Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS64267.roa
File:                     AS64267.roa (raw, json)
Hash identifier:          1pqFAT5d4rVTyBk+Eo4ubs4aTyLu7aztNK1XGPKoGu0=
Subject key identifier:   48:61:6A:B4:D3:EA:88:E0:E6:DD:34:D0:02:73:CF:4E:D1:9E:59:A9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       09E5EEAB4C6D6340F051AEE3E7E3B095B28AE9C6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS64267.roa
Signing time:             Mon 15 Jun 2026 00:02:53 +0000
ROA not before:           Sun 14 Jun 2026 23:57:53 +0000
ROA not after:            Mon 14 Jun 2027 00:02:53 +0000
asID:                     64267
IP address blocks:        191.96.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jul 2026 07:32:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:e5:ee:ab:4c:6d:63:40:f0:51:ae:e3:e7:e3:b0:95:b2:8a:e9:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 14 23:57:53 2026 GMT
            Not After : Jun 14 00:02:53 2027 GMT
        Subject: CN=48616AB4D3EA88E0E6DD34D00273CF4ED19E59A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1b:bc:e1:3a:0e:00:81:aa:eb:b5:85:cd:56:
                    91:35:ec:d6:5f:be:ad:0a:20:e9:4c:42:12:fa:7f:
                    ec:c8:36:28:e9:77:d3:18:14:7a:68:b8:c0:91:17:
                    3d:64:d7:86:09:c7:7c:28:15:94:e8:78:e4:1a:75:
                    54:39:b6:a0:a6:31:07:11:0a:4d:20:00:ab:33:25:
                    b3:61:89:b4:9b:5d:a5:92:91:52:0d:af:5b:22:4d:
                    d3:43:d1:14:a9:b7:56:df:78:0d:19:94:20:d2:45:
                    38:cc:48:12:f7:2b:e0:91:5d:df:fe:20:a1:03:49:
                    29:ff:df:d1:5e:68:26:a6:a4:94:d1:b0:2a:41:84:
                    1e:a6:f8:ca:92:c4:17:a4:18:60:17:b9:6a:e5:f0:
                    c4:91:f2:19:e2:bd:0b:79:15:e2:35:82:25:d5:4d:
                    82:07:f9:22:61:4a:a9:f0:f5:0b:eb:de:e3:d4:ac:
                    c3:bd:e9:d2:79:fe:78:8a:81:65:c5:f3:3d:19:a1:
                    9c:f4:4d:bb:c1:69:d0:db:3d:9d:66:04:b7:d3:36:
                    f0:2f:51:af:52:14:d4:2a:14:8f:5b:8b:30:11:f6:
                    c3:71:57:71:73:50:3a:7d:71:47:a9:98:3c:65:83:
                    32:99:a5:0d:69:1f:7c:a7:6b:07:08:ad:d4:b9:9e:
                    33:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:61:6A:B4:D3:EA:88:E0:E6:DD:34:D0:02:73:CF:4E:D1:9E:59:A9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS64267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:a4:ec:de:4c:f2:e2:fe:e5:ba:98:85:2c:d5:5e:4e:7c:ba:
         02:08:33:1b:eb:82:e4:d4:9b:e5:3d:d0:89:57:06:dd:73:41:
         a7:89:fb:be:22:d0:5a:17:8c:f6:2c:ad:b5:9d:bf:50:b9:92:
         17:a5:56:70:f7:80:f6:fc:39:10:16:59:dc:e4:93:5f:a8:33:
         82:41:09:7b:b4:8d:f9:6a:63:e7:ad:93:7d:78:e8:46:96:89:
         b2:b5:28:b4:77:4f:53:4a:be:9b:8d:1a:96:56:f4:25:d5:36:
         4b:ac:79:59:d0:fa:2d:c3:d8:c5:7d:3b:e8:4b:8a:a6:50:0b:
         f5:e8:97:5b:08:ed:84:34:ea:b7:0e:2e:1c:ef:bd:d1:55:63:
         24:3f:83:18:81:3e:ee:b3:ac:ec:bc:d9:30:78:26:98:9b:cb:
         19:20:ba:e2:58:32:8d:10:85:fc:4d:b7:78:ab:7c:e3:a5:72:
         29:a4:ae:26:e7:b4:0a:9f:3b:1c:18:e4:2f:f0:fe:7e:b9:93:
         45:4e:79:05:2a:39:be:f4:93:7c:88:d5:59:fc:4c:be:dc:ca:
         68:8c:f7:26:df:55:2d:7f:d7:b4:01:2b:10:15:df:9a:36:0d:
         eb:43:1b:d2:fb:36:fd:9e:10:40:01:be:2b:48:fa:b7:17:5e:
         7b:6d:43:37
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCeXuq0xtY0DwUa7j5+OwlbKK6cYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTQyMzU3NTNaFw0yNzA2MTQwMDAyNTNaMDMxMTAvBgNV
BAMTKDQ4NjE2QUI0RDNFQTg4RTBFNkREMzREMDAyNzNDRjRFRDE5RTU5QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuG7zhOg4AgarrtYXNVpE17NZf
vq0KIOlMQhL6f+zINijpd9MYFHpouMCRFz1k14YJx3woFZToeOQadVQ5tqCmMQcR
Ck0gAKszJbNhibSbXaWSkVINr1siTdND0RSpt1bfeA0ZlCDSRTjMSBL3K+CRXd/+
IKEDSSn/39FeaCampJTRsCpBhB6m+MqSxBekGGAXuWrl8MSR8hnivQt5FeI1giXV
TYIH+SJhSqnw9Qvr3uPUrMO96dJ5/niKgWXF8z0ZoZz0TbvBadDbPZ1mBLfTNvAv
Ua9SFNQqFI9bizAR9sNxV3FzUDp9cUepmDxlgzKZpQ1pH3ynawcIrdS5njPpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUSGFqtNPqiODm3TTQAnPPTtGeWakwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjQyNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YPkw
DQYJKoZIhvcNAQELBQADggEBAECk7N5M8uL+5bqYhSzVXk58ugIIMxvrguTUm+U9
0IlXBt1zQaeJ+74i0FoXjPYsrbWdv1C5khelVnD3gPb8ORAWWdzkk1+oM4JBCXu0
jflqY+etk3146EaWibK1KLR3T1NKvpuNGpZW9CXVNkuseVnQ+i3D2MV9O+hLiqZQ
C/Xol1sI7YQ06rcOLhzvvdFVYyQ/gxiBPu6zrOy82TB4JpibyxkguuJYMo0QhfxN
t3irfOOlcimkribntAqfOxwY5C/w/n65k0VOeQUqOb70k3yI1Vn8TL7cymiM9ybf
VS1/17QBKxAV35o2DetDG9L7Nv2eEEABvitI+rcXXnttQzc=
-----END CERTIFICATE-----
Generated at Sun Jul 19 16:38:41 2026 by rpki-client