Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63440.roa
File:                     AS63440.roa (raw, json)
Hash identifier:          3axjWbOa4Y2M2AlxY4ALItKxymYEUDFsnuInslnzAqQ=
Subject key identifier:   D3:64:CC:E3:26:B8:1C:5C:57:10:D0:AF:BA:F0:61:21:46:79:36:8B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7695D6B36A4723067414215BD1529E71FB0F91DD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63440.roa
Signing time:             Thu 26 Jun 2025 19:54:11 +0000
ROA not before:           Thu 26 Jun 2025 19:49:11 +0000
ROA not after:            Thu 25 Jun 2026 19:54:11 +0000
asID:                     63440
IP address blocks:        146.103.12.0/24 maxlen: 24
                          146.103.13.0/24 maxlen: 24
                          146.103.14.0/24 maxlen: 24
                          146.103.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:95:d6:b3:6a:47:23:06:74:14:21:5b:d1:52:9e:71:fb:0f:91:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 26 19:49:11 2025 GMT
            Not After : Jun 25 19:54:11 2026 GMT
        Subject: CN=D364CCE326B81C5C5710D0AFBAF061214679368B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2f:44:0f:c3:66:02:13:b2:c0:6d:78:b0:d5:
                    fa:19:5e:ab:7b:1a:44:bf:82:7b:6e:7d:b5:eb:91:
                    0c:e3:d2:1e:7f:94:d6:41:bc:c8:0d:b3:bc:15:13:
                    44:0e:58:cb:dd:45:5a:e4:5a:a5:e0:98:01:da:5f:
                    ac:6e:7a:17:09:f4:c2:ea:df:6e:2c:73:60:6f:6f:
                    4e:9c:bb:7b:01:de:22:62:4e:ee:10:eb:67:69:29:
                    4e:ab:d6:37:c7:7f:90:dd:42:56:bd:e4:77:ed:7e:
                    d3:8f:48:89:fb:c5:b4:1e:34:5e:65:76:87:58:b2:
                    37:30:52:e8:df:4a:5a:ed:a1:63:84:12:d8:b6:20:
                    3f:8a:e8:44:bf:3f:84:0d:31:55:7d:30:9e:1e:18:
                    13:f5:b7:03:af:e6:43:eb:bf:d5:2d:49:18:ce:87:
                    83:19:81:d8:c0:12:e4:64:4b:28:e5:bf:4b:32:42:
                    78:4e:77:bb:71:7a:89:9b:44:96:b7:e1:2a:92:10:
                    f3:a1:cd:6b:26:68:b8:8b:f3:87:2f:6c:d4:aa:b1:
                    15:65:6a:b6:fe:79:65:23:03:41:cc:c4:8f:8c:2a:
                    cf:13:0c:ca:17:e4:ed:94:68:ee:7c:46:88:60:4e:
                    f1:f0:e9:be:8d:98:9c:ef:2f:cc:fe:d3:13:57:35:
                    7e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:64:CC:E3:26:B8:1C:5C:57:10:D0:AF:BA:F0:61:21:46:79:36:8B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:8d:97:4d:53:e8:fa:27:d5:29:06:c6:de:e8:88:0e:54:3f:
         4b:d4:ba:31:40:12:6d:f0:35:ec:ba:3f:86:2e:1f:1c:d9:49:
         45:66:5f:bd:d5:b2:3b:3d:8a:66:76:3a:ca:31:d3:85:46:6f:
         c3:bc:13:43:c4:8b:88:d5:4a:ab:61:3c:0a:30:0d:e9:5a:49:
         14:a2:a5:37:04:1d:b1:f0:50:98:3b:50:75:45:6b:ab:7b:7b:
         c3:2c:c3:80:d2:63:11:7e:04:67:25:b3:6b:50:31:ee:71:8f:
         40:5c:d8:0b:96:80:50:b5:b5:54:09:4c:58:23:68:be:58:07:
         67:dd:83:59:f8:c8:d0:7d:54:c8:ce:d3:21:41:b7:83:d7:68:
         47:76:0a:12:29:bb:cf:2f:54:25:0f:ac:7a:c7:fa:47:71:6b:
         d2:8c:a1:37:70:98:09:fb:ff:22:e2:b0:ab:8b:5e:4b:f5:f6:
         e2:28:90:9f:f9:02:d1:d2:0b:96:43:01:29:9a:fa:4e:56:b3:
         7d:bb:ba:d4:58:6b:0f:17:d8:c6:28:96:27:f9:82:35:86:33:
         46:8c:73:67:a6:21:56:76:35:20:ee:20:cb:eb:05:ff:82:b2:
         8a:9d:e9:2a:a5:cd:d3:9e:53:84:b5:4d:08:28:94:cd:c6:bf:
         e1:d8:66:64
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdpXWs2pHIwZ0FCFb0VKecfsPkd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjYxOTQ5MTFaFw0yNjA2MjUxOTU0MTFaMDMxMTAvBgNV
BAMTKEQzNjRDQ0UzMjZCODFDNUM1NzEwRDBBRkJBRjA2MTIxNDY3OTM2OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsL0QPw2YCE7LAbXiw1foZXqt7
GkS/gntufbXrkQzj0h5/lNZBvMgNs7wVE0QOWMvdRVrkWqXgmAHaX6xuehcJ9MLq
324sc2Bvb06cu3sB3iJiTu4Q62dpKU6r1jfHf5DdQla95HftftOPSIn7xbQeNF5l
dodYsjcwUujfSlrtoWOEEti2ID+K6ES/P4QNMVV9MJ4eGBP1twOv5kPrv9UtSRjO
h4MZgdjAEuRkSyjlv0syQnhOd7txeombRJa34SqSEPOhzWsmaLiL84cvbNSqsRVl
arb+eWUjA0HMxI+MKs8TDMoX5O2UaO58RohgTvHw6b6NmJzvL8z+0xNXNX4XAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU02TM4ya4HFxXENCvuvBhIUZ5NoswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjM0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKSZwww
DQYJKoZIhvcNAQELBQADggEBADmNl01T6Pon1SkGxt7oiA5UP0vUujFAEm3wNey6
P4YuHxzZSUVmX73Vsjs9imZ2Osox04VGb8O8E0PEi4jVSqthPAowDelaSRSipTcE
HbHwUJg7UHVFa6t7e8Msw4DSYxF+BGcls2tQMe5xj0Bc2AuWgFC1tVQJTFgjaL5Y
B2fdg1n4yNB9VMjO0yFBt4PXaEd2ChIpu88vVCUPrHrH+kdxa9KMoTdwmAn7/yLi
sKuLXkv19uIokJ/5AtHSC5ZDASma+k5Ws327utRYaw8X2MYolif5gjWGM0aMc2em
IVZ2NSDuIMvrBf+Csoqd6SqlzdOeU4S1TQgolM3Gv+HYZmQ=
-----END CERTIFICATE-----