Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          5FmzVDRxjfh2pwqnFLPZo8AFKod9FVhtGyvuywE4j1g=
Subject key identifier:   61:9C:C7:D5:0E:08:4A:16:C1:73:39:9F:D4:96:D7:D1:31:15:80:3B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2ED35FFCAA391B15481C913A09A93D0171F4FAFD
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63199.roa
Signing time:             Thu 28 May 2026 06:34:27 +0000
ROA not before:           Thu 28 May 2026 06:29:27 +0000
ROA not after:            Thu 27 May 2027 06:34:27 +0000
asID:                     63199
IP address blocks:        181.215.64.0/24 maxlen: 24
                          191.101.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:d3:5f:fc:aa:39:1b:15:48:1c:91:3a:09:a9:3d:01:71:f4:fa:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 28 06:29:27 2026 GMT
            Not After : May 27 06:34:27 2027 GMT
        Subject: CN=619CC7D50E084A16C173399FD496D7D13115803B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:64:19:5f:fe:0e:5d:d4:f5:3d:9c:a8:9b:17:
                    62:37:8a:41:67:99:0c:2f:a6:c3:bf:12:df:e6:99:
                    49:b8:3d:87:7f:6b:e5:ce:56:ff:c0:73:3d:91:b0:
                    e5:ed:35:8a:e9:99:b5:02:b4:99:b2:92:27:e9:03:
                    3c:4f:25:2d:bd:1b:4e:c3:1f:c6:df:84:93:b3:ae:
                    1a:94:76:4d:f5:69:b6:a5:57:af:04:6b:9b:8e:c1:
                    42:e0:b7:cf:cb:1c:5e:78:6c:61:0d:ba:99:c4:78:
                    4e:eb:82:a2:ce:b4:ff:51:f3:72:98:58:10:5f:43:
                    09:a1:3d:e8:cc:c0:f5:9f:5d:11:b8:d9:3b:5c:41:
                    78:4e:08:e7:dc:bb:99:58:4c:75:d9:e0:67:fa:cb:
                    ca:b1:b4:b5:df:90:80:99:db:f9:18:ec:e8:dd:2b:
                    12:b9:6a:7c:05:4a:e4:ab:96:2e:45:99:e7:52:f7:
                    c7:6c:ca:70:dd:2f:96:7b:d2:01:1c:df:b2:e2:1d:
                    53:82:af:5d:c1:01:21:a7:5b:2d:36:73:17:a4:69:
                    a9:e3:5b:68:e7:84:3e:3d:2a:8b:b3:76:7a:19:4e:
                    a0:c5:01:bf:90:f4:bc:00:24:59:8a:ef:4a:a9:a0:
                    2c:93:99:75:25:0c:62:d8:ec:51:5b:a3:79:55:b6:
                    c2:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:9C:C7:D5:0E:08:4A:16:C1:73:39:9F:D4:96:D7:D1:31:15:80:3B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.64.0/24
                  191.101.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:c3:07:74:8f:11:a0:e6:52:bb:f9:f4:a1:21:be:67:32:1a:
         75:81:93:aa:2e:ec:6e:36:2f:4d:59:31:91:d8:df:4b:e5:44:
         3d:7f:56:44:e0:4d:de:12:82:52:d9:8c:4b:74:5a:a9:72:50:
         b4:07:bd:24:f1:4a:1c:d3:9f:01:d8:24:b3:47:69:3d:e3:f3:
         d1:5a:d8:29:de:7d:18:bc:bc:5c:37:f6:64:0b:5a:aa:bd:4d:
         d8:ca:68:ce:c6:77:d1:25:ed:18:a4:44:90:da:52:f2:18:c7:
         82:e8:ce:e8:0f:fe:64:c9:8b:7d:20:53:50:b2:d1:0d:5f:39:
         cf:1b:51:a0:da:49:32:13:bd:72:e1:1b:1b:14:4c:7a:de:62:
         91:41:dd:55:cf:a1:69:12:26:6d:3e:23:4b:84:f2:f4:c0:48:
         6c:9a:97:b7:f5:26:b4:14:95:40:bd:c1:b8:0a:df:65:0f:99:
         68:b2:d8:e3:da:88:25:fb:68:2c:18:a5:cf:40:7e:00:3c:5a:
         fa:74:20:ba:f3:63:08:16:f7:b3:46:98:6d:95:80:71:2c:cf:
         de:49:c7:39:ce:6c:9e:87:d2:d8:e1:c2:44:07:2c:c5:6c:cc:
         98:d3:b4:9d:28:1c:d3:e5:cd:f9:ef:4d:62:72:16:04:26:3b:
         97:8e:28:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIULtNf/Ko5GxVIHJE6Cak9AXH0+v0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjgwNjI5MjdaFw0yNzA1MjcwNjM0MjdaMDMxMTAvBgNV
BAMTKDYxOUNDN0Q1MEUwODRBMTZDMTczMzk5RkQ0OTZEN0QxMzExNTgwM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFZBlf/g5d1PU9nKibF2I3ikFn
mQwvpsO/Et/mmUm4PYd/a+XOVv/Acz2RsOXtNYrpmbUCtJmykifpAzxPJS29G07D
H8bfhJOzrhqUdk31abalV68Ea5uOwULgt8/LHF54bGENupnEeE7rgqLOtP9R83KY
WBBfQwmhPejMwPWfXRG42TtcQXhOCOfcu5lYTHXZ4Gf6y8qxtLXfkICZ2/kY7Ojd
KxK5anwFSuSrli5FmedS98dsynDdL5Z70gEc37LiHVOCr13BASGnWy02cxekaanj
W2jnhD49KouzdnoZTqDFAb+Q9LwAJFmK70qpoCyTmXUlDGLY7FFbo3lVtsIvAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUYZzH1Q4IShbBczmf1JbX0TEVgDswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC110AD
BAC/ZVIwDQYJKoZIhvcNAQELBQADggEBAHDDB3SPEaDmUrv59KEhvmcyGnWBk6ou
7G42L01ZMZHY30vlRD1/VkTgTd4SglLZjEt0WqlyULQHvSTxShzTnwHYJLNHaT3j
89Fa2CnefRi8vFw39mQLWqq9TdjKaM7Gd9El7RikRJDaUvIYx4LozugP/mTJi30g
U1Cy0Q1fOc8bUaDaSTITvXLhGxsUTHreYpFB3VXPoWkSJm0+I0uE8vTASGyal7f1
JrQUlUC9wbgK32UPmWiy2OPaiCX7aCwYpc9AfgA8Wvp0ILrzYwgW97NGmG2VgHEs
z95JxznObJ6H0tjhwkQHLMVszJjTtJ0oHNPlzfnvTWJyFgQmO5eOKEY=
-----END CERTIFICATE-----