Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          4g06BbGgsv9k9jEY0uwIkeWikaURqC6g2Ic4h9WL8t4=
Subject key identifier:   F9:57:FD:3F:B1:81:C9:A3:D4:DC:BB:D7:04:5C:AB:50:C0:8E:B9:31
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       73368BAF1DEE43413FC3C9CF8FBD8D3A97B57356
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS63199.roa
Signing time:             Wed 04 Mar 2026 08:30:27 +0000
ROA not before:           Wed 04 Mar 2026 08:25:27 +0000
ROA not after:            Wed 03 Mar 2027 08:30:27 +0000
asID:                     63199
IP address blocks:        147.125.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 10:24:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:36:8b:af:1d:ee:43:41:3f:c3:c9:cf:8f:bd:8d:3a:97:b5:73:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 08:25:27 2026 GMT
            Not After : Mar  3 08:30:27 2027 GMT
        Subject: CN=F957FD3FB181C9A3D4DCBBD7045CAB50C08EB931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e7:14:8b:4f:e2:17:27:ac:7e:a8:7d:4f:25:
                    fd:dc:e0:ce:58:b1:4c:f9:b0:61:0c:94:c3:85:46:
                    64:ae:de:0a:f2:62:58:d5:8a:a0:a0:53:13:79:de:
                    20:a9:62:0c:5b:17:c4:90:d2:f1:c0:d6:68:bd:3a:
                    98:e2:48:77:84:7d:ff:d8:e6:f4:7e:fe:d0:cc:15:
                    c4:0c:8c:bc:60:8d:be:7f:a6:0d:95:44:f4:ac:1e:
                    af:3a:71:9f:38:2c:48:a0:cb:ba:48:bb:3c:fa:cb:
                    44:5b:32:54:dd:c3:ba:76:35:9b:98:ee:21:63:3b:
                    af:36:4a:18:74:22:8e:0a:18:65:ab:d3:27:1e:f1:
                    5e:64:ed:f3:94:8d:d6:37:c3:ce:18:06:f4:6f:8e:
                    58:13:3b:62:88:7c:bf:05:cb:45:75:7e:29:54:37:
                    78:db:87:ec:40:13:18:a3:ff:c6:69:c6:85:3f:9a:
                    c6:70:48:d8:f0:e0:23:2c:c4:78:54:e9:a0:09:8e:
                    e9:35:ca:de:e1:85:f2:3a:52:79:93:96:92:4a:6a:
                    c1:0c:81:51:64:d3:2c:65:f4:45:02:53:98:63:86:
                    4a:93:dd:e8:dc:e8:68:01:bd:7c:cb:32:5b:e0:2c:
                    db:9f:fa:09:be:f0:68:f4:b0:f7:d3:4d:56:3a:b4:
                    d3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:57:FD:3F:B1:81:C9:A3:D4:DC:BB:D7:04:5C:AB:50:C0:8E:B9:31
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:97:73:9e:20:3b:74:ae:11:d2:86:05:97:d1:81:de:8f:52:
         8d:a9:20:1d:14:93:39:25:02:e0:6e:d6:66:a0:51:87:c7:2f:
         cc:00:11:2f:7f:09:5a:38:dd:cf:aa:4b:4e:7e:f2:7a:ed:88:
         3b:7b:a7:57:e0:e3:ef:72:19:49:6b:49:05:52:70:13:b2:b9:
         15:7f:16:ba:26:5a:a5:86:40:08:05:63:87:fe:d1:5d:e1:fc:
         1d:0e:5e:ca:0d:4c:3d:0e:c2:bc:00:db:d0:61:df:b1:76:c0:
         e6:14:2e:63:c2:bf:71:a8:66:61:bb:76:14:bf:d0:bc:05:5c:
         ec:a6:c9:a0:7d:2a:f9:85:4a:0f:d9:16:c2:96:e1:e4:fc:d6:
         02:1b:1b:0c:b7:28:01:f2:83:dc:79:3e:1c:ce:ae:fb:43:e3:
         8d:cf:96:0d:ac:2d:04:08:fe:7e:35:bc:04:58:6d:5f:7b:ca:
         f6:18:d0:8e:e9:20:d1:04:04:d1:b1:18:e6:39:af:5d:37:9c:
         90:01:90:76:64:42:9b:06:f3:61:7b:e7:0a:03:36:c8:2e:9c:
         45:a1:75:3e:0f:00:9e:40:67:17:53:28:b6:1e:a0:67:52:02:
         bc:c7:d4:17:5b:02:5b:6d:e6:f4:56:2d:ff:82:5d:78:b4:5d:
         87:d1:fe:7f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUczaLrx3uQ0E/w8nPj72NOpe1c1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQwODI1MjdaFw0yNzAzMDMwODMwMjdaMDMxMTAvBgNV
BAMTKEY5NTdGRDNGQjE4MUM5QTNENERDQkJENzA0NUNBQjUwQzA4RUI5MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc5xSLT+IXJ6x+qH1PJf3c4M5Y
sUz5sGEMlMOFRmSu3gryYljViqCgUxN53iCpYgxbF8SQ0vHA1mi9OpjiSHeEff/Y
5vR+/tDMFcQMjLxgjb5/pg2VRPSsHq86cZ84LEigy7pIuzz6y0RbMlTdw7p2NZuY
7iFjO682Shh0Io4KGGWr0yce8V5k7fOUjdY3w84YBvRvjlgTO2KIfL8Fy0V1filU
N3jbh+xAExij/8ZpxoU/msZwSNjw4CMsxHhU6aAJjuk1yt7hhfI6UnmTlpJKasEM
gVFk0yxl9EUCU5hjhkqT3ejc6GgBvXzLMlvgLNuf+gm+8Gj0sPfTTVY6tNNJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+Vf9P7GByaPU3LvXBFyrUMCOuTEwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTfYMw
DQYJKoZIhvcNAQELBQADggEBAIKXc54gO3SuEdKGBZfRgd6PUo2pIB0UkzklAuBu
1magUYfHL8wAES9/CVo43c+qS05+8nrtiDt7p1fg4+9yGUlrSQVScBOyuRV/From
WqWGQAgFY4f+0V3h/B0OXsoNTD0OwrwA29Bh37F2wOYULmPCv3GoZmG7dhS/0LwF
XOymyaB9KvmFSg/ZFsKW4eT81gIbGwy3KAHyg9x5PhzOrvtD443Plg2sLQQI/n41
vARYbV97yvYY0I7pINEEBNGxGOY5r103nJABkHZkQpsG82F75woDNsgunEWhdT4P
AJ5AZxdTKLYeoGdSArzH1BdbAltt5vRWLf+CXXi0XYfR/n8=
-----END CERTIFICATE-----