Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS64267.roa
File:                     AS64267.roa (raw, json)
Hash identifier:          zQlvtgudh7aLzDMXN5inXHERs4lyOwS9TYe909FeR6o=
Subject key identifier:   97:DF:F0:3E:66:85:54:A3:46:C3:04:D9:C7:B2:13:C3:A4:06:69:A1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       620BADD7CC221F4515DE008523C7FFF539691AF2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS64267.roa
Signing time:             Fri 27 Sep 2024 16:49:23 +0000
ROA not before:           Fri 27 Sep 2024 16:44:23 +0000
ROA not after:            Fri 26 Sep 2025 16:49:23 +0000
asID:                     64267
IP address blocks:        148.135.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:0b:ad:d7:cc:22:1f:45:15:de:00:85:23:c7:ff:f5:39:69:1a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 27 16:44:23 2024 GMT
            Not After : Sep 26 16:49:23 2025 GMT
        Subject: CN=97DFF03E668554A346C304D9C7B213C3A40669A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:47:15:57:83:2a:ba:91:45:10:55:47:df:5a:
                    62:52:0a:29:c2:e1:e9:af:46:96:81:f2:9b:e7:51:
                    61:ea:48:0b:20:61:78:09:a2:b2:8b:69:7c:a3:43:
                    bb:3a:23:a9:3c:c6:a7:0a:da:6d:50:d8:57:11:06:
                    68:a4:22:80:c0:f6:3f:f0:d5:12:60:19:80:f8:8f:
                    73:56:7a:fe:a0:6b:aa:8a:31:c4:eb:e8:19:e8:d9:
                    cb:65:4c:67:7b:43:34:f6:f4:cc:67:fc:51:d4:8c:
                    f6:ce:ca:0e:64:1d:85:6b:39:c8:6f:b8:ad:e7:f4:
                    30:fc:fd:6c:1e:66:20:23:e8:c5:ff:93:81:be:e4:
                    ad:d6:5b:60:94:2e:81:94:03:aa:5c:d2:9c:6d:d1:
                    54:c2:f9:46:de:ae:fe:22:40:2d:4d:fc:77:75:cb:
                    54:46:0f:c8:29:16:5e:da:42:79:d5:3e:4f:fe:d0:
                    ed:82:5c:47:9f:ab:cd:85:5a:eb:5c:31:99:f7:d4:
                    c3:1a:60:40:28:1b:d8:67:41:db:e5:89:b0:bf:d2:
                    11:63:3a:e6:5e:ec:03:02:38:15:62:44:57:cf:db:
                    9c:b0:37:68:ac:f5:b3:ea:f7:57:c0:6e:21:fd:52:
                    9e:a6:c7:ba:c1:11:47:4c:7c:e6:2a:54:6c:65:20:
                    8d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:DF:F0:3E:66:85:54:A3:46:C3:04:D9:C7:B2:13:C3:A4:06:69:A1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS64267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:54:fa:38:6d:bc:c4:80:58:1a:83:ac:d8:20:3f:a5:90:9a:
         41:8d:b1:38:87:f6:1e:c7:0f:2e:9a:04:93:b6:e7:61:7f:7f:
         db:05:93:4c:e5:d3:4c:82:1b:06:b9:2a:be:bb:36:b0:de:de:
         a4:1e:9b:56:33:55:e4:a3:87:45:10:7b:d7:f1:4b:f9:a3:5f:
         ff:54:45:17:f0:4e:b2:04:94:31:8f:f5:a3:0d:09:a0:33:f0:
         9a:51:83:d8:40:1e:22:01:ca:dd:ad:4e:27:52:e2:e2:cf:99:
         3a:d9:2e:6e:63:20:78:d7:06:e5:91:22:b0:ba:99:77:39:8c:
         49:67:83:53:ff:7e:8c:63:3f:24:b8:7a:b2:9f:34:59:97:69:
         1a:40:01:c6:0d:70:37:92:5b:20:0d:54:89:55:6f:55:5c:d5:
         db:27:bb:cd:df:ba:a9:e5:9e:67:c9:1d:a8:c0:55:bb:80:9a:
         83:c0:bc:54:b4:d8:9f:23:9f:a9:74:e3:b7:4f:db:b2:b0:17:
         54:ec:f4:47:75:cf:b1:15:52:af:29:2b:4f:17:24:9b:dd:a1:
         ae:0c:bd:2d:97:c9:5b:3f:32:04:f5:7b:f0:64:d8:03:98:0e:
         ec:83:3a:53:2d:69:ad:5f:45:10:c5:04:8a:4d:a6:83:48:e4:
         20:a9:a1:55
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYgut18wiH0UV3gCFI8f/9TlpGvIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA5MjcxNjQ0MjNaFw0yNTA5MjYxNjQ5MjNaMDMxMTAvBgNV
BAMTKDk3REZGMDNFNjY4NTU0QTM0NkMzMDREOUM3QjIxM0MzQTQwNjY5QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsRxVXgyq6kUUQVUffWmJSCinC
4emvRpaB8pvnUWHqSAsgYXgJorKLaXyjQ7s6I6k8xqcK2m1Q2FcRBmikIoDA9j/w
1RJgGYD4j3NWev6ga6qKMcTr6Bno2ctlTGd7QzT29Mxn/FHUjPbOyg5kHYVrOchv
uK3n9DD8/WweZiAj6MX/k4G+5K3WW2CULoGUA6pc0pxt0VTC+Uberv4iQC1N/Hd1
y1RGD8gpFl7aQnnVPk/+0O2CXEefq82FWutcMZn31MMaYEAoG9hnQdvlibC/0hFj
OuZe7AMCOBViRFfP25ywN2is9bPq91fAbiH9Up6mx7rBEUdMfOYqVGxlII0DAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUl9/wPmaFVKNGwwTZx7ITw6QGaaEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjQyNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACUh/0w
DQYJKoZIhvcNAQELBQADggEBABVU+jhtvMSAWBqDrNggP6WQmkGNsTiH9h7HDy6a
BJO252F/f9sFk0zl00yCGwa5Kr67NrDe3qQem1YzVeSjh0UQe9fxS/mjX/9URRfw
TrIElDGP9aMNCaAz8JpRg9hAHiIByt2tTidS4uLPmTrZLm5jIHjXBuWRIrC6mXc5
jElng1P/foxjPyS4erKfNFmXaRpAAcYNcDeSWyANVIlVb1Vc1dsnu83fuqnlnmfJ
HajAVbuAmoPAvFS02J8jn6l047dP27KwF1Ts9Ed1z7EVUq8pK08XJJvdoa4MvS2X
yVs/MgT1e/Bk2AOYDuyDOlMtaa1fRRDFBIpNpoNI5CCpoVU=
-----END CERTIFICATE-----