Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          YCBMN8xvw4meL94o86Gqojl7cESTNTBtGad520mhikI=
Subject key identifier:   AA:81:56:20:35:C5:9F:5F:B5:6E:C3:35:76:AD:12:E3:A2:1D:9D:0B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7CA65E31AE25CA28E03E119A4EE732CD80730D50
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS63023.roa
Signing time:             Sat 30 Mar 2024 19:05:14 +0000
ROA not before:           Sat 30 Mar 2024 19:00:14 +0000
ROA not after:            Sat 29 Mar 2025 19:05:14 +0000
asID:                     63023
IP address blocks:        45.146.82.0/24 maxlen: 24
                          45.158.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:a6:5e:31:ae:25:ca:28:e0:3e:11:9a:4e:e7:32:cd:80:73:0d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 30 19:00:14 2024 GMT
            Not After : Mar 29 19:05:14 2025 GMT
        Subject: CN=AA81562035C59F5FB56EC33576AD12E3A21D9D0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4d:03:de:b1:49:99:84:66:bd:d6:b3:52:6c:
                    f1:bc:b3:75:da:5f:06:89:67:73:54:82:df:7a:16:
                    c0:7f:cf:be:c6:cc:06:23:b1:3f:0c:42:76:ba:63:
                    f1:5a:27:95:de:55:12:ac:7c:01:8d:64:b4:7d:7a:
                    1c:d1:d8:55:11:6f:f4:43:ac:ba:91:fb:68:e2:0f:
                    53:97:0a:af:a0:6b:64:28:c9:06:0a:38:b5:c8:00:
                    3f:f2:8d:23:f3:41:6b:4c:d7:18:b9:06:5b:bc:63:
                    35:e6:b7:9d:8d:08:77:8c:2b:d9:0e:57:4c:a9:c2:
                    58:75:02:f2:36:24:4b:4f:ab:60:50:09:22:ac:78:
                    62:ec:03:91:81:0f:12:c9:ed:ae:59:31:fc:47:c5:
                    34:1b:b3:92:56:7e:07:0c:90:79:a0:57:c5:5d:b9:
                    50:8a:d7:33:16:58:d0:ea:07:85:1a:ff:3f:15:7c:
                    ee:22:25:5a:39:6a:a1:4e:71:c0:67:67:8c:18:1c:
                    b3:1a:17:3a:6d:87:03:ce:dd:fd:05:35:24:f9:1e:
                    b8:a6:8b:94:d0:bf:37:fd:b9:26:c1:74:81:d1:c9:
                    b0:28:d7:03:30:a5:20:d3:6b:bc:a6:78:d9:6e:3e:
                    7e:8c:dc:d8:d2:42:f1:f9:33:b0:2b:8c:36:20:f0:
                    d4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:81:56:20:35:C5:9F:5F:B5:6E:C3:35:76:AD:12:E3:A2:1D:9D:0B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.82.0/24
                  45.158.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:16:55:fe:49:3b:9c:41:6f:cf:35:20:8a:b5:ce:d8:d0:16:
         9a:4f:2f:e4:17:37:42:83:86:4c:58:c6:95:5f:0f:8f:72:a8:
         d2:e2:a3:eb:5a:bc:ca:dc:64:72:ba:f3:5b:66:2f:71:01:f4:
         c8:f7:fc:0a:ed:45:1b:30:07:bf:16:2a:56:6e:ba:d7:d4:ad:
         a6:50:55:a8:50:6f:3f:96:3e:e2:18:bf:ea:29:8d:b5:44:c3:
         27:70:91:ad:d9:3f:45:1f:4b:3b:97:9f:d9:2e:e9:12:70:49:
         92:26:08:4e:02:c4:bc:18:4c:29:77:25:12:2f:2b:52:ad:2a:
         e7:20:92:1c:9c:35:e7:b6:44:3e:1d:b1:82:b9:4f:0d:05:e5:
         e2:a8:59:03:90:60:cc:db:41:e0:03:4c:bc:f2:c3:db:9a:9d:
         17:a4:e7:82:42:3b:a8:c2:be:eb:c9:dd:f0:c4:a6:6f:4b:c6:
         79:d4:df:d2:75:1b:43:9d:57:cd:00:f0:e1:47:97:58:83:9b:
         5b:47:e3:29:5f:ff:73:a9:65:a6:0e:4d:36:6a:44:03:63:84:
         be:7b:b4:50:6f:84:aa:22:b3:17:47:39:61:d8:62:ea:2b:43:
         32:0a:fe:61:44:75:f6:2f:24:ac:3f:0e:c9:e0:8c:b7:50:12:
         e4:3c:8b:13
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfKZeMa4lyijgPhGaTucyzYBzDVAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAzMzAxOTAwMTRaFw0yNTAzMjkxOTA1MTRaMDMxMTAvBgNV
BAMTKEFBODE1NjIwMzVDNTlGNUZCNTZFQzMzNTc2QUQxMkUzQTIxRDlEMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4TQPesUmZhGa91rNSbPG8s3Xa
XwaJZ3NUgt96FsB/z77GzAYjsT8MQna6Y/FaJ5XeVRKsfAGNZLR9ehzR2FURb/RD
rLqR+2jiD1OXCq+ga2QoyQYKOLXIAD/yjSPzQWtM1xi5Blu8YzXmt52NCHeMK9kO
V0ypwlh1AvI2JEtPq2BQCSKseGLsA5GBDxLJ7a5ZMfxHxTQbs5JWfgcMkHmgV8Vd
uVCK1zMWWNDqB4Ua/z8VfO4iJVo5aqFOccBnZ4wYHLMaFzpthwPO3f0FNST5Hrim
i5TQvzf9uSbBdIHRybAo1wMwpSDTa7ymeNluPn6M3NjSQvH5M7ArjDYg8NSDAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUqoFWIDXFn1+1bsM1dq0S46IdnQswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtklID
BAAtngswDQYJKoZIhvcNAQELBQADggEBAEkWVf5JO5xBb881IIq1ztjQFppPL+QX
N0KDhkxYxpVfD49yqNLio+tavMrcZHK681tmL3EB9Mj3/ArtRRswB78WKlZuutfU
raZQVahQbz+WPuIYv+opjbVEwydwka3ZP0UfSzuXn9ku6RJwSZImCE4CxLwYTCl3
JRIvK1KtKucgkhycNee2RD4dsYK5Tw0F5eKoWQOQYMzbQeADTLzyw9uanRek54JC
O6jCvuvJ3fDEpm9LxnnU39J1G0OdV80A8OFHl1iDm1tH4ylf/3OpZaYOTTZqRANj
hL57tFBvhKoisxdHOWHYYuorQzIK/mFEdfYvJKw/DsngjLdQEuQ8ixM=
-----END CERTIFICATE-----