Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          R0F0oYFE9IMGKVUGExzPNm3yNcP1lsAOFlWVENqJJHU=
Subject key identifier:   5B:D3:B1:A9:F7:61:D5:2C:12:FD:B5:A8:BD:42:31:2C:11:28:9C:3D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1E208C4D1DA345CE26C4D0F4B60FEFAAF7D5AA0A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63199.roa
Signing time:             Tue 05 May 2026 13:59:28 +0000
ROA not before:           Tue 05 May 2026 13:54:28 +0000
ROA not after:            Tue 04 May 2027 13:59:28 +0000
asID:                     63199
IP address blocks:        96.62.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:20:8c:4d:1d:a3:45:ce:26:c4:d0:f4:b6:0f:ef:aa:f7:d5:aa:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  5 13:54:28 2026 GMT
            Not After : May  4 13:59:28 2027 GMT
        Subject: CN=5BD3B1A9F761D52C12FDB5A8BD42312C11289C3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:11:bf:70:fe:a6:67:0e:8d:50:17:6c:97:ee:
                    a4:6f:7b:ab:e9:ce:9c:85:7d:40:62:7e:f0:bb:a4:
                    ab:d5:0a:ed:85:14:97:d6:49:1f:4f:ba:24:94:b0:
                    65:e8:a3:de:84:ff:32:4b:cf:d4:8d:06:20:52:70:
                    8e:27:14:dc:2e:3a:da:18:00:c6:22:46:50:83:0f:
                    9d:59:78:53:81:c0:8e:af:2b:9d:6b:d9:75:fb:b8:
                    4c:82:41:8a:4b:b4:6b:5f:ad:89:f3:23:50:c5:e7:
                    87:45:7d:ec:8b:d8:eb:67:81:ac:f3:f7:7f:e5:ef:
                    d6:0c:fe:b2:0c:09:e4:61:d1:7d:49:2e:ca:ae:e6:
                    3b:6d:46:e7:0d:a0:2f:9c:2a:fc:bf:83:a7:af:af:
                    5c:d2:87:bc:87:07:ce:76:4c:4a:bc:f5:71:4b:d4:
                    2b:a8:d8:c1:a6:b2:a2:76:b9:08:fa:11:02:b4:28:
                    75:87:b4:33:ea:bd:1b:f5:2e:d2:84:f2:8b:7e:27:
                    ae:a0:91:86:6c:71:c0:d2:90:c8:37:ea:aa:be:68:
                    50:3b:34:98:75:a3:8f:6a:98:6c:80:cd:5d:cf:f4:
                    d7:1a:5f:08:03:d4:fa:08:59:00:42:50:bf:cc:b9:
                    ab:ad:1f:79:f6:e1:2c:e4:47:ec:7c:5d:d6:45:5e:
                    3d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D3:B1:A9:F7:61:D5:2C:12:FD:B5:A8:BD:42:31:2C:11:28:9C:3D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:5e:72:57:8c:ee:96:0f:91:46:e0:d3:df:2a:08:59:1c:32:
         7e:62:a6:03:e3:3b:c8:f4:64:e2:c1:22:a0:ab:81:a0:45:58:
         3a:9e:d0:10:11:d9:69:40:7e:43:9f:f3:f5:5f:87:6b:39:df:
         ab:0e:cd:3e:7c:fe:d4:18:52:a3:6a:ff:fa:cb:6c:8c:a3:e3:
         91:37:81:45:8a:2e:90:f4:03:56:26:6c:83:55:58:57:d7:17:
         c1:7c:1f:b3:be:a2:8d:61:a7:1c:f3:b6:62:81:69:a5:22:9d:
         3f:a6:54:fb:4b:d8:c4:70:71:33:67:40:75:a5:df:0b:09:b8:
         f4:c7:dd:e5:52:2e:bf:7f:0b:c3:53:fd:d3:b8:46:7b:9c:48:
         a7:cb:b1:17:67:84:40:27:78:75:41:50:12:bc:39:cb:d1:e0:
         a9:e7:e4:c6:82:8a:9d:41:e9:04:5a:dd:7c:01:bc:c3:ca:9a:
         5c:bb:a6:dd:3f:ce:1b:47:f9:7c:fe:57:e2:02:4f:50:d5:52:
         bb:5d:c7:32:bd:86:c1:5a:56:ca:55:d2:27:c5:ce:44:45:49:
         fc:fb:a2:73:d7:9a:8e:e6:1d:37:e1:23:50:6a:5a:ef:12:c1:
         6a:39:9c:97:b0:9e:bf:2f:0c:4d:62:d0:15:63:fc:a5:15:fe:
         06:4f:df:48
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHiCMTR2jRc4mxND0tg/vqvfVqgowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDUxMzU0MjhaFw0yNzA1MDQxMzU5MjhaMDMxMTAvBgNV
BAMTKDVCRDNCMUE5Rjc2MUQ1MkMxMkZEQjVBOEJENDIzMTJDMTEyODlDM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcEb9w/qZnDo1QF2yX7qRve6vp
zpyFfUBifvC7pKvVCu2FFJfWSR9PuiSUsGXoo96E/zJLz9SNBiBScI4nFNwuOtoY
AMYiRlCDD51ZeFOBwI6vK51r2XX7uEyCQYpLtGtfrYnzI1DF54dFfeyL2Otngazz
93/l79YM/rIMCeRh0X1JLsqu5jttRucNoC+cKvy/g6evr1zSh7yHB852TEq89XFL
1Cuo2MGmsqJ2uQj6EQK0KHWHtDPqvRv1LtKE8ot+J66gkYZsccDSkMg36qq+aFA7
NJh1o49qmGyAzV3P9NcaXwgD1PoIWQBCUL/MuautH3n24SzkR+x8XdZFXj1hAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUW9Oxqfdh1SwS/bWovUIxLBEonD0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABgPnMw
DQYJKoZIhvcNAQELBQADggEBACtecleM7pYPkUbg098qCFkcMn5ipgPjO8j0ZOLB
IqCrgaBFWDqe0BAR2WlAfkOf8/Vfh2s536sOzT58/tQYUqNq//rLbIyj45E3gUWK
LpD0A1YmbINVWFfXF8F8H7O+oo1hpxzztmKBaaUinT+mVPtL2MRwcTNnQHWl3wsJ
uPTH3eVSLr9/C8NT/dO4RnucSKfLsRdnhEAneHVBUBK8OcvR4Knn5MaCip1B6QRa
3XwBvMPKmly7pt0/zhtH+Xz+V+ICT1DVUrtdxzK9hsFaVspV0ifFzkRFSfz7onPX
mo7mHTfhI1BqWu8SwWo5nJewnr8vDE1i0BVj/KUV/gZP30g=
-----END CERTIFICATE-----