Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63473.roa
File:                     AS63473.roa (raw, json)
Hash identifier:          3p6lwDpYlpnl3xODdR3bMBfMgqSFSy0xTq202ineYQo=
Subject key identifier:   8B:F3:D3:40:D5:CC:73:AF:5F:8D:CF:F1:5E:30:B2:D5:11:F9:7E:4C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       31613878FACBFBDEED8D4BE01060BFB6BC9AAFB0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63473.roa
Signing time:             Wed 25 Mar 2026 12:11:03 +0000
ROA not before:           Wed 25 Mar 2026 12:06:03 +0000
ROA not after:            Wed 24 Mar 2027 12:11:03 +0000
asID:                     63473
IP address blocks:        181.215.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:61:38:78:fa:cb:fb:de:ed:8d:4b:e0:10:60:bf:b6:bc:9a:af:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 25 12:06:03 2026 GMT
            Not After : Mar 24 12:11:03 2027 GMT
        Subject: CN=8BF3D340D5CC73AF5F8DCFF15E30B2D511F97E4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fb:42:f6:25:26:73:71:ff:b7:5b:95:44:34:
                    89:36:7b:cb:8e:01:f1:fe:5f:11:50:4a:f6:f5:48:
                    8b:0a:b8:93:61:1c:b7:13:6b:3a:a7:b8:f1:54:41:
                    c8:4e:92:a1:28:78:e8:52:b9:70:1e:0c:f8:42:96:
                    d0:e3:02:bd:a4:2d:e2:fa:cd:90:e6:53:d3:cc:6c:
                    14:09:1f:c2:ce:b5:ed:7b:76:76:e7:43:af:a8:c3:
                    fb:53:b2:65:1b:70:e8:21:87:e6:a2:71:95:5f:44:
                    a5:9f:e0:09:61:3e:3f:8e:f8:ba:29:49:b6:f0:97:
                    d4:91:c0:22:ef:3e:27:51:b9:53:75:3a:ba:b3:69:
                    d9:7c:85:1a:15:4a:81:68:78:2e:10:da:61:98:87:
                    a9:9a:9f:05:df:66:99:65:be:52:aa:1d:47:3b:f8:
                    ae:ad:f2:1a:fd:b3:ad:4d:ef:61:7f:5e:5c:7d:0a:
                    d4:b5:fc:dd:af:bd:c3:43:b2:c5:b3:db:8e:5c:81:
                    c9:00:00:f3:d4:92:91:86:e1:eb:e5:a4:f2:8f:d2:
                    24:b9:63:f3:b6:57:b9:f8:ad:3e:19:ea:ba:20:9a:
                    74:ac:89:e0:0d:bf:60:fa:b9:17:f2:2f:09:8a:93:
                    7e:d6:7d:ec:28:42:9f:4c:a7:f7:17:c9:e9:52:b9:
                    52:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F3:D3:40:D5:CC:73:AF:5F:8D:CF:F1:5E:30:B2:D5:11:F9:7E:4C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:27:bc:57:cd:3a:44:e3:85:d5:ff:c4:95:36:ea:b9:c2:aa:
         36:ec:b2:4d:b0:a3:ff:92:bf:9f:0b:a1:eb:7a:f2:4d:d0:72:
         14:ce:e9:95:be:cc:95:cb:33:81:63:24:2f:d3:d4:df:63:00:
         9c:32:0d:e0:d1:bd:86:74:1c:c3:c8:9d:e0:a9:b5:b9:cc:4a:
         13:3b:b1:72:e6:5a:70:ca:a5:71:a3:76:a9:da:b8:12:ac:2a:
         c6:34:f0:d7:c6:5a:47:7e:8d:e0:29:bc:99:c3:41:ba:49:f7:
         5d:1e:a4:49:4d:87:51:c8:7b:0d:3a:b3:88:f2:ef:6b:5b:59:
         bc:e5:51:19:d4:08:4b:b1:0d:90:16:ff:11:10:f9:b0:4e:f0:
         39:6e:8e:ea:49:a1:59:0b:59:23:d0:96:47:6e:86:43:f1:89:
         d8:b4:84:50:79:89:e8:d2:6a:46:e7:c8:89:0e:27:19:af:cb:
         84:dd:54:cb:0f:34:e7:b8:0a:78:94:83:10:59:ac:48:0b:37:
         65:79:d8:df:81:e9:4b:40:20:1c:ee:a3:fd:db:e4:ee:68:03:
         84:fd:5c:fe:7b:ae:36:37:ac:a3:cb:48:e8:a0:c4:7b:80:3f:
         5d:e9:16:18:67:0e:b8:b9:25:9d:c0:1c:a8:fe:13:66:f8:91:
         77:2d:2f:9f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMWE4ePrL+97tjUvgEGC/tryar7AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjUxMjA2MDNaFw0yNzAzMjQxMjExMDNaMDMxMTAvBgNV
BAMTKDhCRjNEMzQwRDVDQzczQUY1RjhEQ0ZGMTVFMzBCMkQ1MTFGOTdFNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq+0L2JSZzcf+3W5VENIk2e8uO
AfH+XxFQSvb1SIsKuJNhHLcTazqnuPFUQchOkqEoeOhSuXAeDPhCltDjAr2kLeL6
zZDmU9PMbBQJH8LOte17dnbnQ6+ow/tTsmUbcOghh+aicZVfRKWf4AlhPj+O+Lop
Sbbwl9SRwCLvPidRuVN1Orqzadl8hRoVSoFoeC4Q2mGYh6manwXfZpllvlKqHUc7
+K6t8hr9s61N72F/Xlx9CtS1/N2vvcNDssWz245cgckAAPPUkpGG4evlpPKP0iS5
Y/O2V7n4rT4Z6rogmnSsieANv2D6uRfyLwmKk37WfewoQp9Mp/cXyelSuVJbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUi/PTQNXMc69fjc/xXjCy1RH5fkwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjM0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC117sw
DQYJKoZIhvcNAQELBQADggEBAAEnvFfNOkTjhdX/xJU26rnCqjbssk2wo/+Sv58L
oet68k3QchTO6ZW+zJXLM4FjJC/T1N9jAJwyDeDRvYZ0HMPIneCptbnMShM7sXLm
WnDKpXGjdqnauBKsKsY08NfGWkd+jeApvJnDQbpJ910epElNh1HIew06s4jy72tb
WbzlURnUCEuxDZAW/xEQ+bBO8DlujupJoVkLWSPQlkduhkPxidi0hFB5iejSakbn
yIkOJxmvy4TdVMsPNOe4CniUgxBZrEgLN2V52N+B6UtAIBzuo/3b5O5oA4T9XP57
rjY3rKPLSOigxHuAP13pFhhnDri5JZ3AHKj+E2b4kXctL58=
-----END CERTIFICATE-----