Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          reY9WlZwBJExFmSZtlVUq+RI7gkOgGnwMQ4D0qpZAeM=
Subject key identifier:   92:82:63:E1:7F:59:07:86:04:51:86:FB:19:91:7B:5F:68:CC:EE:F7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6EE0961DA74357ADD5A6C37521A1737EBA55BBBE
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63023.roa
Signing time:             Wed 18 Jun 2025 08:04:53 +0000
ROA not before:           Wed 18 Jun 2025 07:59:53 +0000
ROA not after:            Wed 17 Jun 2026 08:04:53 +0000
asID:                     63023
IP address blocks:        143.20.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:e0:96:1d:a7:43:57:ad:d5:a6:c3:75:21:a1:73:7e:ba:55:bb:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 18 07:59:53 2025 GMT
            Not After : Jun 17 08:04:53 2026 GMT
        Subject: CN=928263E17F590786045186FB19917B5F68CCEEF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a5:28:eb:65:fd:e1:81:5e:1e:30:42:06:85:
                    af:22:cc:b7:56:be:2a:46:2a:fb:6b:2f:23:bf:a1:
                    ef:c1:b9:ab:5a:7d:95:71:63:09:ad:fb:73:ee:d2:
                    29:06:35:df:ce:fc:cd:cb:93:c0:23:89:81:2e:67:
                    0f:0e:4d:b6:db:9e:8e:e0:d2:c1:78:59:51:e4:d3:
                    fa:3c:1e:4e:49:4a:d9:fc:d6:16:a3:e8:89:19:2d:
                    92:d5:8c:3e:93:b5:16:ee:23:78:75:89:aa:eb:62:
                    65:b2:ae:64:54:46:1e:a4:b9:82:f0:35:bb:bc:ef:
                    5f:e1:3e:d1:43:f0:d3:93:90:1e:50:c8:75:55:f5:
                    24:e0:05:16:be:07:36:04:55:00:87:16:bb:13:98:
                    59:97:1b:0d:6a:b0:0f:ac:09:6a:55:ee:41:9d:96:
                    fb:d7:fd:61:ea:ba:a0:67:f0:e1:90:72:b1:b3:21:
                    7c:ca:a2:17:0a:4c:4b:62:5a:11:4d:ce:32:9e:7e:
                    38:e2:93:60:9a:f1:f8:3f:6a:34:ec:64:e2:58:6f:
                    d6:00:8b:f7:8c:3a:0e:6c:f7:61:0b:74:2a:3f:01:
                    88:6c:15:3f:d0:df:f6:a4:b6:4e:db:ff:41:89:3c:
                    27:ee:e0:05:cd:6f:3f:75:7b:a1:6e:d2:78:c0:50:
                    4c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:82:63:E1:7F:59:07:86:04:51:86:FB:19:91:7B:5F:68:CC:EE:F7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:72:89:eb:d6:b2:a4:b5:87:6d:e2:52:01:53:9c:de:34:26:
         8b:17:34:3e:ad:03:7d:36:83:6e:fd:42:aa:fb:9f:8c:eb:6c:
         b8:a8:dc:3e:53:12:4e:3b:f1:53:41:33:7a:ea:c7:92:0e:2c:
         6e:89:7f:56:ba:49:a0:7d:f9:1f:0f:bc:bf:53:16:df:09:bc:
         f4:39:72:bb:b2:ec:b4:fc:24:75:f6:e7:b2:83:5b:5a:a3:3c:
         f9:69:f2:cf:23:cc:5a:e6:8f:a7:6e:84:9d:48:1b:4a:44:0f:
         6b:c8:34:10:38:7b:32:67:c0:49:37:71:f3:40:cd:9d:63:3d:
         9c:ef:f3:11:f4:f5:bf:92:06:5f:84:07:8a:ab:e9:01:78:14:
         d3:a8:a3:81:3b:44:d7:c4:a7:87:c1:05:00:23:bd:9b:75:ca:
         12:cf:e3:9c:a7:f3:ce:2b:f2:bc:e4:5e:44:e8:87:08:61:ad:
         f7:2f:91:b3:d3:a2:58:21:fb:62:1a:da:8e:ad:0a:98:49:27:
         d1:03:8b:17:c5:3a:83:cc:1f:db:27:d7:f7:94:11:cb:f8:87:
         0b:48:ee:b5:17:53:cc:8f:ee:2f:63:34:06:34:62:ed:cc:6e:
         a4:91:38:c7:51:05:a8:84:96:9e:86:83:cd:49:7d:b4:a5:a0:
         10:bb:ae:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbuCWHadDV63VpsN1IaFzfrpVu74wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTgwNzU5NTNaFw0yNjA2MTcwODA0NTNaMDMxMTAvBgNV
BAMTKDkyODI2M0UxN0Y1OTA3ODYwNDUxODZGQjE5OTE3QjVGNjhDQ0VFRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDppSjrZf3hgV4eMEIGha8izLdW
vipGKvtrLyO/oe/BuatafZVxYwmt+3Pu0ikGNd/O/M3Lk8AjiYEuZw8OTbbbno7g
0sF4WVHk0/o8Hk5JStn81haj6IkZLZLVjD6TtRbuI3h1iarrYmWyrmRURh6kuYLw
Nbu871/hPtFD8NOTkB5QyHVV9STgBRa+BzYEVQCHFrsTmFmXGw1qsA+sCWpV7kGd
lvvX/WHquqBn8OGQcrGzIXzKohcKTEtiWhFNzjKefjjik2Ca8fg/ajTsZOJYb9YA
i/eMOg5s92ELdCo/AYhsFT/Q3/aktk7b/0GJPCfu4AXNbz91e6Fu0njAUExlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUkoJj4X9ZB4YEUYb7GZF7X2jM7vcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFGow
DQYJKoZIhvcNAQELBQADggEBAKZyievWsqS1h23iUgFTnN40JosXND6tA302g279
Qqr7n4zrbLio3D5TEk478VNBM3rqx5IOLG6Jf1a6SaB9+R8PvL9TFt8JvPQ5cruy
7LT8JHX257KDW1qjPPlp8s8jzFrmj6duhJ1IG0pED2vINBA4ezJnwEk3cfNAzZ1j
PZzv8xH09b+SBl+EB4qr6QF4FNOoo4E7RNfEp4fBBQAjvZt1yhLP45yn884r8rzk
XkTohwhhrfcvkbPTolgh+2Ia2o6tCphJJ9EDixfFOoPMH9sn1/eUEcv4hwtI7rUX
U8yP7i9jNAY0Yu3MbqSROMdRBaiElp6Gg81JfbSloBC7roc=
-----END CERTIFICATE-----