Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS64267.roa
File:                     AS64267.roa (raw, json)
Hash identifier:          QG06y5kAWdpRL4JxPmRQUmJORJNJynMVIJ4t+PciWxo=
Subject key identifier:   FF:11:09:8C:92:68:DD:EF:B5:F5:0A:46:67:B7:68:76:2E:7D:1F:EC
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5428699C68DE48C87C4D35458FA919560BE4F87F
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS64267.roa
Signing time:             Wed 02 Apr 2025 08:44:31 +0000
ROA not before:           Wed 02 Apr 2025 08:39:31 +0000
ROA not after:            Wed 01 Apr 2026 08:44:31 +0000
asID:                     64267
IP address blocks:        92.112.5.0/24 maxlen: 24
                          92.113.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:24:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:28:69:9c:68:de:48:c8:7c:4d:35:45:8f:a9:19:56:0b:e4:f8:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr  2 08:39:31 2025 GMT
            Not After : Apr  1 08:44:31 2026 GMT
        Subject: CN=FF11098C9268DDEFB5F50A4667B768762E7D1FEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:73:9f:c9:ec:d0:03:0b:f8:f5:b1:09:42:f6:
                    d4:01:92:34:b8:5b:b3:52:d2:a2:ac:c7:d2:07:9f:
                    48:86:59:50:88:e0:f4:25:40:a3:e9:18:29:05:ce:
                    9c:01:91:5a:29:7a:1c:9a:ae:22:ce:77:57:8e:a4:
                    10:33:4a:89:32:cc:da:1e:89:31:9b:d5:a6:60:e1:
                    81:94:20:07:5e:d0:c1:e2:d7:b3:72:76:56:5e:b7:
                    6f:e8:47:e6:5e:7d:0b:22:f2:52:38:d3:43:f1:dd:
                    1d:b3:90:b3:cf:41:63:b3:58:7c:15:52:23:f5:bc:
                    ba:04:46:39:6d:85:26:92:98:c8:d1:65:4a:04:98:
                    5c:6a:67:a6:b0:5f:eb:1d:02:06:9a:44:30:e3:eb:
                    e8:a4:b2:56:ee:46:50:65:28:a8:6b:3a:70:3a:63:
                    dd:ce:c8:ee:8d:a5:56:7c:45:a9:c5:40:ff:03:b0:
                    44:b2:02:9f:0b:aa:0a:ad:34:75:c7:cf:36:3e:72:
                    d4:24:4c:78:27:b7:7f:f1:19:1b:fe:94:c2:7f:9a:
                    57:56:45:5f:fc:8c:1e:b3:8e:07:28:91:48:bc:7d:
                    df:1b:58:fc:61:77:30:44:26:21:8e:57:a9:ce:42:
                    8c:4c:07:43:74:e4:f6:74:3d:57:be:70:c2:67:02:
                    06:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:11:09:8C:92:68:DD:EF:B5:F5:0A:46:67:B7:68:76:2E:7D:1F:EC
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS64267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.5.0/24
                  92.113.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:a7:22:11:34:51:bf:d3:ab:bd:71:1a:81:b4:de:00:1b:a2:
         1f:ec:8e:df:e1:d6:a6:99:5b:50:b1:43:31:76:0d:86:ec:ef:
         2e:97:3a:80:4a:81:65:5b:6f:9c:f9:e1:33:a3:50:43:88:5b:
         9d:9f:6b:71:ca:76:68:5e:1f:04:b1:df:c4:2e:16:c8:a7:28:
         88:52:21:09:83:0a:a1:18:44:fc:56:f5:6d:d0:d0:0e:dd:3b:
         42:1d:05:57:ae:e0:3c:83:ea:1d:9b:a5:c9:86:e3:47:37:8b:
         23:68:80:2c:81:22:c5:58:41:e6:a0:4b:48:79:f7:55:3c:50:
         34:3c:df:bb:0d:2e:fc:6a:b5:33:69:0d:8f:07:52:cf:14:d3:
         e6:5a:e8:86:e3:6c:fd:e5:bf:19:d4:62:bc:ca:d4:3b:02:54:
         6e:e0:3c:ef:79:00:50:ed:5b:ae:ef:da:30:be:4a:8a:fd:b0:
         1d:1b:de:ce:fc:69:24:52:f8:4b:81:3a:cf:d0:a4:d0:47:4b:
         82:14:86:fd:46:32:74:3c:d0:28:5e:89:d3:4b:56:65:87:fd:
         61:03:20:62:ba:fb:63:9e:0f:5b:73:7a:59:24:4f:7c:76:c4:
         b0:1e:3a:be:fc:5f:52:44:f0:71:a2:3f:3b:1d:e9:d5:8b:51:
         5c:09:6a:02
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUVChpnGjeSMh8TTVFj6kZVgvk+H8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MDIwODM5MzFaFw0yNjA0MDEwODQ0MzFaMDMxMTAvBgNV
BAMTKEZGMTEwOThDOTI2OERERUZCNUY1MEE0NjY3Qjc2ODc2MkU3RDFGRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCc5/J7NADC/j1sQlC9tQBkjS4
W7NS0qKsx9IHn0iGWVCI4PQlQKPpGCkFzpwBkVopehyariLOd1eOpBAzSokyzNoe
iTGb1aZg4YGUIAde0MHi17NydlZet2/oR+ZefQsi8lI400Px3R2zkLPPQWOzWHwV
UiP1vLoERjlthSaSmMjRZUoEmFxqZ6awX+sdAgaaRDDj6+ikslbuRlBlKKhrOnA6
Y93OyO6NpVZ8RanFQP8DsESyAp8LqgqtNHXHzzY+ctQkTHgnt3/xGRv+lMJ/mldW
RV/8jB6zjgcokUi8fd8bWPxhdzBEJiGOV6nOQoxMB0N05PZ0PVe+cMJnAgYzAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU/xEJjJJo3e+19QpGZ7dodi59H+wwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNjQyNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABccAUD
BABccQswDQYJKoZIhvcNAQELBQADggEBABKnIhE0Ub/Tq71xGoG03gAboh/sjt/h
1qaZW1CxQzF2DYbs7y6XOoBKgWVbb5z54TOjUEOIW52fa3HKdmheHwSx38QuFsin
KIhSIQmDCqEYRPxW9W3Q0A7dO0IdBVeu4DyD6h2bpcmG40c3iyNogCyBIsVYQeag
S0h591U8UDQ837sNLvxqtTNpDY8HUs8U0+Za6IbjbP3lvxnUYrzK1DsCVG7gPO95
AFDtW67v2jC+Sor9sB0b3s78aSRS+EuBOs/QpNBHS4IUhv1GMnQ80CheidNLVmWH
/WEDIGK6+2OeD1tzelkkT3x2xLAeOr78X1JE8HGiPzsd6dWLUVwJagI=
-----END CERTIFICATE-----