Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/chHqhcK6v5KswbGRV1kWS4kxVbc.roa
File:                     chHqhcK6v5KswbGRV1kWS4kxVbc.roa (raw, json)
Hash identifier:          +yh6jIIKa98uAgIkMxTmqikX+8wQBA7qBlvBYcLVe6I=
Subject key identifier:   72:11:EA:85:C2:BA:BF:92:AC:C1:B1:91:57:59:16:4B:89:31:55:B7
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       01981CE8F46D4DB3771508EB59917EB0D6E2
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/chHqhcK6v5KswbGRV1kWS4kxVbc.roa
Signing time:             Fri 18 Jul 2025 09:41:25 +0000
ROA not before:           Fri 18 Jul 2025 09:41:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214128
IP address blocks:        45.155.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 06:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1c:e8:f4:6d:4d:b3:77:15:08:eb:59:91:7e:b0:d6:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Jul 18 09:41:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7211ea85c2babf92acc1b1915759164b893155b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:53:17:58:0e:15:56:d8:b7:a7:0e:34:18:a0:
                    81:f8:e0:f0:d1:73:36:a3:fe:65:c6:75:f3:25:04:
                    3a:b6:96:f1:72:a7:21:7e:fb:f1:38:d1:b8:26:26:
                    81:0c:c0:90:7e:39:df:82:2d:1e:9f:87:8f:15:a0:
                    12:ff:60:ed:8a:fe:69:67:fe:43:62:d7:b5:be:e5:
                    89:9e:bd:d1:6b:b3:90:08:d5:76:01:a5:12:b8:d7:
                    79:8d:80:c5:44:83:99:06:da:7f:78:5f:60:05:49:
                    fb:b0:1a:8f:05:7f:95:28:4d:9b:b6:bc:80:b4:57:
                    f2:52:35:58:e5:6a:17:d0:4f:dd:f9:24:e3:53:ba:
                    41:de:ed:8a:0f:32:2c:e2:08:3a:0f:85:a5:6e:41:
                    58:10:41:30:c1:b3:f3:f0:40:ca:a0:8a:5c:e2:8f:
                    98:6e:ae:86:31:c5:b5:19:27:12:a3:d1:f6:4a:0b:
                    cc:21:96:a6:6d:f7:48:45:65:5c:17:6d:e7:57:79:
                    d3:4f:cf:80:16:30:ca:d7:06:c4:6c:b0:40:e6:5d:
                    05:8e:4a:dc:f8:8f:1c:02:23:f4:3e:05:b4:b0:d0:
                    d2:87:46:ef:8d:5b:2e:21:2e:45:72:f1:77:10:33:
                    e0:bf:0b:02:14:b5:f6:39:f9:9b:0a:0c:29:93:2a:
                    02:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:11:EA:85:C2:BA:BF:92:AC:C1:B1:91:57:59:16:4B:89:31:55:B7
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/chHqhcK6v5KswbGRV1kWS4kxVbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:69:8b:19:61:f4:91:2f:8e:d7:17:a3:43:d1:e0:ab:b3:29:
         61:bb:29:05:4a:81:5b:43:c3:07:c7:3b:33:47:5f:d7:bf:30:
         a8:d4:1a:64:cc:5c:e1:ae:0e:cd:ba:05:7c:3a:5f:52:28:70:
         4c:9e:15:38:a2:b9:7a:17:5c:0c:35:44:ce:a4:c8:07:24:89:
         f9:cf:eb:e2:9b:aa:eb:35:f5:9b:69:f2:c7:79:d0:ab:b0:e4:
         81:a7:f4:a7:72:4b:ff:d3:bf:24:5a:73:26:bd:b9:9f:b2:80:
         3c:ed:73:19:6c:15:d8:ad:b2:05:58:a7:a9:8e:aa:40:6c:51:
         67:01:34:e4:7f:86:a3:a1:e3:af:65:75:95:40:f7:68:4c:12:
         b4:31:7e:e9:95:5e:d1:a1:cd:5b:4b:8c:01:a2:a3:2b:fd:c0:
         dc:45:4c:b8:3c:15:a0:fd:d0:c0:e6:9b:91:ff:30:94:bb:33:
         da:55:0d:16:48:31:48:da:28:07:20:f5:64:61:ac:d1:c3:b1:
         12:9c:51:66:0a:1f:5f:01:54:f5:39:fc:89:9b:7a:4c:97:ce:
         f9:71:9c:8e:35:df:40:06:6f:a9:c4:51:87:bb:43:35:43:14:
         59:15:f1:2b:d0:93:c1:2d:2b:aa:6a:a8:10:5a:8f:d7:57:c5:
         1c:9f:cb:c6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZgc6PRtTbN3FQjrWZF+sNbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUwNzE4MDk0MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjExZWE4NWMyYmFiZjkyYWNjMWIxOTE1NzU5MTY0Yjg5MzE1NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VMXWA4VVti3pw40GKCB+ODw0XM2
o/5lxnXzJQQ6tpbxcqchfvvxONG4JiaBDMCQfjnfgi0en4ePFaAS/2Dtiv5pZ/5D
Yte1vuWJnr3Ra7OQCNV2AaUSuNd5jYDFRIOZBtp/eF9gBUn7sBqPBX+VKE2btryA
tFfyUjVY5WoX0E/d+STjU7pB3u2KDzIs4gg6D4WlbkFYEEEwwbPz8EDKoIpc4o+Y
bq6GMcW1GScSo9H2SgvMIZambfdIRWVcF23nV3nTT8+AFjDK1wbEbLBA5l0Fjkrc
+I8cAiP0PgW0sNDSh0bvjVsuIS5FcvF3EDPgvwsCFLX2OfmbCgwpkyoC2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHIR6oXCur+SrMGxkVdZFkuJMVW3MB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL2NoSHFoY0s2djVLc3diR1JWMWtXUzRreFZiYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtm6Qw
DQYJKoZIhvcNAQELBQADggEBAIxpixlh9JEvjtcXo0PR4KuzKWG7KQVKgVtDwwfH
OzNHX9e/MKjUGmTMXOGuDs26BXw6X1IocEyeFTiiuXoXXAw1RM6kyAckifnP6+Kb
qus19Ztp8sd50Kuw5IGn9KdyS//TvyRacya9uZ+ygDztcxlsFditsgVYp6mOqkBs
UWcBNOR/hqOh469ldZVA92hMErQxfumVXtGhzVtLjAGioyv9wNxFTLg8FaD90MDm
m5H/MJS7M9pVDRZIMUjaKAcg9WRhrNHDsRKcUWYKH18BVPU5/ImbekyXzvlxnI41
30AGb6nEUYe7QzVDFFkV8SvQk8EtK6pqqBBaj9dXxRyfy8Y=
-----END CERTIFICATE-----