Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          PnihP0FCU53I7Hb6fU8VousFLl3AvWtKcH730yCgm3g=
Subject key identifier:   F9:A7:3D:9B:45:AB:76:E7:BB:0C:6D:62:BE:A9:B8:F3:9E:42:41:E3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       44D2D27D3B9553BD2E61F5323387EA75F9AA8103
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS63199.roa
Signing time:             Thu 28 May 2026 06:34:25 +0000
ROA not before:           Thu 28 May 2026 06:29:25 +0000
ROA not after:            Thu 27 May 2027 06:34:25 +0000
asID:                     63199
IP address blocks:        95.134.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 12:50:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:d2:d2:7d:3b:95:53:bd:2e:61:f5:32:33:87:ea:75:f9:aa:81:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 28 06:29:25 2026 GMT
            Not After : May 27 06:34:25 2027 GMT
        Subject: CN=F9A73D9B45AB76E7BB0C6D62BEA9B8F39E4241E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:be:8b:e0:7d:23:29:e1:14:cc:97:b1:c3:1b:
                    0c:b4:e6:4c:06:a5:7b:5e:54:b8:36:60:5d:29:04:
                    dd:a7:75:87:2f:9b:e4:47:dc:31:a2:c8:cc:f2:e6:
                    5d:af:d5:fb:ff:9b:e0:90:19:cd:41:49:45:52:3f:
                    91:6a:61:7a:b0:fa:83:c3:2e:c9:c3:4e:0e:a5:e0:
                    4c:fb:fb:67:cf:fa:ae:38:84:8d:30:86:13:8c:cf:
                    3f:a4:37:96:59:12:89:9e:22:28:dc:81:22:f1:3b:
                    16:dc:f9:c3:b8:f0:2a:76:dc:85:9c:f3:ea:f3:c0:
                    3e:72:26:68:e2:75:a5:6d:bf:ec:06:ea:10:2d:ec:
                    29:0f:ec:98:31:c9:bb:7e:54:5a:c1:07:08:4e:f4:
                    60:23:d1:e6:57:6c:4c:1d:f5:f9:4d:42:fa:08:eb:
                    91:8e:b2:e6:e9:3d:8a:0e:32:9b:10:93:46:c5:44:
                    ff:96:20:15:c9:c9:b9:4e:71:ac:a7:f1:2d:8b:e3:
                    26:f6:cb:b7:d2:bd:9e:ce:b5:5d:40:6c:a7:02:b2:
                    1b:2a:cb:96:47:29:bf:d7:c7:d9:f7:df:ff:7c:56:
                    fb:7e:9f:9a:63:db:ee:c2:45:9c:13:b9:a4:cd:4e:
                    48:30:a8:ae:54:80:dd:fd:36:08:ab:96:43:15:db:
                    5d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A7:3D:9B:45:AB:76:E7:BB:0C:6D:62:BE:A9:B8:F3:9E:42:41:E3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:7b:fe:a5:cc:3b:24:1b:49:22:0f:fa:c1:35:64:c3:46:1c:
         c4:d2:a8:b1:69:f1:93:99:6d:13:6b:a3:69:0e:db:b2:71:c5:
         d6:0e:ac:75:72:79:40:0e:01:6d:50:8d:5a:ed:5f:8b:f8:69:
         64:e0:f6:b7:29:98:04:cc:d7:ed:65:90:bb:ff:04:16:4e:3a:
         13:d1:c3:96:5d:ad:0e:83:02:d6:4e:c1:b7:1a:39:56:8e:23:
         02:13:0e:97:86:83:b8:ed:23:23:71:60:5d:7e:ab:59:29:c6:
         92:3a:37:47:61:d4:7f:c5:58:46:e2:a7:70:44:2c:2f:f3:49:
         d1:a3:c5:06:a7:42:89:96:73:fd:a3:62:66:02:a9:38:f5:1c:
         35:0b:75:95:44:85:c1:32:66:11:b9:8c:2f:93:0e:24:cc:19:
         23:0b:23:93:85:f6:a7:b5:50:00:a9:cb:57:10:86:4d:a0:eb:
         50:71:23:10:4c:f8:51:21:99:f0:ca:89:0c:c2:ec:ee:66:6a:
         39:07:f3:76:73:97:4c:7c:ca:93:19:95:f7:62:ab:81:10:d0:
         75:05:ca:ff:43:73:b6:e3:5f:77:59:db:f4:35:d6:e1:1d:39:
         f3:7d:f2:a9:54:97:3a:0a:d5:b4:27:4c:3e:24:9f:b1:22:4e:
         05:c5:74:21
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURNLSfTuVU70uYfUyM4fqdfmqgQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MjgwNjI5MjVaFw0yNzA1MjcwNjM0MjVaMDMxMTAvBgNV
BAMTKEY5QTczRDlCNDVBQjc2RTdCQjBDNkQ2MkJFQTlCOEYzOUU0MjQxRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmvovgfSMp4RTMl7HDGwy05kwG
pXteVLg2YF0pBN2ndYcvm+RH3DGiyMzy5l2v1fv/m+CQGc1BSUVSP5FqYXqw+oPD
LsnDTg6l4Ez7+2fP+q44hI0whhOMzz+kN5ZZEomeIijcgSLxOxbc+cO48Cp23IWc
8+rzwD5yJmjidaVtv+wG6hAt7CkP7Jgxybt+VFrBBwhO9GAj0eZXbEwd9flNQvoI
65GOsubpPYoOMpsQk0bFRP+WIBXJyblOcayn8S2L4yb2y7fSvZ7OtV1AbKcCshsq
y5ZHKb/Xx9n33/98Vvt+n5pj2+7CRZwTuaTNTkgwqK5UgN39NgirlkMV210hAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+ac9m0Wrdue7DG1ivqm4855CQeMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABfhhcw
DQYJKoZIhvcNAQELBQADggEBAIt7/qXMOyQbSSIP+sE1ZMNGHMTSqLFp8ZOZbRNr
o2kO27JxxdYOrHVyeUAOAW1QjVrtX4v4aWTg9rcpmATM1+1lkLv/BBZOOhPRw5Zd
rQ6DAtZOwbcaOVaOIwITDpeGg7jtIyNxYF1+q1kpxpI6N0dh1H/FWEbip3BELC/z
SdGjxQanQomWc/2jYmYCqTj1HDULdZVEhcEyZhG5jC+TDiTMGSMLI5OF9qe1UACp
y1cQhk2g61BxIxBM+FEhmfDKiQzC7O5majkH83Zzl0x8ypMZlfdiq4EQ0HUFyv9D
c7bjX3dZ2/Q11uEdOfN98qlUlzoK1bQnTD4kn7EiTgXFdCE=
-----END CERTIFICATE-----