Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS64267.roa
File:                     AS64267.roa (raw, json)
Hash identifier:          Wi5zMhEx3AzeagdmLVKHqAB8BcbU23Zm2zU3IuogcTA=
Subject key identifier:   FA:36:AF:EA:9D:E1:DD:CF:53:29:93:BF:8E:4B:DE:38:54:E5:05:C4
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       24FF53289B9CC028B692B2742E9D9935298F4985
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS64267.roa
Signing time:             Wed 21 Aug 2024 16:55:27 +0000
ROA not before:           Wed 21 Aug 2024 16:50:27 +0000
ROA not after:            Wed 20 Aug 2025 16:55:27 +0000
asID:                     64267
IP address blocks:        92.113.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ff:53:28:9b:9c:c0:28:b6:92:b2:74:2e:9d:99:35:29:8f:49:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 21 16:50:27 2024 GMT
            Not After : Aug 20 16:55:27 2025 GMT
        Subject: CN=FA36AFEA9DE1DDCF532993BF8E4BDE3854E505C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:28:b1:be:b2:8b:10:6b:19:ce:9c:6d:e8:cf:
                    97:8f:c9:e3:86:ce:1a:26:08:4d:72:a9:2e:2c:5a:
                    ef:5b:3b:f2:16:1b:7d:82:c3:f8:29:f7:44:29:d3:
                    98:c4:06:1a:c1:c4:9a:1c:16:48:01:32:58:da:aa:
                    a2:d1:d5:21:42:c2:1d:ef:dc:85:61:90:ae:6e:da:
                    3b:54:a4:b8:03:d0:24:4b:52:ff:50:2c:f4:9a:77:
                    d9:c5:64:b5:a2:0d:7a:cb:9b:94:df:b3:5a:8b:83:
                    50:56:ee:d1:8a:f1:02:05:56:2f:92:54:27:52:03:
                    e9:8b:7e:a8:29:f1:be:f3:f1:e3:c1:a1:d9:46:4e:
                    76:6a:9c:d9:ce:d9:93:a3:dd:78:fe:68:5b:5d:cd:
                    56:cb:4d:96:46:5f:bb:52:aa:35:94:cc:2a:95:24:
                    13:a1:e2:d6:a9:36:5d:de:07:90:ef:6b:7e:7c:1c:
                    ba:cd:c9:bd:18:2a:cd:eb:45:a6:f4:0b:70:a1:8b:
                    36:fe:dc:0f:7f:9e:ab:9c:52:4b:58:c5:5e:63:e7:
                    25:ba:4c:f3:ef:72:42:82:26:72:40:38:98:d4:9f:
                    6c:82:26:53:c6:84:f0:bd:a4:54:18:2d:cc:06:ec:
                    b8:1c:0f:28:d3:6f:ca:2e:a4:74:a9:28:58:be:85:
                    6f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:36:AF:EA:9D:E1:DD:CF:53:29:93:BF:8E:4B:DE:38:54:E5:05:C4
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS64267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:7d:a4:41:dc:1c:bf:f9:2f:06:05:5c:92:63:55:4b:61:29:
         08:77:19:e3:7a:3b:6e:61:e9:ac:50:46:55:9a:1e:48:7b:aa:
         17:9f:2f:ba:bd:c6:95:21:d6:f2:96:4d:e7:d4:56:a4:3e:ec:
         b2:9f:41:14:14:08:ba:1a:61:22:62:35:1e:7c:2a:ac:27:74:
         31:e0:5e:99:9d:f1:83:ba:f4:7c:8e:42:b8:a2:06:15:fb:78:
         6d:88:0f:b8:e4:52:27:e5:5b:13:68:b0:53:b8:f4:00:2c:c8:
         0c:ee:f2:9b:8b:21:40:b1:58:c0:4e:16:c6:8e:4f:04:80:03:
         da:49:0a:f1:0f:fc:5e:16:08:43:75:5c:6e:97:19:bd:97:78:
         14:a7:17:3b:2e:2c:19:b7:f0:46:0f:18:13:48:f9:df:15:6f:
         6f:b8:87:4f:e4:64:d8:94:52:25:a3:a6:60:96:dc:d8:ae:13:
         91:67:55:e6:39:c8:e2:c9:9d:a0:7b:e2:77:39:5e:e1:4d:8d:
         d0:b1:07:25:cf:02:ac:78:ac:4d:3b:16:c2:95:4b:90:1a:b4:
         8f:e7:c5:b9:17:3b:14:1c:8c:9c:fd:42:92:56:05:b6:63:da:
         8f:26:02:d3:89:67:35:c8:be:73:bb:e5:fa:cc:e7:71:e8:77:
         66:b3:30:db
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJP9TKJucwCi2krJ0Lp2ZNSmPSYUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA4MjExNjUwMjdaFw0yNTA4MjAxNjU1MjdaMDMxMTAvBgNV
BAMTKEZBMzZBRkVBOURFMUREQ0Y1MzI5OTNCRjhFNEJERTM4NTRFNTA1QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7KLG+sosQaxnOnG3oz5ePyeOG
zhomCE1yqS4sWu9bO/IWG32Cw/gp90Qp05jEBhrBxJocFkgBMljaqqLR1SFCwh3v
3IVhkK5u2jtUpLgD0CRLUv9QLPSad9nFZLWiDXrLm5Tfs1qLg1BW7tGK8QIFVi+S
VCdSA+mLfqgp8b7z8ePBodlGTnZqnNnO2ZOj3Xj+aFtdzVbLTZZGX7tSqjWUzCqV
JBOh4tapNl3eB5Dva358HLrNyb0YKs3rRab0C3Chizb+3A9/nqucUktYxV5j5yW6
TPPvckKCJnJAOJjUn2yCJlPGhPC9pFQYLcwG7LgcDyjTb8oupHSpKFi+hW8NAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+jav6p3h3c9TKZO/jkveOFTlBcQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNjQyNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABccQsw
DQYJKoZIhvcNAQELBQADggEBAFN9pEHcHL/5LwYFXJJjVUthKQh3GeN6O25h6axQ
RlWaHkh7qhefL7q9xpUh1vKWTefUVqQ+7LKfQRQUCLoaYSJiNR58KqwndDHgXpmd
8YO69HyOQriiBhX7eG2ID7jkUiflWxNosFO49AAsyAzu8puLIUCxWMBOFsaOTwSA
A9pJCvEP/F4WCEN1XG6XGb2XeBSnFzsuLBm38EYPGBNI+d8Vb2+4h0/kZNiUUiWj
pmCW3NiuE5FnVeY5yOLJnaB74nc5XuFNjdCxByXPAqx4rE07FsKVS5AatI/nxbkX
OxQcjJz9QpJWBbZj2o8mAtOJZzXIvnO75frM53Hod2azMNs=
-----END CERTIFICATE-----