxMTAvBgNV
BAMTKEFGQjg2MTU1QkFBNjE4QjJERDk0RUM3Njk1MTlDNzlBMTQ4OEYxRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmrP06IVkb3uQYvlJUL3zQ0b6j
0MVRRbR5W96EfTN+r2XEgHjMaO/lEp+oJh6DRIHhfZgOkaYrP3rHkcXIic1SO4eT
tiJPoy3hEroF77QB1/Q1hIKqsrySKObos0IATR5RnoL2RKknwy+FsRjxjBvq8sDN
4uawNMunoNimoCq/zj6obRT9yPnsSg2PctXFuCuCA9k+cu3YGNaoGsaN6Gqrz2r8
NAMHGChGpbfMQ3HwlWGEArTWHAdg8XVLUUFuha2mr+4gTpLpLy7YVaBaFjIcsLZc
LWJJHdAW/Az+QsO5xgpITWpKu+Qgokr4oDZjiP2dtIWUAQe37kIw7R4l5LCrAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUr7hhVbqmGLLdlOx2lRnHmhSI8fAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPk0D
BACPDkMwDQYJKoZIhvcNAQELBQADggEBAENegQi0yJfBrTFJ9V7Tip/CSHQ34peD
IS+e2Mite4cwEuG3CulFBnMqlNm3kJo+FHcoUaiA51/38CJZM3yYYCGzTRiLtjsh
qM7oINtKeW3qL3OdaCEXnanTTHTAe6RvntM+L5VnJbLRrf1OFtWtcDEi0hRU4g5e
rQs9dE6IAp+seK22VeTOB0bdOjrnx0ctfHeSklrMAUFAXcc1rf76YkY0mTqkOaOt
qNvvGD7OrLyraPbieZ3BUk+R2OfQm+jOFfwUL6pUpTqmv1OHmcFM+YUP4kSdb70H
KjB+E6jC/7rzow5QB1fzVoQJKJ12eChSCDKQ3VHP3VceEEYVJ/mtsjY=
-----END CERTIFICATE-----