Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS63023.roa
File:                     AS63023.roa (raw, json)
Hash identifier:          Om+TfZGoQpfHuHN2tQOb/LJY3KTheLJ7K7Yf7T7WWuE=
Subject key identifier:   BE:ED:E2:29:45:A4:DE:70:C0:F8:AD:B6:B1:28:3C:8C:24:21:A5:56
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       58A985468AC578D5A4F4DE06954B220DB2F03437
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS63023.roa
Signing time:             Mon 01 Jun 2026 06:47:19 +0000
ROA not before:           Mon 01 Jun 2026 06:42:19 +0000
ROA not after:            Mon 31 May 2027 06:47:19 +0000
asID:                     63023
IP address blocks:        141.11.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:a9:85:46:8a:c5:78:d5:a4:f4:de:06:95:4b:22:0d:b2:f0:34:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  1 06:42:19 2026 GMT
            Not After : May 31 06:47:19 2027 GMT
        Subject: CN=BEEDE22945A4DE70C0F8ADB6B1283C8C2421A556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:33:eb:b1:c1:15:65:0d:57:d2:7f:cf:d4:cc:
                    12:f1:ed:a9:a2:e8:9f:b3:9a:bd:9c:cb:91:48:ec:
                    ee:71:c1:3c:e5:db:2c:c8:60:f9:d7:02:78:b9:9c:
                    83:47:53:ee:eb:57:c2:35:e8:7a:d9:a6:be:f7:cd:
                    2b:eb:24:11:86:5f:f7:f1:ce:56:a2:36:f9:16:e3:
                    80:8c:c5:05:e9:55:f3:b0:63:29:eb:93:ea:79:36:
                    0e:58:c9:ba:d5:a9:d5:b8:94:8e:84:04:aa:b7:ed:
                    7a:f8:e8:28:9f:a9:b3:d2:f5:1f:c9:73:b9:11:bf:
                    57:a9:0c:42:65:c8:c2:74:46:b8:0c:a8:e6:16:c5:
                    1b:e8:a9:76:da:53:1a:66:04:23:ef:7e:b9:a0:2f:
                    c4:9d:05:4b:27:48:77:9f:34:0d:0a:ce:08:9d:e1:
                    d5:47:f9:54:6a:43:ea:86:6c:fb:12:6d:bd:02:2d:
                    dd:c7:96:cf:13:94:af:e6:a1:cc:20:0a:27:06:cd:
                    5d:3c:02:15:d3:69:27:af:59:35:1e:b8:76:e3:71:
                    e3:44:9d:bd:7b:fb:a1:83:99:a8:a9:01:4f:37:35:
                    8f:9e:38:7e:4c:d4:47:70:e8:97:0e:e2:65:90:31:
                    22:48:d1:11:67:69:2c:1b:10:ce:99:08:f8:68:bd:
                    63:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:ED:E2:29:45:A4:DE:70:C0:F8:AD:B6:B1:28:3C:8C:24:21:A5:56
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS63023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:f9:6a:af:15:b9:f8:ce:7d:e9:dc:7f:9f:78:6e:9f:52:34:
         87:ff:af:73:2a:92:b0:29:e4:4d:a5:51:9e:08:6e:84:1d:52:
         dd:ae:2f:1d:e5:ea:04:0f:8d:6c:2c:64:6c:4f:5c:38:ee:b8:
         5f:86:5f:7b:04:8a:26:6d:77:da:dd:00:ea:d6:3b:d8:da:e4:
         d1:0c:77:6c:bd:41:8c:ab:32:d4:31:5c:aa:63:a8:f1:ed:7a:
         8c:9a:b7:b7:1e:7c:6b:99:72:2d:80:67:b5:ae:e6:1f:15:c2:
         fa:35:56:1a:ef:81:31:81:a3:fa:21:b9:f7:72:01:3f:4b:7b:
         0e:49:7a:09:ee:0e:a5:64:f2:1f:b3:ea:d6:66:8b:59:ce:76:
         7a:f4:3a:91:1c:7a:a9:f1:62:8d:99:b0:01:7b:45:f2:47:28:
         3c:99:f2:df:0c:67:d0:f1:69:02:72:fe:a2:97:ee:18:e1:3c:
         88:d2:3e:34:bb:e5:c9:dc:59:3d:b7:ab:eb:ce:3d:da:a6:99:
         63:d1:70:99:af:e9:aa:95:94:e6:ab:6d:5f:d8:fa:fe:39:02:
         7d:d1:ce:9f:30:30:55:76:a7:00:00:69:64:7e:b3:44:af:37:
         ac:b6:f2:6e:ba:83:8a:78:4c:21:11:70:58:6a:90:50:6d:b1:
         f0:ba:0a:0b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWKmFRorFeNWk9N4GlUsiDbLwNDcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDEwNjQyMTlaFw0yNzA1MzEwNjQ3MTlaMDMxMTAvBgNV
BAMTKEJFRURFMjI5NDVBNERFNzBDMEY4QURCNkIxMjgzQzhDMjQyMUE1NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeM+uxwRVlDVfSf8/UzBLx7ami
6J+zmr2cy5FI7O5xwTzl2yzIYPnXAni5nINHU+7rV8I16HrZpr73zSvrJBGGX/fx
zlaiNvkW44CMxQXpVfOwYynrk+p5Ng5YybrVqdW4lI6EBKq37Xr46CifqbPS9R/J
c7kRv1epDEJlyMJ0RrgMqOYWxRvoqXbaUxpmBCPvfrmgL8SdBUsnSHefNA0Kzgid
4dVH+VRqQ+qGbPsSbb0CLd3Hls8TlK/mocwgCicGzV08AhXTaSevWTUeuHbjceNE
nb17+6GDmaipAU83NY+eOH5M1Edw6JcO4mWQMSJI0RFnaSwbEM6ZCPhovWNJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvu3iKUWk3nDA+K22sSg8jCQhpVYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjMwMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC3ow
DQYJKoZIhvcNAQELBQADggEBAKX5aq8VufjOfencf594bp9SNIf/r3MqkrAp5E2l
UZ4IboQdUt2uLx3l6gQPjWwsZGxPXDjuuF+GX3sEiiZtd9rdAOrWO9ja5NEMd2y9
QYyrMtQxXKpjqPHteoyat7cefGuZci2AZ7Wu5h8Vwvo1VhrvgTGBo/ohufdyAT9L
ew5JegnuDqVk8h+z6tZmi1nOdnr0OpEceqnxYo2ZsAF7RfJHKDyZ8t8MZ9DxaQJy
/qKX7hjhPIjSPjS75cncWT23q+vOPdqmmWPRcJmv6aqVlOarbV/Y+v45An3Rzp8w
MFV2pwAAaWR+s0SvN6y28m66g4p4TCERcFhqkFBtsfC6Cgs=
-----END CERTIFICATE-----