Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/gchew8N-s3QGJhaPeq9th0RAwrA.roa
File:                     gchew8N-s3QGJhaPeq9th0RAwrA.roa (raw, json)
Hash identifier:          8LHWubfz5C/zrE3nYoyb2vELJgFr9oL05PR7fmzV9hw=
Subject key identifier:   81:C8:5E:C3:C3:7E:B3:74:06:26:16:8F:7A:AF:6D:87:44:40:C2:B0
Certificate issuer:       /CN=c65613d5999f3632985ed89a02efaabd1890ba09
Certificate serial:       019E21664A1E61E83A1A1E8C801FF9F3BDFF
Authority key identifier: C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/gchew8N-s3QGJhaPeq9th0RAwrA.roa
Signing time:             Wed 13 May 2026 12:53:32 +0000
ROA not before:           Wed 13 May 2026 12:53:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215980
IP address blocks:        164.40.237.0/24 maxlen: 24
                          2a14:8100:f300::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jun 2026 03:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:21:66:4a:1e:61:e8:3a:1a:1e:8c:80:1f:f9:f3:bd:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65613d5999f3632985ed89a02efaabd1890ba09
        Validity
            Not Before: May 13 12:53:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81c85ec3c37eb3740626168f7aaf6d874440c2b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2c:d2:2b:9b:70:c0:9d:eb:c4:b3:c6:01:cb:
                    e4:b7:f5:29:ef:88:4a:02:7e:a5:72:ea:b9:22:27:
                    96:a8:f1:67:cb:4d:5f:a2:b9:65:95:95:03:40:d3:
                    b4:c2:cd:be:df:7f:d8:45:bc:30:b7:f4:69:5b:d6:
                    9c:0a:f1:05:9e:b2:9e:91:ca:e2:89:70:48:ac:bc:
                    a5:c7:18:d3:80:6d:a8:00:13:09:f8:b9:77:09:a5:
                    63:30:a5:fe:b2:b5:f6:c0:5d:fa:96:d1:4a:97:c5:
                    e3:16:f3:86:31:42:c3:7e:dc:1c:0c:25:57:07:62:
                    62:5f:23:f6:ca:60:61:23:6b:05:19:c4:f3:91:18:
                    60:b9:41:05:27:81:1e:a7:8c:00:12:b2:b4:24:ce:
                    c1:3f:e4:41:24:7a:43:22:89:50:27:ba:e9:d5:1f:
                    9f:f4:38:80:95:15:86:c0:55:8d:80:62:9f:d5:c4:
                    d4:91:0c:fc:f9:b2:40:93:c1:c0:18:4f:3e:0f:6c:
                    78:44:36:8a:20:fc:b4:95:ad:89:06:b3:3a:16:c8:
                    7a:53:bf:3c:98:92:9a:fa:d7:7f:d0:b3:de:15:a2:
                    f7:67:f4:be:ef:75:fa:88:65:92:ae:c2:7f:4c:a3:
                    56:ad:8a:68:6c:97:b5:38:ef:dc:5e:e2:32:df:0a:
                    53:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C8:5E:C3:C3:7E:B3:74:06:26:16:8F:7A:AF:6D:87:44:40:C2:B0
            X509v3 Authority Key Identifier:
                keyid:C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/gchew8N-s3QGJhaPeq9th0RAwrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.40.237.0/24
                IPv6:
                  2a14:8100:f300::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:76:06:59:9c:e2:92:57:9b:7f:68:0f:a2:65:e7:4f:8b:66:
         29:12:96:ef:4d:0e:dc:8f:5d:91:de:38:6c:b9:7f:fd:46:18:
         bd:8f:7b:3b:24:47:86:de:e2:f9:b5:02:c2:7a:25:4b:0b:26:
         9d:ca:51:c3:1a:38:2e:c8:99:a8:1c:3f:17:55:ad:e5:08:6d:
         73:34:d5:4f:7d:b8:d9:16:cc:d3:2e:37:d7:a9:f6:b2:39:bb:
         71:4b:f9:25:d6:0f:05:a5:4f:28:bb:3a:99:c5:88:7e:6c:63:
         48:fe:2c:cb:dc:ab:ba:15:04:5c:02:8f:79:4d:48:ad:62:7a:
         1f:13:6d:d5:5a:9f:cb:83:47:b8:d9:f5:20:52:c5:62:e7:07:
         9f:8b:06:bd:11:24:5e:16:62:9e:05:32:62:6c:53:1a:60:28:
         1c:28:9f:90:99:0e:f3:af:d3:c2:e6:97:94:ee:30:7b:75:ac:
         2a:a3:3a:fb:f3:e8:91:29:20:17:d4:99:08:bd:b8:62:eb:70:
         b0:f9:0a:f7:ce:20:77:aa:f7:d2:ff:df:85:2e:91:11:a0:53:
         94:94:3b:b4:96:3c:98:19:d6:bc:81:fa:87:b8:4b:58:06:62:
         66:2c:44:d6:74:f7:ef:25:fa:e1:47:65:2b:08:fa:45:b0:88:
         5e:fd:1a:99
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ4hZkoeYeg6Gh6MgB/5873/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NTYxM2Q1OTk5ZjM2MzI5ODVlZDg5YTAyZWZhYWJkMTg5
MGJhMDkwHhcNMjYwNTEzMTI1MzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWM4NWVjM2MzN2ViMzc0MDYyNjE2OGY3YWFmNmQ4NzQ0NDBjMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyzSK5twwJ3rxLPGAcvkt/Up74hK
An6lcuq5IieWqPFny01forlllZUDQNO0ws2+33/YRbwwt/RpW9acCvEFnrKekcri
iXBIrLylxxjTgG2oABMJ+Ll3CaVjMKX+srX2wF36ltFKl8XjFvOGMULDftwcDCVX
B2JiXyP2ymBhI2sFGcTzkRhguUEFJ4Eep4wAErK0JM7BP+RBJHpDIolQJ7rp1R+f
9DiAlRWGwFWNgGKf1cTUkQz8+bJAk8HAGE8+D2x4RDaKIPy0la2JBrM6Fsh6U788
mJKa+td/0LPeFaL3Z/S+73X6iGWSrsJ/TKNWrYpobJe1OO/cXuIy3wpTVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIHIXsPDfrN0BiYWj3qvbYdEQMKwMB8GA1UdIwQY
MBaAFMZWE9WZnzYymF7YmgLvqr0YkLoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2Ut
NjUwOTkyZjJhMTc0LzEvZ2NoZXc4Ti1zM1FHSmhhUGVxOXRoMFJBd3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2UtNjUwOTkyZjJhMTc0
LzEveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQApCjtMA8E
AgACMAkDBwQqFIEA8wAwDQYJKoZIhvcNAQELBQADggEBAH12Blmc4pJXm39oD6Jl
50+LZikSlu9NDtyPXZHeOGy5f/1GGL2PezskR4be4vm1AsJ6JUsLJp3KUcMaOC7I
magcPxdVreUIbXM01U99uNkWzNMuN9ep9rI5u3FL+SXWDwWlTyi7OpnFiH5sY0j+
LMvcq7oVBFwCj3lNSK1ieh8TbdVan8uDR7jZ9SBSxWLnB5+LBr0RJF4WYp4FMmJs
UxpgKBwon5CZDvOv08Lml5TuMHt1rCqjOvvz6JEpIBfUmQi9uGLrcLD5CvfOIHeq
99L/34UukRGgU5SUO7SWPJgZ1ryB+oe4S1gGYmYsRNZ09+8l+uFHZSsI+kWwiF79
Gpk=
-----END CERTIFICATE-----