Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63902.roa
File:                     AS63902.roa (raw, json)
Hash identifier:          FnG8UdBTA0X2hQXgmDrfJ+zsCtEItTEruhy+Q5XjJM4=
Subject key identifier:   3E:95:F7:E5:42:3C:20:5B:90:94:F1:BF:8C:41:A3:C0:9D:94:60:C1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7EC9D71FB6D64F3D96AB65C297C3E3E214B571EE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63902.roa
Signing time:             Tue 14 Oct 2025 10:36:29 +0000
ROA not before:           Tue 14 Oct 2025 10:31:29 +0000
ROA not after:            Tue 13 Oct 2026 10:36:29 +0000
asID:                     63902
IP address blocks:        96.62.222.0/24 maxlen: 24
                          155.117.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:c9:d7:1f:b6:d6:4f:3d:96:ab:65:c2:97:c3:e3:e2:14:b5:71:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 14 10:31:29 2025 GMT
            Not After : Oct 13 10:36:29 2026 GMT
        Subject: CN=3E95F7E5423C205B9094F1BF8C41A3C09D9460C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c2:2c:1f:88:4f:e6:7b:6e:a7:66:70:80:fa:
                    c4:b0:35:bf:a4:ae:9c:6b:95:f9:b1:85:1e:de:45:
                    7c:ec:fe:e4:1c:71:f1:0e:49:2f:4f:b9:75:6a:88:
                    b1:53:ca:48:78:f8:6b:8a:da:8c:87:e0:d6:77:d4:
                    c5:aa:bb:12:e7:c2:88:89:6b:f0:52:31:48:1b:2a:
                    88:40:3e:90:a6:4d:0e:e0:39:84:77:3d:98:ec:53:
                    bd:f2:0c:cd:a2:f9:67:96:29:08:1c:57:a3:68:be:
                    01:ff:1e:27:02:f9:c0:5a:a8:b5:60:20:e5:40:26:
                    e9:38:93:a0:f0:48:ac:31:ce:57:cf:e5:c8:4f:22:
                    7d:7d:36:1d:3e:d9:28:5b:c8:e4:65:b6:8f:4c:f3:
                    01:d6:f6:19:5c:5e:f1:eb:13:39:d0:6e:0f:c3:41:
                    3a:3f:9a:e3:e4:9c:46:ec:44:4e:0e:50:ae:09:ae:
                    fa:14:a1:3d:0c:54:58:7f:1a:29:96:61:f5:5f:60:
                    a2:af:ee:a4:48:1c:2a:8e:6d:5f:a8:d4:31:5f:ea:
                    72:15:fd:3c:36:3d:51:ff:7e:a4:53:42:82:5f:f3:
                    5b:46:91:06:9e:f7:a4:85:17:8d:2c:95:47:5d:f0:
                    48:bc:1b:28:04:8c:70:b4:ef:76:8c:e9:63:63:8d:
                    6f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:95:F7:E5:42:3C:20:5B:90:94:F1:BF:8C:41:A3:C0:9D:94:60:C1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63902.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.222.0/24
                  155.117.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:ce:2d:f8:00:59:b9:37:f1:c1:9f:c2:e8:ae:2a:0c:14:11:
         d5:5b:37:65:ac:7d:9b:fc:ac:c3:2f:15:bb:6d:e2:c0:f6:0c:
         55:d6:e6:91:10:fa:2c:df:e9:dd:a0:f1:e4:f6:46:76:47:41:
         bf:80:2f:4d:f4:4e:2e:94:26:c9:33:54:61:a5:91:a8:41:9b:
         e7:cf:b9:7e:49:e2:f1:5c:61:34:b8:49:bb:f4:da:a5:e7:2c:
         ba:95:35:aa:dc:9e:f7:96:2d:33:9e:dc:9f:b2:94:de:e5:5e:
         97:a4:32:d7:5c:66:e6:e8:83:b6:50:d5:68:fc:d8:14:9b:06:
         6f:98:1d:80:f3:84:b7:be:27:27:92:44:d2:71:b2:d8:15:63:
         73:7b:9d:a1:fe:be:08:c3:c0:a7:79:78:d3:b4:23:4f:f7:ad:
         c4:ae:f5:d6:b3:5f:65:37:19:3a:99:fe:5f:5d:0f:e4:10:0a:
         17:b4:a6:47:0e:9c:39:71:d3:de:88:56:1f:f0:41:db:9e:c9:
         80:e9:22:4d:53:6d:c5:f7:9a:81:2b:38:ff:c5:15:f4:70:56:
         08:6e:2a:46:16:c2:35:8e:86:39:ac:a0:fd:42:7b:24:ce:3d:
         0f:be:95:68:c3:d5:69:08:09:2a:d8:f9:02:09:bb:3d:50:cc:
         86:a2:04:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfsnXH7bWTz2Wq2XCl8Pj4hS1ce4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTQxMDMxMjlaFw0yNjEwMTMxMDM2MjlaMDMxMTAvBgNV
BAMTKDNFOTVGN0U1NDIzQzIwNUI5MDk0RjFCRjhDNDFBM0MwOUQ5NDYwQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdwiwfiE/me26nZnCA+sSwNb+k
rpxrlfmxhR7eRXzs/uQccfEOSS9PuXVqiLFTykh4+GuK2oyH4NZ31MWquxLnwoiJ
a/BSMUgbKohAPpCmTQ7gOYR3PZjsU73yDM2i+WeWKQgcV6NovgH/HicC+cBaqLVg
IOVAJuk4k6DwSKwxzlfP5chPIn19Nh0+2ShbyORlto9M8wHW9hlcXvHrEznQbg/D
QTo/muPknEbsRE4OUK4JrvoUoT0MVFh/GimWYfVfYKKv7qRIHCqObV+o1DFf6nIV
/Tw2PVH/fqRTQoJf81tGkQae96SFF40slUdd8Ei8GygEjHC073aM6WNjjW9JAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUPpX35UI8IFuQlPG/jEGjwJ2UYMEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjM5MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPt4D
BACbdQ8wDQYJKoZIhvcNAQELBQADggEBAI3OLfgAWbk38cGfwuiuKgwUEdVbN2Ws
fZv8rMMvFbtt4sD2DFXW5pEQ+izf6d2g8eT2RnZHQb+AL030Ti6UJskzVGGlkahB
m+fPuX5J4vFcYTS4Sbv02qXnLLqVNarcnveWLTOe3J+ylN7lXpekMtdcZubog7ZQ
1Wj82BSbBm+YHYDzhLe+JyeSRNJxstgVY3N7naH+vgjDwKd5eNO0I0/3rcSu9daz
X2U3GTqZ/l9dD+QQChe0pkcOnDlx096IVh/wQdueyYDpIk1TbcX3moErOP/FFfRw
VghuKkYWwjWOhjmsoP1CeyTOPQ++lWjD1WkICSrY+QIJuz1QzIaiBB0=
-----END CERTIFICATE-----