Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS63286.roa
File:                     AS63286.roa (raw, json)
Hash identifier:          cEPlDkDoICKrRPLe/UEvnBd/4E/B+W3v2bOaN7Ugo6M=
Subject key identifier:   EC:DF:D2:CA:C9:CF:04:81:47:C9:B7:E9:AB:54:D6:AA:48:F1:5D:CA
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       458CFC4131C98375BB0C38D1B12EDC2AED6DC6A6
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS63286.roa
Signing time:             Mon 25 May 2026 15:02:20 +0000
ROA not before:           Mon 25 May 2026 14:57:20 +0000
ROA not after:            Mon 24 May 2027 15:02:20 +0000
asID:                     63286
IP address blocks:        2a14:7580:4000::/36 maxlen: 36
                          2a14:7585::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:8c:fc:41:31:c9:83:75:bb:0c:38:d1:b1:2e:dc:2a:ed:6d:c6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 25 14:57:20 2026 GMT
            Not After : May 24 15:02:20 2027 GMT
        Subject: CN=ECDFD2CAC9CF048147C9B7E9AB54D6AA48F15DCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:15:86:9a:0b:1c:80:3a:46:4c:fb:4a:25:f2:
                    ac:7c:0d:a5:ff:3d:2c:50:c2:30:a1:e5:c5:ab:f1:
                    35:2c:39:0b:c9:18:22:1f:61:3c:b8:c7:a6:60:95:
                    13:71:82:fc:0a:ab:c9:ab:af:3f:de:8f:1a:0e:28:
                    77:63:08:00:14:e2:25:6c:41:9c:f8:a0:40:42:b7:
                    ba:80:d8:82:56:f6:51:e2:84:13:46:d9:3e:09:8b:
                    62:21:e6:76:03:58:4b:a8:64:21:f2:a5:0f:f2:8e:
                    3d:11:4b:0d:13:c0:e0:fe:b1:20:1b:5d:55:10:6e:
                    7d:72:82:44:6a:e9:d4:92:ce:b1:b9:ea:81:33:f3:
                    ec:35:a7:de:33:30:80:17:3f:ec:42:3a:fe:9e:f9:
                    88:82:55:28:33:9a:e8:83:c9:25:2f:b9:6c:28:6a:
                    d2:c4:39:24:b9:95:aa:80:e4:4b:97:90:4d:db:85:
                    ee:37:cf:54:1b:8b:ab:3e:aa:a5:15:23:06:fe:89:
                    94:ef:c8:bf:ba:11:58:86:01:d7:05:15:e5:f9:34:
                    c7:ac:b9:b9:f7:94:b7:40:64:6b:7a:24:ce:0c:03:
                    2c:7e:32:70:95:26:79:94:94:3c:d7:02:a7:ed:a1:
                    67:79:8f:6e:60:02:c0:74:f4:6a:af:8d:c0:c0:9b:
                    e1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:DF:D2:CA:C9:CF:04:81:47:C9:B7:E9:AB:54:D6:AA:48:F1:5D:CA
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS63286.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:4000::/36
                  2a14:7585::/36

    Signature Algorithm: sha256WithRSAEncryption
         1e:41:09:e9:81:75:6f:fb:d6:86:2f:23:68:db:46:cc:f4:92:
         7c:14:c8:3c:89:97:1e:b9:ff:a6:cb:87:2b:12:37:62:58:61:
         54:e4:dc:a7:f3:ab:31:00:2f:f1:ff:f6:07:f2:3c:0b:9e:0e:
         79:e0:87:65:0c:1d:cc:fe:8b:e8:be:8e:32:6a:35:fe:c3:56:
         92:5e:7a:81:a2:10:8d:d0:88:60:a5:14:a9:08:20:0c:ea:bb:
         d2:89:ae:7a:5e:ba:52:ad:47:8d:7d:d8:66:fd:a9:95:58:3e:
         ec:29:4a:48:5d:81:14:52:56:f3:12:92:c0:55:31:9d:b7:8d:
         a7:fe:62:93:ec:5c:8c:a7:37:47:61:87:69:9d:2d:d3:0c:10:
         9d:2d:e8:8d:d1:9d:20:31:c8:70:4f:18:9f:00:aa:14:0a:28:
         e4:3e:4c:7e:7e:2a:0d:e2:1a:6b:6a:21:3f:f2:ee:cf:89:7c:
         0a:05:0e:78:c6:aa:d8:55:e0:c5:3c:9f:80:36:f3:8b:fa:79:
         87:77:e8:0a:df:09:4c:3b:07:bf:ee:6d:a1:38:55:27:b2:5a:
         a4:96:00:4a:df:35:14:d8:78:55:dd:e0:51:52:42:1e:19:f4:
         82:c6:f6:a2:34:33:6f:92:2c:23:2f:50:4c:59:d9:93:e2:e1:
         fe:3e:45:89
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIURYz8QTHJg3W7DDjRsS7cKu1txqYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MjUxNDU3MjBaFw0yNzA1MjQxNTAyMjBaMDMxMTAvBgNV
BAMTKEVDREZEMkNBQzlDRjA0ODE0N0M5QjdFOUFCNTRENkFBNDhGMTVEQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMFYaaCxyAOkZM+0ol8qx8DaX/
PSxQwjCh5cWr8TUsOQvJGCIfYTy4x6ZglRNxgvwKq8mrrz/ejxoOKHdjCAAU4iVs
QZz4oEBCt7qA2IJW9lHihBNG2T4Ji2Ih5nYDWEuoZCHypQ/yjj0RSw0TwOD+sSAb
XVUQbn1ygkRq6dSSzrG56oEz8+w1p94zMIAXP+xCOv6e+YiCVSgzmuiDySUvuWwo
atLEOSS5laqA5EuXkE3bhe43z1Qbi6s+qqUVIwb+iZTvyL+6EViGAdcFFeX5NMes
ubn3lLdAZGt6JM4MAyx+MnCVJnmUlDzXAqftoWd5j25gAsB09GqvjcDAm+ElAgMB
AAGjggITMIICDzAdBgNVHQ4EFgQU7N/SysnPBIFHybfpq1TWqkjxXcowHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNjMyODYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKQYIKwYBBQUHAQcBAf8EGjAYMBYEAgACMBADBgQqFHWA
QAMGBCoUdYUAMA0GCSqGSIb3DQEBCwUAA4IBAQAeQQnpgXVv+9aGLyNo20bM9JJ8
FMg8iZceuf+my4crEjdiWGFU5Nyn86sxAC/x//YH8jwLng554IdlDB3M/ovovo4y
ajX+w1aSXnqBohCN0IhgpRSpCCAM6rvSia56XrpSrUeNfdhm/amVWD7sKUpIXYEU
UlbzEpLAVTGdt42n/mKT7FyMpzdHYYdpnS3TDBCdLeiN0Z0gMchwTxifAKoUCijk
Pkx+fioN4hpraiE/8u7PiXwKBQ54xqrYVeDFPJ+ANvOL+nmHd+gK3wlMOwe/7m2h
OFUnslqklgBK3zUU2HhV3eBRUkIeGfSCxvaiNDNvkiwjL1BMWdmT4uH+PkWJ
-----END CERTIFICATE-----