Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS64267.roa
File:                     AS64267.roa (raw, json)
Hash identifier:          MH9DCC09qtQignde/ZhL3sSN7jngQho/GeYic7dB/u8=
Subject key identifier:   EF:BC:9D:A1:2D:A7:D8:6D:BB:EB:B8:8B:7D:FB:53:31:46:31:16:A1
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       430A3805BAE2A080E73B4866FDC8F80DF8BD3723
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS64267.roa
Signing time:             Sun 26 Oct 2025 00:09:55 +0000
ROA not before:           Sun 26 Oct 2025 00:04:55 +0000
ROA not after:            Sun 25 Oct 2026 00:09:55 +0000
asID:                     64267
IP address blocks:        143.20.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:0a:38:05:ba:e2:a0:80:e7:3b:48:66:fd:c8:f8:0d:f8:bd:37:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 26 00:04:55 2025 GMT
            Not After : Oct 25 00:09:55 2026 GMT
        Subject: CN=EFBC9DA12DA7D86DBBEBB88B7DFB5331463116A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:74:2c:ed:e4:1c:65:b5:25:f4:09:73:1e:d5:
                    1a:d8:3e:e8:64:d7:df:2e:9a:f0:a9:f9:2c:9e:01:
                    ee:2a:a1:17:2b:10:be:de:cc:75:fb:ff:57:42:17:
                    f2:52:8d:d9:a0:cc:d5:d5:23:2f:ff:41:d5:f2:14:
                    3a:02:aa:e4:f0:df:d4:b7:4d:de:88:07:da:dc:f1:
                    1a:38:06:3a:5c:f9:e0:66:70:97:48:9e:2c:ab:d1:
                    ae:62:d6:ca:37:7f:9a:c5:4b:04:8a:03:5a:c0:c5:
                    f3:9d:36:6e:ba:f9:aa:4c:97:58:74:5b:40:8a:61:
                    06:ab:8b:c1:fe:7e:ec:32:26:b1:aa:a7:fa:c3:b7:
                    8a:02:b6:68:a2:5d:94:65:a1:a9:fc:01:bd:22:16:
                    e8:d7:99:1d:54:1a:4e:32:87:a2:85:1d:0c:4a:e4:
                    dc:33:a4:a7:0f:b8:50:1a:f1:3c:db:c1:a3:c6:9d:
                    41:f9:71:28:d8:e6:9f:df:32:c4:8a:3f:09:cf:a0:
                    1d:be:1f:30:50:de:6e:19:66:81:c8:d1:cb:4a:e3:
                    c2:90:e0:79:31:58:e8:e7:00:8f:34:af:c5:b1:ba:
                    56:b0:a8:64:b4:e4:4f:51:e8:56:a6:ff:3a:16:fb:
                    d3:00:d6:6e:dd:ea:94:44:a8:96:d8:f6:da:33:bd:
                    7b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:BC:9D:A1:2D:A7:D8:6D:BB:EB:B8:8B:7D:FB:53:31:46:31:16:A1
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS64267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:29:92:5c:af:24:8b:78:3f:f2:bf:2f:d7:32:aa:ec:4a:16:
         7b:72:5e:8b:a9:a1:48:97:f3:28:d9:b2:1d:d9:14:9a:7d:25:
         d7:1d:ec:1d:78:e4:20:84:54:7e:23:bb:28:3b:28:25:bd:59:
         c9:37:4e:68:3f:52:da:99:c1:b3:0a:17:8c:c7:90:21:0b:43:
         bd:9b:98:2a:71:61:a5:6c:bc:ce:20:32:ec:e5:85:c6:0d:63:
         c6:b2:cf:1c:eb:56:54:ee:3a:24:11:d8:62:50:f2:74:74:57:
         4f:57:4a:06:35:90:80:b3:c0:7b:31:bb:12:20:d6:a4:33:88:
         5d:ee:4e:6a:b5:10:cf:d3:d8:c9:ef:16:2a:32:64:3e:19:a9:
         fe:59:1c:9b:07:50:5a:34:72:2e:55:e6:29:da:76:b0:89:31:
         83:d4:fa:44:cc:0b:6b:86:82:76:06:45:ab:e3:d6:5d:60:a1:
         5b:85:98:75:be:3d:af:84:9d:96:97:ab:70:46:3d:99:c6:7c:
         cb:c9:8e:54:5f:13:41:fe:0a:65:ec:d7:24:53:62:df:7e:07:
         a6:7d:c5:5b:d8:b8:fb:83:d9:a8:14:e3:26:da:70:5a:54:6e:
         45:1e:33:aa:b2:6e:d7:64:49:5f:5c:23:53:33:7b:51:f5:c0:
         0c:49:ff:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQwo4BbrioIDnO0hm/cj4Dfi9NyMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYwMDA0NTVaFw0yNjEwMjUwMDA5NTVaMDMxMTAvBgNV
BAMTKEVGQkM5REExMkRBN0Q4NkRCQkVCQjg4QjdERkI1MzMxNDYzMTE2QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRdCzt5BxltSX0CXMe1RrYPuhk
198umvCp+SyeAe4qoRcrEL7ezHX7/1dCF/JSjdmgzNXVIy//QdXyFDoCquTw39S3
Td6IB9rc8Ro4Bjpc+eBmcJdIniyr0a5i1so3f5rFSwSKA1rAxfOdNm66+apMl1h0
W0CKYQari8H+fuwyJrGqp/rDt4oCtmiiXZRloan8Ab0iFujXmR1UGk4yh6KFHQxK
5NwzpKcPuFAa8TzbwaPGnUH5cSjY5p/fMsSKPwnPoB2+HzBQ3m4ZZoHI0ctK48KQ
4HkxWOjnAI80r8WxulawqGS05E9R6Fam/zoW+9MA1m7d6pREqJbY9tozvXvXAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU77ydoS2n2G2767iLfftTMUYxFqEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjQyNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFJkw
DQYJKoZIhvcNAQELBQADggEBAL8pklyvJIt4P/K/L9cyquxKFntyXoupoUiX8yjZ
sh3ZFJp9Jdcd7B145CCEVH4juyg7KCW9Wck3Tmg/UtqZwbMKF4zHkCELQ72bmCpx
YaVsvM4gMuzlhcYNY8ayzxzrVlTuOiQR2GJQ8nR0V09XSgY1kICzwHsxuxIg1qQz
iF3uTmq1EM/T2MnvFioyZD4Zqf5ZHJsHUFo0ci5V5inadrCJMYPU+kTMC2uGgnYG
Ravj1l1goVuFmHW+Pa+EnZaXq3BGPZnGfMvJjlRfE0H+CmXs1yRTYt9+B6Z9xVvY
uPuD2agU4ybacFpUbkUeM6qybtdkSV9cI1Mze1H1wAxJ/wY=
-----END CERTIFICATE-----