Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS64267.roa
File:                     AS64267.roa (raw, json)
Hash identifier:          GeRx32t30m4Y3hQoCfS8+j5Nb+AeoLarQo2Ofio0Sq0=
Subject key identifier:   3A:C1:25:44:39:F4:A7:96:78:48:DB:6F:95:E1:12:99:83:59:97:0E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7E278CD4427C38322D36703AC25BA1459DD7B1F6
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS64267.roa
Signing time:             Wed 11 Feb 2026 11:14:02 +0000
ROA not before:           Wed 11 Feb 2026 11:09:02 +0000
ROA not after:            Wed 10 Feb 2027 11:14:02 +0000
asID:                     64267
IP address blocks:        143.20.148.0/24 maxlen: 24
                          143.20.153.0/24 maxlen: 24
                          143.20.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:36:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:27:8c:d4:42:7c:38:32:2d:36:70:3a:c2:5b:a1:45:9d:d7:b1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Feb 11 11:09:02 2026 GMT
            Not After : Feb 10 11:14:02 2027 GMT
        Subject: CN=3AC1254439F4A7967848DB6F95E112998359970E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4a:7a:41:6f:6c:82:3c:6c:12:62:dc:3d:cd:
                    ce:57:e7:c2:7a:25:4b:2d:cc:e3:7f:f4:82:43:de:
                    14:13:e2:34:85:6b:b2:b9:7e:4f:38:e6:c5:e2:2e:
                    11:d4:61:f9:ee:93:a0:c0:c4:a3:85:9c:3a:5b:dc:
                    ba:dd:d4:19:7b:28:7b:b3:28:c9:ff:b7:d3:a5:7f:
                    10:08:18:61:67:ff:b6:12:ee:79:3b:3f:ad:d4:78:
                    77:6a:f7:d5:f0:a5:68:ea:da:99:ab:02:a4:a6:31:
                    5c:51:26:05:29:2a:65:55:74:4a:1e:d4:27:db:fc:
                    80:01:6c:bb:90:91:55:43:52:91:eb:2b:2a:b9:d8:
                    81:f7:a2:64:9a:92:bb:e9:7f:18:87:56:0c:02:d4:
                    c3:a3:52:4e:de:2e:39:16:49:d0:fc:8d:9a:da:c7:
                    97:a3:5b:8c:de:34:34:86:70:a6:b5:94:c7:b5:6e:
                    40:34:8c:18:6d:01:20:10:69:1d:ba:49:88:8d:4c:
                    a6:d1:11:a6:ad:12:61:47:e9:c1:f5:8a:14:13:4e:
                    80:2f:1e:1f:93:48:dc:c6:90:18:e6:cd:82:c3:e0:
                    e3:bd:7d:6f:73:b8:ea:47:cc:ec:8c:bf:1d:cc:40:
                    62:62:e6:51:bb:4a:ef:2e:f5:2a:9a:ec:d6:70:6b:
                    ff:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:C1:25:44:39:F4:A7:96:78:48:DB:6F:95:E1:12:99:83:59:97:0E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS64267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.148.0/24
                  143.20.153.0/24
                  143.20.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:69:f9:3e:0e:13:fe:26:fd:1e:37:77:94:fd:17:6e:f7:f1:
         eb:22:0b:ad:f1:e4:be:8f:3c:7b:e0:87:76:ee:1d:ef:14:50:
         74:46:fd:ec:b6:7b:d7:b0:df:86:b3:e9:a3:bf:0b:f5:a1:16:
         8b:44:db:3c:59:67:bf:b5:f3:e8:6a:81:f3:88:ac:54:c1:fa:
         42:f4:3e:d3:be:00:26:7c:11:a3:0a:f6:3e:af:d2:b0:82:41:
         10:fb:c4:7b:ed:09:22:7b:ec:a5:28:51:8d:01:0f:0e:95:19:
         d5:f7:bf:4a:f2:ad:22:c3:e4:5b:06:18:00:72:c5:69:0e:78:
         77:b6:d3:fb:38:26:48:a6:f1:aa:f9:86:a4:47:cf:00:e8:3c:
         ad:52:87:2c:e8:c8:2a:92:2a:ae:bd:5c:13:c2:2b:be:9f:1d:
         62:29:22:24:1e:96:d7:1b:4b:2a:a9:45:0a:40:b8:aa:be:a1:
         36:60:ab:2d:01:39:8c:d6:f7:31:a9:3b:62:c1:47:18:09:9a:
         54:81:15:7b:08:bf:fe:96:7e:c9:0c:99:b2:2e:0d:b1:af:f2:
         8b:3a:15:a7:78:70:0a:dc:90:d2:7d:cd:0a:3b:08:fc:af:88:
         c1:dd:af:11:0c:06:86:fd:ca:c6:8a:a0:63:91:24:f1:3c:a1:
         4d:04:85:a8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUfieM1EJ8ODItNnA6wluhRZ3XsfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAyMTExMTA5MDJaFw0yNzAyMTAxMTE0MDJaMDMxMTAvBgNV
BAMTKDNBQzEyNTQ0MzlGNEE3OTY3ODQ4REI2Rjk1RTExMjk5ODM1OTk3MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcSnpBb2yCPGwSYtw9zc5X58J6
JUstzON/9IJD3hQT4jSFa7K5fk845sXiLhHUYfnuk6DAxKOFnDpb3Lrd1Bl7KHuz
KMn/t9OlfxAIGGFn/7YS7nk7P63UeHdq99XwpWjq2pmrAqSmMVxRJgUpKmVVdEoe
1Cfb/IABbLuQkVVDUpHrKyq52IH3omSakrvpfxiHVgwC1MOjUk7eLjkWSdD8jZra
x5ejW4zeNDSGcKa1lMe1bkA0jBhtASAQaR26SYiNTKbREaatEmFH6cH1ihQTToAv
Hh+TSNzGkBjmzYLD4OO9fW9zuOpHzOyMvx3MQGJi5lG7Su8u9Sqa7NZwa/+rAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUOsElRDn0p5Z4SNtvleESmYNZlw4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjQyNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFJQD
BACPFJkDBACPFNcwDQYJKoZIhvcNAQELBQADggEBAGlp+T4OE/4m/R43d5T9F273
8esiC63x5L6PPHvgh3buHe8UUHRG/ey2e9ew34az6aO/C/WhFotE2zxZZ7+18+hq
gfOIrFTB+kL0PtO+ACZ8EaMK9j6v0rCCQRD7xHvtCSJ77KUoUY0BDw6VGdX3v0ry
rSLD5FsGGAByxWkOeHe20/s4Jkim8ar5hqRHzwDoPK1ShyzoyCqSKq69XBPCK76f
HWIpIiQeltcbSyqpRQpAuKq+oTZgqy0BOYzW9zGpO2LBRxgJmlSBFXsIv/6WfskM
mbIuDbGv8os6Fad4cArckNJ9zQo7CPyviMHdrxEMBob9ysaKoGORJPE8oU0Ehag=
-----END CERTIFICATE-----