Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          NxYoDZYP8Z5gdrCzoziHIa2gBMZteYYPNGBUM3tOFgU=
Subject key identifier:   9C:CD:FC:22:52:33:F0:ED:F8:D8:D6:AC:58:39:FA:B2:2C:62:B9:93
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       572BAF07ABDE3FD89B3B3E63ABA05EA692F9B13A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63199.roa
Signing time:             Fri 17 Apr 2026 06:49:48 +0000
ROA not before:           Fri 17 Apr 2026 06:44:48 +0000
ROA not after:            Fri 16 Apr 2027 06:49:48 +0000
asID:                     63199
IP address blocks:        181.41.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 12:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:2b:af:07:ab:de:3f:d8:9b:3b:3e:63:ab:a0:5e:a6:92:f9:b1:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 17 06:44:48 2026 GMT
            Not After : Apr 16 06:49:48 2027 GMT
        Subject: CN=9CCDFC225233F0EDF8D8D6AC5839FAB22C62B993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:00:8b:19:ed:ea:d0:92:16:f1:5e:97:ed:85:
                    ad:03:cc:96:d6:2b:10:5c:3d:d3:f1:e5:42:df:d7:
                    46:d8:27:38:fe:7b:c9:a5:83:ff:c1:60:eb:b5:b7:
                    58:3a:ab:27:7a:6e:2c:a2:e7:11:f8:59:4e:d9:75:
                    80:a9:24:ae:95:b3:77:66:dd:04:40:68:db:a6:6b:
                    d1:e7:d9:25:52:6c:22:8c:51:9d:e0:74:b3:18:90:
                    58:6f:42:e2:52:6f:32:19:c7:7d:e2:50:83:97:b4:
                    90:53:6a:55:38:d7:d1:db:be:d1:09:99:e9:b9:af:
                    a6:27:e2:a5:95:dc:ff:9f:f4:27:48:e4:1f:2b:27:
                    52:04:64:80:ac:72:45:2b:c5:8c:67:bd:18:16:47:
                    64:e2:01:7f:fc:ee:18:5c:df:cb:d8:0c:55:95:a5:
                    c6:42:2d:1e:a1:70:03:b7:e7:67:5d:38:ec:f4:07:
                    1b:55:10:6f:b3:9e:ba:e7:a5:15:e0:96:b0:71:05:
                    89:9d:ba:f0:46:1f:2b:bc:35:6e:d3:08:07:97:8e:
                    65:da:0f:37:37:0e:5f:50:1c:12:97:91:87:b6:ef:
                    96:12:64:fd:b3:4c:a4:ba:e7:75:74:c1:a8:93:06:
                    5e:b1:7b:92:70:18:db:67:95:c6:23:b6:14:21:6a:
                    3f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:CD:FC:22:52:33:F0:ED:F8:D8:D6:AC:58:39:FA:B2:2C:62:B9:93
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:91:74:7d:41:28:36:47:45:aa:dc:dd:7d:6c:b2:ec:f2:72:
         08:4c:69:09:7a:8b:8a:1c:32:56:0d:64:02:3f:c9:a2:04:26:
         52:1d:39:3f:2e:03:00:35:d7:b1:04:61:65:8f:0d:57:fb:56:
         a9:c3:14:71:a6:5b:d6:69:81:78:91:b4:e4:a2:74:40:9c:cc:
         39:22:99:9b:d7:5d:dd:88:4e:21:70:2c:0b:27:ce:ed:45:f2:
         43:66:cf:33:3d:33:b4:6a:14:f7:98:9a:8a:94:e6:6a:18:8b:
         cd:50:b7:5a:54:73:16:d4:69:3a:6f:69:eb:88:2c:4f:8d:41:
         06:fa:67:f8:a9:59:56:40:e6:7e:a0:15:ab:1c:e0:70:79:e8:
         2e:a0:2a:5d:73:80:67:8a:af:ab:9b:9e:c3:56:07:a7:8f:59:
         4c:cf:ba:9b:65:0b:80:a8:d4:b2:8c:f7:25:03:52:a8:fd:f4:
         8f:5e:9f:ec:81:0c:5c:9e:3d:7c:34:f2:ab:59:89:e9:58:81:
         57:5d:26:a3:e9:01:cc:d7:cb:56:4e:70:95:ff:cb:5d:3a:44:
         c6:48:a6:f1:8c:45:0b:40:cb:03:c1:ba:3c:37:16:84:a4:62:
         14:cb:a8:3f:05:f1:c6:dd:21:27:10:ef:4a:49:68:d6:2f:86:
         38:3f:cf:c6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVyuvB6veP9ibOz5jq6BeppL5sTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTcwNjQ0NDhaFw0yNzA0MTYwNjQ5NDhaMDMxMTAvBgNV
BAMTKDlDQ0RGQzIyNTIzM0YwRURGOEQ4RDZBQzU4MzlGQUIyMkM2MkI5OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfAIsZ7erQkhbxXpftha0DzJbW
KxBcPdPx5ULf10bYJzj+e8mlg//BYOu1t1g6qyd6biyi5xH4WU7ZdYCpJK6Vs3dm
3QRAaNuma9Hn2SVSbCKMUZ3gdLMYkFhvQuJSbzIZx33iUIOXtJBTalU419HbvtEJ
mem5r6Yn4qWV3P+f9CdI5B8rJ1IEZICsckUrxYxnvRgWR2TiAX/87hhc38vYDFWV
pcZCLR6hcAO352ddOOz0BxtVEG+znrrnpRXglrBxBYmduvBGHyu8NW7TCAeXjmXa
Dzc3Dl9QHBKXkYe275YSZP2zTKS653V0waiTBl6xe5JwGNtnlcYjthQhaj95AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUnM38IlIz8O342NasWDn6sixiuZMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC1KdIw
DQYJKoZIhvcNAQELBQADggEBACmRdH1BKDZHRarc3X1ssuzycghMaQl6i4ocMlYN
ZAI/yaIEJlIdOT8uAwA117EEYWWPDVf7VqnDFHGmW9ZpgXiRtOSidECczDkimZvX
Xd2ITiFwLAsnzu1F8kNmzzM9M7RqFPeYmoqU5moYi81Qt1pUcxbUaTpvaeuILE+N
QQb6Z/ipWVZA5n6gFasc4HB56C6gKl1zgGeKr6ubnsNWB6ePWUzPuptlC4Co1LKM
9yUDUqj99I9en+yBDFyePXw08qtZielYgVddJqPpAczXy1ZOcJX/y106RMZIpvGM
RQtAywPBujw3FoSkYhTLqD8F8cbdIScQ70pJaNYvhjg/z8Y=
-----END CERTIFICATE-----