Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          FW9rot5Y1VtP+HT2fRM2zOFxkvljgONXyB9ZUkSNnM8=
Subject key identifier:   E6:68:FB:18:CE:54:1A:7C:0C:DD:BA:4D:14:53:63:F9:06:39:0C:79
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2B1267CAF9395AE175409E0D8175BE0B7785ED77
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa
Signing time:             Tue 30 Sep 2025 08:35:30 +0000
ROA not before:           Tue 30 Sep 2025 08:30:30 +0000
ROA not after:            Tue 29 Sep 2026 08:35:30 +0000
asID:                     63199
IP address blocks:        143.20.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:12:67:ca:f9:39:5a:e1:75:40:9e:0d:81:75:be:0b:77:85:ed:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 30 08:30:30 2025 GMT
            Not After : Sep 29 08:35:30 2026 GMT
        Subject: CN=E668FB18CE541A7C0CDDBA4D145363F906390C79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b0:9f:fa:de:d1:e7:d5:65:41:15:f5:88:a5:
                    06:6f:ae:34:61:c6:d2:b9:39:8c:d9:44:84:ca:92:
                    7b:b4:ff:55:05:99:cf:63:d7:af:27:51:23:c9:c3:
                    f5:2f:91:70:af:99:41:ef:1d:58:cb:f7:93:26:65:
                    52:93:1e:65:75:11:92:30:44:2a:79:aa:bf:bd:9a:
                    a8:ed:44:32:04:bb:0b:ec:aa:5c:8a:77:80:5d:33:
                    65:ab:15:20:81:5a:31:2d:39:41:3d:28:55:70:df:
                    e3:be:f8:af:48:04:09:53:80:b4:3d:58:de:c2:48:
                    5f:28:c7:f0:53:4a:bf:32:0f:c2:9c:48:b7:5d:e0:
                    50:0e:c7:c2:2a:cf:6f:ee:1f:3e:97:b2:09:44:ac:
                    3c:60:94:0a:0a:ba:65:71:46:50:a5:88:3f:4f:2a:
                    19:c3:8a:83:7a:03:e9:ee:3b:dc:d9:e4:8d:ec:76:
                    5e:f9:30:96:d0:af:a7:da:27:c7:35:04:e3:45:fa:
                    05:a3:f7:f5:41:07:e1:4a:2d:61:bb:0e:49:49:23:
                    55:71:ad:0e:c3:b4:30:8c:ed:97:ae:38:a6:36:a4:
                    49:20:a0:27:89:19:f8:35:46:0e:c7:47:7d:64:02:
                    3c:92:1c:30:41:23:9b:38:88:c3:c3:e4:f8:90:4d:
                    4d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:68:FB:18:CE:54:1A:7C:0C:DD:BA:4D:14:53:63:F9:06:39:0C:79
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:0e:50:ca:69:e9:fb:e0:24:36:be:17:4d:dc:d0:47:02:70:
         fa:2b:b7:ee:bf:de:45:f6:da:26:54:0c:3c:b9:42:ba:c4:a5:
         17:05:f1:a6:cf:b0:26:ce:90:c9:79:05:42:80:c6:d8:c2:2c:
         c6:c5:5c:1d:d1:c8:e1:8f:5e:41:cb:bc:1f:67:32:81:68:28:
         81:e7:6e:65:52:78:29:fd:7d:66:d3:d5:4a:b7:13:1d:1a:81:
         de:22:ef:cf:80:48:7f:b9:ab:4e:fd:90:50:f6:14:ca:91:82:
         9c:9d:d8:f3:e4:53:1d:a4:01:18:16:43:a0:28:00:20:72:50:
         8e:03:02:28:94:a0:11:e8:fb:86:b8:06:fd:56:c8:83:b1:d8:
         ea:8d:15:77:b2:e0:73:97:1e:f8:5d:45:f8:0a:44:a5:db:db:
         ce:0c:db:e5:79:6c:cb:d4:ba:92:09:81:7e:86:a1:9b:e5:b4:
         a3:95:30:d5:14:bf:e7:42:02:89:94:4b:f2:63:30:73:85:08:
         7b:f7:b6:b9:4c:5a:d3:be:f9:68:5d:32:c3:19:2e:ce:cd:de:
         68:c1:d4:c3:81:86:c9:a2:c3:b7:53:02:5a:31:f8:f4:de:0f:
         5d:7c:6c:d7:27:87:57:1f:73:92:ac:f3:92:90:86:da:3b:d5:
         2a:4c:37:fe
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKxJnyvk5WuF1QJ4NgXW+C3eF7XcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MzAwODMwMzBaFw0yNjA5MjkwODM1MzBaMDMxMTAvBgNV
BAMTKEU2NjhGQjE4Q0U1NDFBN0MwQ0REQkE0RDE0NTM2M0Y5MDYzOTBDNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCasJ/63tHn1WVBFfWIpQZvrjRh
xtK5OYzZRITKknu0/1UFmc9j168nUSPJw/UvkXCvmUHvHVjL95MmZVKTHmV1EZIw
RCp5qr+9mqjtRDIEuwvsqlyKd4BdM2WrFSCBWjEtOUE9KFVw3+O++K9IBAlTgLQ9
WN7CSF8ox/BTSr8yD8KcSLdd4FAOx8Iqz2/uHz6XsglErDxglAoKumVxRlCliD9P
KhnDioN6A+nuO9zZ5I3sdl75MJbQr6faJ8c1BONF+gWj9/VBB+FKLWG7DklJI1Vx
rQ7DtDCM7ZeuOKY2pEkgoCeJGfg1Rg7HR31kAjySHDBBI5s4iMPD5PiQTU2pAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU5mj7GM5UGnwM3bpNFFNj+QY5DHkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFFAw
DQYJKoZIhvcNAQELBQADggEBANkOUMpp6fvgJDa+F03c0EcCcPort+6/3kX22iZU
DDy5QrrEpRcF8abPsCbOkMl5BUKAxtjCLMbFXB3RyOGPXkHLvB9nMoFoKIHnbmVS
eCn9fWbT1Uq3Ex0agd4i78+ASH+5q079kFD2FMqRgpyd2PPkUx2kARgWQ6AoACBy
UI4DAiiUoBHo+4a4Bv1WyIOx2OqNFXey4HOXHvhdRfgKRKXb284M2+V5bMvUupIJ
gX6GoZvltKOVMNUUv+dCAomUS/JjMHOFCHv3trlMWtO++WhdMsMZLs7N3mjB1MOB
hsmiw7dTAlox+PTeD118bNcnh1cfc5Ks85KQhto71SpMN/4=
-----END CERTIFICATE-----