Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/chbPy5LW8Hkd4bGtf_RD9PY-jXM.roa
File:                     chbPy5LW8Hkd4bGtf_RD9PY-jXM.roa (raw, json)
Hash identifier:          OZ3Yr4u9f+K63l23sY2VD+QyaE93yVzpoUvGWYs3Kgw=
Subject key identifier:   72:16:CF:CB:92:D6:F0:79:1D:E1:B1:AD:7F:F4:43:F4:F6:3E:8D:73
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D29596B279455AB321C2161F79346B3B1
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/chbPy5LW8Hkd4bGtf_RD9PY-jXM.roa
Signing time:             Thu 26 Mar 2026 08:53:39 +0000
ROA not before:           Thu 26 Mar 2026 08:53:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214668
IP address blocks:        193.29.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 31 Mar 2026 19:28:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:59:6b:27:94:55:ab:32:1c:21:61:f7:93:46:b3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 26 08:53:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7216cfcb92d6f0791de1b1ad7ff443f4f63e8d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:95:d5:0b:01:3e:6c:ad:68:ae:fb:31:57:70:
                    7d:d2:25:af:27:4b:cd:60:dc:ee:10:02:21:46:bb:
                    45:1f:06:3d:21:a9:f8:27:28:74:76:d0:f4:d9:dc:
                    b2:11:83:52:1a:39:ec:c2:c5:fa:f6:82:e4:0f:ff:
                    de:b8:30:1b:76:ea:8d:f5:5b:ee:5c:4e:7d:8b:8a:
                    a8:10:c7:75:5b:55:1b:d8:b8:60:df:61:55:f3:32:
                    0a:ae:c2:ac:c6:b9:37:eb:c3:ea:cf:38:5d:c6:ac:
                    47:dd:d1:2f:76:41:7c:a5:a6:b7:f6:73:aa:85:35:
                    4d:1e:d1:5e:65:76:ba:b7:e0:90:07:47:4c:44:8f:
                    75:2f:82:e4:ba:00:e0:ad:5a:8d:33:44:5c:55:6f:
                    1e:b2:85:5f:57:6c:2d:78:cf:f0:96:6e:c9:0a:cb:
                    a7:bb:e1:df:3c:8c:7a:fe:8a:37:ec:35:17:1e:1e:
                    2c:7f:61:8d:02:de:92:68:03:fa:c4:d6:e7:9c:67:
                    39:a6:8c:db:f3:05:72:24:e3:db:8a:7e:0a:3e:28:
                    60:7d:0f:c5:a8:81:09:28:0f:6f:89:66:c1:4e:ab:
                    d1:7e:c2:ef:d9:28:02:c1:17:2c:94:60:5d:bf:cd:
                    2c:f5:0a:81:be:a6:b8:b0:b9:a7:0f:9e:e1:59:53:
                    92:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:16:CF:CB:92:D6:F0:79:1D:E1:B1:AD:7F:F4:43:F4:F6:3E:8D:73
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/chbPy5LW8Hkd4bGtf_RD9PY-jXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:66:79:b5:9d:36:fc:6d:c5:a2:d0:6c:87:15:e9:29:be:d6:
         29:f0:1a:04:30:64:43:e1:8b:34:fd:bb:ef:bb:4c:89:4b:2b:
         ce:ad:c1:1b:5b:45:f9:70:8e:2e:b8:57:98:51:32:f0:49:27:
         54:b5:c5:39:f6:a4:39:d5:6e:39:3d:b7:ca:0f:11:92:fb:43:
         dc:5f:81:5f:f0:e5:6c:e6:f0:9f:78:de:23:b0:7a:21:22:0f:
         55:b5:98:ad:dc:68:22:86:71:cf:3b:4f:25:6a:ec:46:62:c0:
         e9:4f:f4:94:1b:59:8b:85:b5:f5:80:c3:fc:82:52:20:7d:c3:
         a2:9e:a3:89:62:43:d8:94:56:05:f3:82:85:53:e3:df:b9:be:
         73:f7:cb:77:84:39:dd:06:bf:82:71:6a:c8:6e:e6:d1:19:1d:
         1a:8a:5e:a3:20:6c:30:a2:2f:8b:1c:e6:4f:e7:6e:42:e2:9e:
         68:83:08:f1:53:f8:fc:88:85:9a:75:51:ea:ca:6a:cd:25:e7:
         20:e7:37:1e:f1:23:b9:3a:e4:1b:62:7e:b5:53:2f:5b:4a:aa:
         61:27:94:93:b0:d4:59:f2:39:45:e7:36:8d:fb:9e:05:e2:a9:
         76:62:07:3a:6f:8f:36:71:0e:7d:d3:d7:c8:88:94:e7:89:aa:
         24:dc:4d:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pWWsnlFWrMhwhYfeTRrOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzI2MDg1MzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjE2Y2ZjYjkyZDZmMDc5MWRlMWIxYWQ3ZmY0NDNmNGY2M2U4ZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZXVCwE+bK1orvsxV3B90iWvJ0vN
YNzuEAIhRrtFHwY9Ian4Jyh0dtD02dyyEYNSGjnswsX69oLkD//euDAbduqN9Vvu
XE59i4qoEMd1W1Ub2Lhg32FV8zIKrsKsxrk368PqzzhdxqxH3dEvdkF8paa39nOq
hTVNHtFeZXa6t+CQB0dMRI91L4LkugDgrVqNM0RcVW8esoVfV2wteM/wlm7JCsun
u+HfPIx6/oo37DUXHh4sf2GNAt6SaAP6xNbnnGc5pozb8wVyJOPbin4KPihgfQ/F
qIEJKA9viWbBTqvRfsLv2SgCwRcslGBdv80s9QqBvqa4sLmnD57hWVOS8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIWz8uS1vB5HeGxrX/0Q/T2Po1zMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvY2hiUHk1TFc4SGtkNGJHdGZfUkQ5UFktalhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR23MA0G
CSqGSIb3DQEBCwUAA4IBAQAlZnm1nTb8bcWi0GyHFekpvtYp8BoEMGRD4Ys0/bvv
u0yJSyvOrcEbW0X5cI4uuFeYUTLwSSdUtcU59qQ51W45PbfKDxGS+0PcX4Ff8OVs
5vCfeN4jsHohIg9VtZit3GgihnHPO08lauxGYsDpT/SUG1mLhbX1gMP8glIgfcOi
nqOJYkPYlFYF84KFU+Pfub5z98t3hDndBr+CcWrIbubRGR0ail6jIGwwoi+LHOZP
525C4p5ogwjxU/j8iIWadVHqymrNJecg5zce8SO5OuQbYn61Uy9bSqphJ5STsNRZ
8jlF5zaN+54F4ql2Ygc6b482cQ5909fIiJTniaok3E1o
-----END CERTIFICATE-----