Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          +lKyW4mIQm1xEcOdMqyViZZvQeVRBJlcdb2h7cUqCtA=
Subject key identifier:   B9:F8:9A:D7:B4:D1:CF:94:22:D7:4E:0B:15:31:FF:7E:1F:3A:1E:9F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0CCB6741FFF0640142BA5D35E6B1EB8F5A3648F5
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS63023.roa
Signing time:             Mon 30 Jun 2025 05:58:04 +0000
ROA not before:           Mon 30 Jun 2025 05:53:04 +0000
ROA not after:            Mon 29 Jun 2026 05:58:04 +0000
asID:                     63023
IP address blocks:        141.11.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 10:45:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:cb:67:41:ff:f0:64:01:42:ba:5d:35:e6:b1:eb:8f:5a:36:48:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 30 05:53:04 2025 GMT
            Not After : Jun 29 05:58:04 2026 GMT
        Subject: CN=B9F89AD7B4D1CF9422D74E0B1531FF7E1F3A1E9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:00:3c:45:c5:72:98:9c:5b:14:72:ee:74:a7:
                    5a:72:38:0b:a7:5a:9c:29:d2:6e:db:13:44:a3:3f:
                    25:fd:dd:eb:fc:ca:2b:e8:75:c4:fd:0a:37:5f:ac:
                    13:32:9a:f7:29:0d:89:88:9b:a0:a5:88:cc:64:17:
                    89:13:c9:b3:97:ce:42:02:55:9f:c9:cb:f1:a2:95:
                    3c:c2:5e:ee:8d:d5:f9:5e:70:a7:8d:3b:90:ae:f0:
                    58:2b:fc:a6:72:52:64:b0:e1:bd:e3:15:04:c2:99:
                    b8:48:70:11:e4:ec:93:0f:89:a7:fd:68:54:b6:c0:
                    73:86:18:ec:09:1f:51:ae:e3:23:d9:7a:c7:7e:f2:
                    d9:89:64:f1:70:45:12:10:bf:e8:e3:4a:0d:c5:73:
                    12:37:34:d3:8c:87:1b:85:41:88:04:53:a0:83:14:
                    71:53:6e:2a:6c:99:a7:50:ca:70:96:87:c0:75:48:
                    01:70:1b:9f:29:87:f6:cb:5c:55:f5:64:6c:08:3f:
                    e5:20:d0:44:46:2b:21:84:67:4d:55:d4:98:15:c1:
                    57:7f:4e:7d:ed:23:92:b7:46:24:32:c5:1c:ff:27:
                    d2:3d:9f:36:42:3e:dc:af:f7:f0:d9:a7:7f:5b:0e:
                    9b:63:1b:6b:56:5b:6b:e7:6d:be:c0:bd:47:86:c2:
                    3d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F8:9A:D7:B4:D1:CF:94:22:D7:4E:0B:15:31:FF:7E:1F:3A:1E:9F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:69:5b:76:66:a7:5d:ea:dd:fd:38:5a:6b:e9:f8:f1:d3:ec:
         ed:70:c2:45:05:50:12:d2:ec:cc:33:37:06:12:53:20:34:e5:
         41:05:f9:95:53:9f:be:72:41:da:c9:9b:2d:27:85:ed:5a:39:
         76:67:a5:93:78:e5:6b:e4:aa:a4:40:df:0f:bf:cf:d7:79:03:
         56:63:66:a7:37:fa:4c:ed:a0:f7:6c:12:bc:45:8d:50:ea:e2:
         8c:59:d5:fb:12:84:fc:e1:7b:da:48:cb:c5:34:88:3f:62:5b:
         4e:48:1e:a2:3a:f2:08:81:67:95:f7:49:5a:30:51:f3:5e:dd:
         03:59:3c:c5:d6:85:2e:a3:3d:54:12:e3:cd:28:c3:c2:fa:50:
         d1:6c:d7:e8:a7:d7:30:e6:de:4c:bb:1e:96:06:67:ec:27:c1:
         86:ee:e5:fb:49:97:63:76:d6:2f:d7:0b:1b:3c:b8:57:fd:64:
         31:6e:99:cf:b8:c8:00:f5:a5:04:91:47:85:36:75:04:14:44:
         92:af:24:95:08:13:da:6b:5a:fb:9a:c8:ae:46:44:17:31:b1:
         95:69:33:9d:e5:1a:31:7e:6c:fc:c3:c9:07:43:de:1b:6f:89:
         5e:1f:69:4c:f2:24:2c:9c:3b:7a:a6:9d:f0:4f:52:06:28:9f:
         84:f4:7b:b2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDMtnQf/wZAFCul015rHrj1o2SPUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MzAwNTUzMDRaFw0yNjA2MjkwNTU4MDRaMDMxMTAvBgNV
BAMTKEI5Rjg5QUQ3QjREMUNGOTQyMkQ3NEUwQjE1MzFGRjdFMUYzQTFFOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOADxFxXKYnFsUcu50p1pyOAun
Wpwp0m7bE0SjPyX93ev8yivodcT9CjdfrBMymvcpDYmIm6CliMxkF4kTybOXzkIC
VZ/Jy/GilTzCXu6N1flecKeNO5Cu8Fgr/KZyUmSw4b3jFQTCmbhIcBHk7JMPiaf9
aFS2wHOGGOwJH1Gu4yPZesd+8tmJZPFwRRIQv+jjSg3FcxI3NNOMhxuFQYgEU6CD
FHFTbipsmadQynCWh8B1SAFwG58ph/bLXFX1ZGwIP+Ug0ERGKyGEZ01V1JgVwVd/
Tn3tI5K3RiQyxRz/J9I9nzZCPtyv9/DZp39bDptjG2tWW2vnbb7AvUeGwj07AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUufia17TRz5Qi104LFTH/fh86Hp8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC3ow
DQYJKoZIhvcNAQELBQADggEBAMRpW3Zmp13q3f04Wmvp+PHT7O1wwkUFUBLS7Mwz
NwYSUyA05UEF+ZVTn75yQdrJmy0nhe1aOXZnpZN45WvkqqRA3w+/z9d5A1ZjZqc3
+kztoPdsErxFjVDq4oxZ1fsShPzhe9pIy8U0iD9iW05IHqI68giBZ5X3SVowUfNe
3QNZPMXWhS6jPVQS480ow8L6UNFs1+in1zDm3ky7HpYGZ+wnwYbu5ftJl2N21i/X
Cxs8uFf9ZDFumc+4yAD1pQSRR4U2dQQURJKvJJUIE9prWvuayK5GRBcxsZVpM53l
GjF+bPzDyQdD3htviV4faUzyJCycO3qmnfBPUgYon4T0e7I=
-----END CERTIFICATE-----