Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/CHbKKVMpLk01B-ESgxaPOu3Vvlk.roa
File:                     CHbKKVMpLk01B-ESgxaPOu3Vvlk.roa (raw, json)
Hash identifier:          L335VlqzZgeAefFFrQPy002bZMiytu82bj4ohO+r9FM=
Subject key identifier:   08:76:CA:29:53:29:2E:4D:35:07:E1:12:83:16:8F:3A:ED:D5:BE:59
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       0194266B8AA41D50F115D2B792C49BEED740
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/CHbKKVMpLk01B-ESgxaPOu3Vvlk.roa
Signing time:             Thu 02 Jan 2025 09:49:29 +0000
ROA not before:           Thu 02 Jan 2025 09:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211717
IP address blocks:        188.85.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:8a:a4:1d:50:f1:15:d2:b7:92:c4:9b:ee:d7:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 09:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0876ca2953292e4d3507e11283168f3aedd5be59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:79:69:d9:74:df:29:16:8c:ed:da:61:02:6c:
                    5d:db:b1:bc:e9:43:24:83:6d:1a:4a:66:03:5a:d2:
                    57:2d:1e:b5:4b:61:88:e8:b2:92:e9:69:19:f9:2e:
                    17:4c:b7:f2:86:1f:25:f5:a9:96:d0:41:a5:03:fd:
                    20:7c:14:99:09:90:79:0e:7e:aa:5a:9d:f2:00:35:
                    22:d6:16:c7:91:60:71:d4:6d:aa:dd:02:f2:cc:7e:
                    5c:30:b8:1d:94:bd:00:9d:f2:99:06:a3:69:7c:ce:
                    9a:20:3e:5a:cb:7e:de:43:55:df:2a:6e:5c:0e:b1:
                    9d:aa:78:1e:9f:33:45:4e:ab:65:b2:6c:ff:66:7a:
                    d9:a8:8f:b8:79:8f:fa:97:c9:07:70:61:50:93:5b:
                    ba:f4:f6:c9:31:3d:c9:67:a0:d7:91:2c:81:14:67:
                    9e:c1:4f:bc:f0:af:57:21:c4:98:94:f0:37:9b:37:
                    1a:f7:4a:6b:1c:0c:3b:32:08:29:bf:bd:c3:aa:82:
                    c3:e4:b9:df:71:32:6a:f5:f1:3e:2f:38:34:73:ec:
                    48:2f:43:cb:b5:4c:f5:75:f0:83:ce:ea:5c:b2:d4:
                    53:24:4a:6f:f9:28:f0:34:4b:6e:d8:a6:d2:02:a2:
                    43:24:e3:d8:b3:5d:95:b5:46:c3:67:01:67:56:a7:
                    63:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:76:CA:29:53:29:2E:4D:35:07:E1:12:83:16:8F:3A:ED:D5:BE:59
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/CHbKKVMpLk01B-ESgxaPOu3Vvlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.85.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:ed:bd:33:c5:64:c9:78:49:db:09:22:ae:5a:86:97:d3:38:
         dc:c1:28:ef:ea:3b:9d:53:33:a9:b8:4f:44:d0:b9:27:d2:01:
         ab:76:bf:ab:ec:c8:63:6a:d5:7e:54:a5:e4:8f:e9:ea:b8:74:
         21:0a:4b:9e:f1:34:3f:3f:a9:c6:a7:f5:2e:4f:ef:63:de:a2:
         88:e6:16:bb:af:f6:31:cf:6e:26:c0:67:37:66:98:cd:ff:74:
         5e:7e:2a:94:73:c6:af:72:c0:0e:9a:b3:d7:a4:d4:38:df:57:
         f3:d0:79:8c:35:e9:9f:81:82:c8:30:70:e9:0c:83:3a:d0:84:
         97:e0:f0:3e:69:ec:bd:58:82:52:4b:cb:31:7c:fa:4f:4a:bc:
         a5:69:fc:75:88:ac:17:49:2b:4f:23:e1:68:63:f0:6a:e4:18:
         31:89:a4:e7:8f:a6:dc:b2:e3:63:36:33:24:38:59:21:39:98:
         46:ef:37:85:5a:8d:4a:94:7a:d9:9f:f9:f1:33:4b:81:46:15:
         20:86:59:dc:c7:14:d6:d4:5a:e7:0a:41:14:62:ef:6b:4b:d4:
         78:23:db:19:d0:05:e3:32:6e:a3:2e:ba:ff:96:2d:5e:73:24:
         de:79:45:87:1e:24:de:05:86:88:22:42:76:c5:d5:09:97:80:
         35:31:52:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4qkHVDxFdK3ksSb7tdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjUwMTAyMDk0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODc2Y2EyOTUzMjkyZTRkMzUwN2UxMTI4MzE2OGYzYWVkZDViZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnlp2XTfKRaM7dphAmxd27G86UMk
g20aSmYDWtJXLR61S2GI6LKS6WkZ+S4XTLfyhh8l9amW0EGlA/0gfBSZCZB5Dn6q
Wp3yADUi1hbHkWBx1G2q3QLyzH5cMLgdlL0AnfKZBqNpfM6aID5ay37eQ1XfKm5c
DrGdqngenzNFTqtlsmz/ZnrZqI+4eY/6l8kHcGFQk1u69PbJMT3JZ6DXkSyBFGee
wU+88K9XIcSYlPA3mzca90prHAw7Mggpv73DqoLD5LnfcTJq9fE+Lzg0c+xIL0PL
tUz1dfCDzupcstRTJEpv+SjwNEtu2KbSAqJDJOPYs12VtUbDZwFnVqdjYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAh2yilTKS5NNQfhEoMWjzrt1b5ZMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvQ0hiS0tWTXBMazAxQi1FU2d4YVBPdTNWdmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFWZMA0G
CSqGSIb3DQEBCwUAA4IBAQAv7b0zxWTJeEnbCSKuWoaX0zjcwSjv6judUzOpuE9E
0Lkn0gGrdr+r7MhjatV+VKXkj+nquHQhCkue8TQ/P6nGp/UuT+9j3qKI5ha7r/Yx
z24mwGc3ZpjN/3RefiqUc8avcsAOmrPXpNQ431fz0HmMNemfgYLIMHDpDIM60ISX
4PA+aey9WIJSS8sxfPpPSrylafx1iKwXSStPI+FoY/Bq5BgxiaTnj6bcsuNjNjMk
OFkhOZhG7zeFWo1KlHrZn/nxM0uBRhUghlncxxTW1FrnCkEUYu9rS9R4I9sZ0AXj
Mm6jLrr/li1ecyTeeUWHHiTeBYaIIkJ2xdUJl4A1MVJ+
-----END CERTIFICATE-----