Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          ORv0J7zyrDb+aAO++ScXz5+v0vGz9cyAa52vET3hKbY=
Subject key identifier:   F5:2A:04:74:62:0F:65:96:3B:CB:BF:77:1E:E6:2C:AA:B4:DF:C6:0E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3C8DE446EB2AF482614B4F83C8CCE41E8FCE1CE0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa
Signing time:             Fri 17 Apr 2026 06:49:56 +0000
ROA not before:           Fri 17 Apr 2026 06:44:56 +0000
ROA not after:            Fri 16 Apr 2027 06:49:56 +0000
asID:                     63199
IP address blocks:        143.20.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 12:10:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:8d:e4:46:eb:2a:f4:82:61:4b:4f:83:c8:cc:e4:1e:8f:ce:1c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Apr 17 06:44:56 2026 GMT
            Not After : Apr 16 06:49:56 2027 GMT
        Subject: CN=F52A0474620F65963BCBBF771EE62CAAB4DFC60E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:29:7e:73:d4:40:94:64:cb:cf:0a:59:e6:1b:
                    60:24:b5:17:73:c9:fe:53:f2:56:c6:8a:05:47:51:
                    eb:26:e6:29:3b:24:01:73:81:ae:d3:d8:42:03:a9:
                    9a:cc:86:3a:ce:11:59:52:6a:f2:dc:91:92:54:29:
                    d4:1d:4a:a8:36:c6:6d:7a:2e:cb:23:cc:f3:07:a4:
                    c0:d8:9d:a0:ef:19:81:58:7d:c4:10:da:35:8c:33:
                    50:0d:4b:16:58:73:22:cc:3a:d0:56:b1:35:d7:21:
                    42:b6:46:07:20:42:68:8c:4d:c8:6d:7d:c1:e4:ac:
                    a5:18:6f:43:6e:02:7f:7f:00:36:4b:11:0b:79:b5:
                    f0:08:a7:cd:28:72:fc:88:b2:46:64:3c:34:e9:94:
                    0c:e5:e6:4e:b3:2b:17:3e:56:60:bc:ca:09:1e:f3:
                    ff:de:a4:27:72:5f:eb:80:92:9d:dc:ab:8a:2f:3d:
                    84:44:3e:69:4a:c4:52:89:13:fc:bf:68:08:30:16:
                    be:c7:dd:54:d7:10:75:49:04:84:ac:8d:41:ec:1e:
                    a0:e1:dd:65:b6:c6:30:83:05:fc:7b:c8:50:b1:0b:
                    32:61:b7:74:63:ca:a6:12:4b:c8:60:9a:bd:86:29:
                    f7:82:e6:83:87:b0:86:08:7a:20:32:cf:38:40:56:
                    e5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2A:04:74:62:0F:65:96:3B:CB:BF:77:1E:E6:2C:AA:B4:DF:C6:0E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:0b:f5:16:de:3b:17:5d:ff:aa:90:49:f4:2d:f9:0b:bf:f7:
         a9:26:37:86:68:e5:a2:91:fd:ae:35:ae:c7:84:37:5c:11:84:
         09:1e:66:64:58:ae:a1:67:75:88:a7:8f:e5:86:52:9d:c1:3d:
         f3:da:9a:e0:cf:89:5a:a0:c4:c9:54:f0:f2:6e:4b:60:63:6e:
         2f:37:48:30:90:4b:d1:33:ec:a9:7f:e1:ed:00:14:43:bc:e5:
         38:1f:f5:54:fd:99:12:56:3a:7e:95:83:ba:b8:ff:72:18:4a:
         4e:d3:5d:00:d5:6f:08:a3:39:53:21:b7:08:d2:53:ea:30:e1:
         01:3f:3d:c8:ae:2c:3f:f5:b9:6a:b1:48:f3:4e:79:c9:9c:9c:
         5f:6f:c5:14:45:70:93:5a:4b:93:c3:02:14:07:ce:46:00:99:
         2d:58:fb:0d:8b:10:b3:42:96:5a:12:79:b2:91:47:1f:1e:e7:
         49:1b:64:78:42:75:65:71:1d:be:a1:7f:34:ff:35:72:34:5c:
         56:20:51:f9:0b:55:2e:5f:d2:36:df:97:12:70:bd:91:5c:4c:
         74:ec:21:e2:ef:52:d8:b5:9f:06:7e:95:e4:4b:d6:2a:3f:9b:
         4e:e0:cb:d1:23:f0:27:13:e8:a2:5a:0a:f7:02:76:4b:48:be:
         ce:85:f2:1a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPI3kRusq9IJhS0+DyMzkHo/OHOAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MTcwNjQ0NTZaFw0yNzA0MTYwNjQ5NTZaMDMxMTAvBgNV
BAMTKEY1MkEwNDc0NjIwRjY1OTYzQkNCQkY3NzFFRTYyQ0FBQjRERkM2MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyKX5z1ECUZMvPClnmG2AktRdz
yf5T8lbGigVHUesm5ik7JAFzga7T2EIDqZrMhjrOEVlSavLckZJUKdQdSqg2xm16
LssjzPMHpMDYnaDvGYFYfcQQ2jWMM1ANSxZYcyLMOtBWsTXXIUK2RgcgQmiMTcht
fcHkrKUYb0NuAn9/ADZLEQt5tfAIp80ocvyIskZkPDTplAzl5k6zKxc+VmC8ygke
8//epCdyX+uAkp3cq4ovPYREPmlKxFKJE/y/aAgwFr7H3VTXEHVJBISsjUHsHqDh
3WW2xjCDBfx7yFCxCzJht3RjyqYSS8hgmr2GKfeC5oOHsIYIeiAyzzhAVuVZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU9SoEdGIPZZY7y793HuYsqrTfxg4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFEEw
DQYJKoZIhvcNAQELBQADggEBADYL9RbeOxdd/6qQSfQt+Qu/96kmN4Zo5aKR/a41
rseEN1wRhAkeZmRYrqFndYinj+WGUp3BPfPamuDPiVqgxMlU8PJuS2Bjbi83SDCQ
S9Ez7Kl/4e0AFEO85Tgf9VT9mRJWOn6Vg7q4/3IYSk7TXQDVbwijOVMhtwjSU+ow
4QE/PciuLD/1uWqxSPNOecmcnF9vxRRFcJNaS5PDAhQHzkYAmS1Y+w2LELNClloS
ebKRRx8e50kbZHhCdWVxHb6hfzT/NXI0XFYgUfkLVS5f0jbflxJwvZFcTHTsIeLv
Uti1nwZ+leRL1io/m07gy9Ej8CcT6KJaCvcCdktIvs6F8ho=
-----END CERTIFICATE-----