Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          NgBuzp44hrsYi+PJ2q4N6jSsdIZ8GjnsCZBQsJr5iT0=
Subject key identifier:   24:5C:E7:7C:2D:54:B5:1C:49:F9:61:A5:11:2C:32:CB:05:E7:70:76
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       485BEF045E830847186B7A46E9DAD7E8592D4DB2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63023.roa
Signing time:             Mon 13 May 2024 06:26:34 +0000
ROA not before:           Mon 13 May 2024 06:21:34 +0000
ROA not after:            Mon 12 May 2025 06:26:34 +0000
asID:                     63023
IP address blocks:        191.96.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:5b:ef:04:5e:83:08:47:18:6b:7a:46:e9:da:d7:e8:59:2d:4d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 13 06:21:34 2024 GMT
            Not After : May 12 06:26:34 2025 GMT
        Subject: CN=245CE77C2D54B51C49F961A5112C32CB05E77076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ef:67:c3:8d:86:59:eb:9c:e0:da:3c:1e:95:
                    5f:6d:4f:70:b9:55:42:51:9d:ef:13:81:81:3f:c1:
                    73:ae:6c:d8:ac:aa:10:a0:6a:7f:6e:76:9d:94:14:
                    ae:5c:64:f8:ae:83:2d:13:06:22:e5:75:10:10:6a:
                    12:6d:be:d3:ad:a5:27:a5:d8:92:29:00:e0:6f:cb:
                    94:c0:a6:f4:fe:c8:27:8f:ff:dd:db:fb:cf:ce:56:
                    ab:e1:43:1d:bf:b9:c4:07:fe:7b:58:e0:a5:ea:69:
                    bb:35:d0:0b:72:27:3e:2e:d1:2d:8b:c0:62:86:51:
                    85:24:ea:a8:76:ab:ff:96:82:1e:26:5d:83:71:3f:
                    a7:31:db:a4:1c:38:ea:70:08:5a:37:ce:b8:9c:b0:
                    dc:67:99:d4:04:ec:c4:cb:55:31:07:a5:95:4f:2d:
                    24:25:54:cc:3c:bb:77:de:99:93:b8:95:1f:ad:28:
                    c0:1f:8a:fe:07:c7:e6:f5:d8:46:de:16:79:e1:6a:
                    7f:c3:cf:ca:1e:08:7f:f7:13:eb:72:33:16:70:1e:
                    df:1c:62:3d:86:b9:7d:4f:01:b1:b4:10:ab:0b:9c:
                    ad:63:7f:83:11:7c:89:63:0c:12:90:e7:91:00:72:
                    85:c7:40:d2:62:56:66:26:41:af:48:d0:ca:40:a6:
                    30:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:5C:E7:7C:2D:54:B5:1C:49:F9:61:A5:11:2C:32:CB:05:E7:70:76
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:64:90:e0:93:44:00:0d:b7:19:f9:96:ca:7c:06:02:7c:76:
         69:07:db:9b:8e:e0:d9:3a:8a:ab:3b:68:3c:17:56:70:8c:aa:
         08:bc:88:90:b3:f8:eb:99:ed:05:ce:1a:a5:21:21:99:32:74:
         10:eb:60:26:9f:fe:ee:39:f3:e9:36:ee:d2:2e:b2:82:30:97:
         dc:c8:57:ad:c2:e7:e4:48:68:a4:cf:b9:50:93:e8:5b:32:e9:
         36:96:dd:b2:9a:cd:4e:a8:32:d2:f9:00:c4:51:c8:c5:cb:5e:
         61:39:ce:3b:60:28:e8:f7:64:d1:f5:8c:0a:a2:ad:1a:e5:ed:
         c7:a6:a0:67:44:47:38:d1:21:5d:eb:65:75:29:f1:79:64:77:
         a9:74:6e:59:22:31:bb:8c:8b:1b:7b:62:45:71:08:7a:c5:a2:
         f7:2f:a5:90:8d:bd:5c:2a:4f:c7:84:6a:11:47:0c:88:2b:07:
         a6:1b:7f:c2:00:ef:aa:1f:94:4d:59:27:2e:91:f6:4d:42:41:
         9b:5f:1d:7d:60:ca:c6:fa:35:e3:d5:ea:20:93:f4:e5:78:ff:
         3f:fb:02:57:c6:b0:43:58:66:72:28:fe:39:a8:e0:8d:6b:fa:
         04:ae:12:bf:cc:53:ea:da:c3:ad:a1:96:83:93:c7:aa:5d:c4:
         be:ae:eb:4e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSFvvBF6DCEcYa3pG6drX6FktTbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MTMwNjIxMzRaFw0yNTA1MTIwNjI2MzRaMDMxMTAvBgNV
BAMTKDI0NUNFNzdDMkQ1NEI1MUM0OUY5NjFBNTExMkMzMkNCMDVFNzcwNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX72fDjYZZ65zg2jwelV9tT3C5
VUJRne8TgYE/wXOubNisqhCgan9udp2UFK5cZPiugy0TBiLldRAQahJtvtOtpSel
2JIpAOBvy5TApvT+yCeP/93b+8/OVqvhQx2/ucQH/ntY4KXqabs10AtyJz4u0S2L
wGKGUYUk6qh2q/+Wgh4mXYNxP6cx26QcOOpwCFo3zricsNxnmdQE7MTLVTEHpZVP
LSQlVMw8u3femZO4lR+tKMAfiv4Hx+b12EbeFnnhan/Dz8oeCH/3E+tyMxZwHt8c
Yj2GuX1PAbG0EKsLnK1jf4MRfIljDBKQ55EAcoXHQNJiVmYmQa9I0MpApjBdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUJFznfC1UtRxJ+WGlESwyywXncHYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YJIw
DQYJKoZIhvcNAQELBQADggEBAKxkkOCTRAANtxn5lsp8BgJ8dmkH25uO4Nk6iqs7
aDwXVnCMqgi8iJCz+OuZ7QXOGqUhIZkydBDrYCaf/u458+k27tIusoIwl9zIV63C
5+RIaKTPuVCT6Fsy6TaW3bKazU6oMtL5AMRRyMXLXmE5zjtgKOj3ZNH1jAqirRrl
7cemoGdERzjRIV3rZXUp8Xlkd6l0blkiMbuMixt7YkVxCHrFovcvpZCNvVwqT8eE
ahFHDIgrB6Ybf8IA76oflE1ZJy6R9k1CQZtfHX1gysb6NePV6iCT9OV4/z/7AlfG
sENYZnIo/jmo4I1r+gSuEr/MU+raw62hloOTx6pdxL6u604=
-----END CERTIFICATE-----