Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          dzW0mJCfheQz0Zj9V3DLHjGEQj9aFAwKmVHAxk9pNP4=
Subject key identifier:   4F:F1:95:4F:34:2C:52:21:35:A6:D6:4F:8A:4A:62:F2:5F:2C:68:E3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       072C854F13DBBAFA978157EBC975D3144AF60EDE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63023.roa
Signing time:             Mon 14 Apr 2025 06:54:01 +0000
ROA not before:           Mon 14 Apr 2025 06:49:01 +0000
ROA not after:            Mon 13 Apr 2026 06:54:01 +0000
asID:                     63023
IP address blocks:        191.96.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:2c:85:4f:13:db:ba:fa:97:81:57:eb:c9:75:d3:14:4a:f6:0e:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 14 06:49:01 2025 GMT
            Not After : Apr 13 06:54:01 2026 GMT
        Subject: CN=4FF1954F342C522135A6D64F8A4A62F25F2C68E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ba:3b:46:fb:bc:d1:1e:77:ba:23:ac:84:27:
                    c9:4d:b7:ff:0a:80:19:8d:c8:41:61:0f:4c:d2:e6:
                    83:69:18:2b:ee:69:1a:bc:a4:a3:12:8c:b6:43:5e:
                    1f:38:e1:3f:e6:ff:20:35:18:d3:d0:6b:5d:63:bc:
                    94:c2:36:39:38:99:17:b4:4b:77:85:55:23:5e:01:
                    dd:cb:e5:9a:43:cf:12:d2:f5:5f:f1:3e:9a:42:d0:
                    93:7f:ab:ca:d4:ed:a5:63:c0:2b:23:7a:cb:96:69:
                    cc:14:dc:d0:c2:c2:c4:f7:f7:75:ca:d5:b4:57:55:
                    20:fc:00:ff:03:f3:4c:60:ef:74:2c:71:86:56:59:
                    2d:b7:ec:39:17:4d:58:f1:7a:bd:95:f3:82:5d:49:
                    4b:f9:d2:7d:79:ea:12:b7:2e:84:dd:cb:5e:85:ff:
                    c9:17:09:fc:68:9e:a0:aa:41:53:59:b2:3f:33:4c:
                    c3:82:51:be:13:24:a4:ec:1d:5d:d6:4f:27:07:ca:
                    9d:14:f9:bb:69:77:4a:0a:47:2d:e9:6b:13:36:c1:
                    e7:8b:50:41:71:96:b9:25:56:52:3d:73:c4:13:d2:
                    50:eb:b3:17:c6:1d:8b:35:76:fe:7d:15:6e:5a:a4:
                    26:e9:01:82:7d:36:b6:71:f6:7f:f2:3a:8b:c0:04:
                    c8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F1:95:4F:34:2C:52:21:35:A6:D6:4F:8A:4A:62:F2:5F:2C:68:E3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:10:f1:38:4b:03:06:d8:ed:c6:2d:3b:e0:8b:43:5e:58:8c:
         ec:27:7a:2c:75:b9:c7:29:ae:c0:58:12:e9:e9:21:8e:50:71:
         b3:c6:28:e5:a7:0c:a3:9b:0b:b3:d6:6b:7f:d8:ed:23:77:ef:
         9d:56:1a:7d:d9:69:e7:3f:4d:66:1f:f8:4a:7c:67:a4:f5:01:
         d5:29:d3:a1:ba:c6:cc:95:9a:de:a5:36:b3:02:b4:60:21:42:
         b1:53:2a:45:9e:1c:e6:a9:69:57:bb:b7:29:dc:97:d1:c9:58:
         1d:24:ec:35:6d:f2:4a:f7:4b:5b:06:09:11:46:36:65:49:29:
         1e:e8:3e:3c:4f:4c:2c:7f:d0:90:97:7e:cd:f2:86:7f:19:a8:
         a4:4b:56:d6:19:ee:11:4e:d5:48:03:26:00:c0:9d:4e:7f:b3:
         47:e8:db:6c:f3:08:5e:c9:21:6e:5d:46:e9:d7:17:a4:39:80:
         a0:22:00:8c:df:54:d0:04:68:5f:30:80:99:5e:14:71:6a:cf:
         e4:35:1a:27:23:94:ae:37:4e:c0:3d:81:18:38:39:66:7a:69:
         03:e3:10:86:c9:45:a5:c6:8c:d9:34:34:0e:51:cc:e1:8a:15:
         2c:a7:9f:2a:92:fd:b0:84:44:bc:87:b7:1c:26:24:02:e7:e5:
         b9:79:34:db
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUByyFTxPbuvqXgVfryXXTFEr2Dt4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MTQwNjQ5MDFaFw0yNjA0MTMwNjU0MDFaMDMxMTAvBgNV
BAMTKDRGRjE5NTRGMzQyQzUyMjEzNUE2RDY0RjhBNEE2MkYyNUYyQzY4RTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6ujtG+7zRHne6I6yEJ8lNt/8K
gBmNyEFhD0zS5oNpGCvuaRq8pKMSjLZDXh844T/m/yA1GNPQa11jvJTCNjk4mRe0
S3eFVSNeAd3L5ZpDzxLS9V/xPppC0JN/q8rU7aVjwCsjesuWacwU3NDCwsT393XK
1bRXVSD8AP8D80xg73QscYZWWS237DkXTVjxer2V84JdSUv50n156hK3LoTdy16F
/8kXCfxonqCqQVNZsj8zTMOCUb4TJKTsHV3WTycHyp0U+btpd0oKRy3paxM2weeL
UEFxlrklVlI9c8QT0lDrsxfGHYs1dv59FW5apCbpAYJ9NrZx9n/yOovABMgfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUT/GVTzQsUiE1ptZPikpi8l8saOMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YJIw
DQYJKoZIhvcNAQELBQADggEBALAQ8ThLAwbY7cYtO+CLQ15YjOwneix1uccprsBY
EunpIY5QcbPGKOWnDKObC7PWa3/Y7SN3751WGn3Zaec/TWYf+Ep8Z6T1AdUp06G6
xsyVmt6lNrMCtGAhQrFTKkWeHOapaVe7tyncl9HJWB0k7DVt8kr3S1sGCRFGNmVJ
KR7oPjxPTCx/0JCXfs3yhn8ZqKRLVtYZ7hFO1UgDJgDAnU5/s0fo22zzCF7JIW5d
RunXF6Q5gKAiAIzfVNAEaF8wgJleFHFqz+Q1GicjlK43TsA9gRg4OWZ6aQPjEIbJ
RaXGjNk0NA5RzOGKFSynnyqS/bCERLyHtxwmJALn5bl5NNs=
-----END CERTIFICATE-----