Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS64267.roa
File:                     AS64267.roa (raw, json)
Hash identifier:          xmdbceVoZYu5cb5B8d3+PQGQ/JgQqbdiBkfWjqtdoN8=
Subject key identifier:   0E:26:3C:7B:16:AA:49:51:2A:AF:D4:D3:2D:32:F1:E1:4C:84:DA:0D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7C310A03207E2001E19FD1FB762CC7E567912850
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS64267.roa
Signing time:             Sun 15 Feb 2026 00:07:05 +0000
ROA not before:           Sun 15 Feb 2026 00:02:05 +0000
ROA not after:            Sun 14 Feb 2027 00:07:05 +0000
asID:                     64267
IP address blocks:        143.14.188.0/24 maxlen: 24
                          150.241.136.0/24 maxlen: 24
                          155.117.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:31:0a:03:20:7e:20:01:e1:9f:d1:fb:76:2c:c7:e5:67:91:28:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 15 00:02:05 2026 GMT
            Not After : Feb 14 00:07:05 2027 GMT
        Subject: CN=0E263C7B16AA49512AAFD4D32D32F1E14C84DA0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:13:eb:eb:77:9c:b6:72:dd:1d:20:b4:32:b3:
                    97:20:0a:06:15:f3:bc:73:98:22:15:cf:07:04:ad:
                    c5:20:d6:a7:7f:b8:78:01:8d:ab:65:c2:6c:e9:67:
                    6a:10:fe:6c:77:1b:5c:57:93:bf:40:3d:9a:e9:c5:
                    fe:8a:d8:22:bf:6b:93:87:10:9a:d5:9e:05:ab:09:
                    1f:f8:b3:d9:21:3e:7f:5c:c9:a4:05:b8:a8:16:2b:
                    42:dc:e2:53:d8:d5:5c:42:de:23:38:2b:e4:77:63:
                    36:6f:77:31:36:44:21:d4:6f:2e:11:2f:c6:37:32:
                    6d:13:e7:06:b3:c2:11:22:3b:89:b8:15:3e:cc:17:
                    0a:93:cd:1b:85:6e:17:62:a7:32:e6:ab:6d:1e:d0:
                    2a:28:b8:42:37:eb:71:7d:ec:5a:9b:04:60:61:36:
                    d7:a3:05:9f:69:9d:54:2a:13:2d:1a:9f:28:22:cd:
                    64:a9:9c:1d:bb:1b:65:91:2a:74:e6:59:f6:cf:83:
                    6d:d9:f5:c1:bc:7f:15:a0:19:dd:4d:40:c2:ae:89:
                    54:bb:b3:85:60:96:a2:d5:49:c9:13:4e:bf:f8:2f:
                    2a:fb:66:08:76:a1:7b:bb:bf:ae:18:ed:5c:5c:13:
                    d9:d7:0e:bd:8e:c8:d8:3d:a9:99:05:39:b2:18:04:
                    6a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:26:3C:7B:16:AA:49:51:2A:AF:D4:D3:2D:32:F1:E1:4C:84:DA:0D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS64267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.188.0/24
                  150.241.136.0/24
                  155.117.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:36:01:12:d4:ce:73:6e:4d:f7:bb:ce:dc:c8:76:db:52:80:
         50:7d:83:98:20:04:52:4f:6e:d3:6e:b2:67:d6:af:d8:d9:b6:
         c0:6f:88:71:5b:cc:82:79:40:f0:60:82:06:58:c4:ab:6a:15:
         cf:34:0a:bd:f6:42:7a:e8:e2:d0:6b:09:83:7e:4b:55:8b:5b:
         a5:dd:21:29:95:f3:b9:d3:e7:d5:4f:e0:27:9c:6a:e0:f2:a4:
         49:a1:94:25:23:10:1c:e9:85:c1:39:e5:56:c4:54:37:ae:c2:
         27:e9:a3:72:f3:9b:bc:b8:11:cb:8d:a2:7c:60:6a:10:85:57:
         de:f6:13:28:e9:bb:51:c1:f0:a7:8a:a4:37:f0:e2:8c:0c:d6:
         36:29:83:82:e1:59:da:ae:c9:8b:8b:e2:01:fc:8b:ae:ac:e1:
         97:c8:3f:b4:9f:70:8e:98:f3:4d:b9:56:78:dc:c1:8b:7d:46:
         27:e3:88:70:ad:ad:41:3f:15:fb:56:92:94:ff:48:36:c1:a4:
         21:6c:70:bc:6e:4b:26:87:1d:f2:c5:24:09:fc:84:c9:c6:4f:
         83:f1:4b:57:47:e2:1c:99:6d:ba:84:38:bc:27:bd:5e:40:4f:
         11:22:c1:80:09:9c:20:c3:e5:00:7f:c2:5f:4c:e8:c1:9c:ad:
         83:a6:98:07
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUfDEKAyB+IAHhn9H7dizH5WeRKFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTUwMDAyMDVaFw0yNzAyMTQwMDA3MDVaMDMxMTAvBgNV
BAMTKDBFMjYzQzdCMTZBQTQ5NTEyQUFGRDREMzJEMzJGMUUxNEM4NERBMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTE+vrd5y2ct0dILQys5cgCgYV
87xzmCIVzwcErcUg1qd/uHgBjatlwmzpZ2oQ/mx3G1xXk79APZrpxf6K2CK/a5OH
EJrVngWrCR/4s9khPn9cyaQFuKgWK0Lc4lPY1VxC3iM4K+R3YzZvdzE2RCHUby4R
L8Y3Mm0T5wazwhEiO4m4FT7MFwqTzRuFbhdipzLmq20e0CoouEI363F97FqbBGBh
NtejBZ9pnVQqEy0anygizWSpnB27G2WRKnTmWfbPg23Z9cG8fxWgGd1NQMKuiVS7
s4VglqLVSckTTr/4Lyr7Zgh2oXu7v64Y7VxcE9nXDr2OyNg9qZkFObIYBGrBAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUDiY8exaqSVEqr9TTLTLx4UyE2g0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjQyNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPDrwD
BACW8YgDBACbdVEwDQYJKoZIhvcNAQELBQADggEBAKQ2ARLUznNuTfe7ztzIdttS
gFB9g5ggBFJPbtNusmfWr9jZtsBviHFbzIJ5QPBgggZYxKtqFc80Cr32Qnro4tBr
CYN+S1WLW6XdISmV87nT59VP4CecauDypEmhlCUjEBzphcE55VbEVDeuwifpo3Lz
m7y4EcuNonxgahCFV972Eyjpu1HB8KeKpDfw4owM1jYpg4LhWdquyYuL4gH8i66s
4ZfIP7SfcI6Y8025VnjcwYt9RifjiHCtrUE/FftWkpT/SDbBpCFscLxuSyaHHfLF
JAn8hMnGT4PxS1dH4hyZbbqEOLwnvV5ATxEiwYAJnCDD5QB/wl9M6MGcrYOmmAc=
-----END CERTIFICATE-----