Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ChQzykOuJ6DRlVLBahoVuuKVO64.roa
File:                     ChQzykOuJ6DRlVLBahoVuuKVO64.roa (raw, json)
Hash identifier:          45ghH/sCitEjSiml52AfmbsctA5R66+XVv/vrGljT6E=
Subject key identifier:   0A:14:33:CA:43:AE:27:A0:D1:95:52:C1:6A:1A:15:BA:E2:95:3B:AE
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019A1139F91DD31AE6F800B688E7877923C0
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ChQzykOuJ6DRlVLBahoVuuKVO64.roa
Signing time:             Thu 23 Oct 2025 13:20:03 +0000
ROA not before:           Thu 23 Oct 2025 13:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        83.137.153.0/24 maxlen: 24
                          88.209.198.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:11:39:f9:1d:d3:1a:e6:f8:00:b6:88:e7:87:79:23:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 23 13:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a1433ca43ae27a0d19552c16a1a15bae2953bae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2e:23:3f:e4:84:4c:61:1d:ac:63:7b:42:23:
                    3e:20:3b:40:88:b3:b2:67:5d:50:cf:ad:aa:75:9a:
                    d5:2f:f8:b1:c8:02:d9:7e:d6:e9:57:6f:a9:49:5d:
                    3d:c5:4d:48:b6:12:1e:a4:e6:f8:17:1f:a2:14:ea:
                    bb:87:16:8c:c5:54:cb:46:99:17:e0:81:e8:48:f4:
                    3f:d6:2c:ef:fc:02:05:4f:e2:6e:af:d4:91:5d:3f:
                    45:2e:12:ed:4f:e7:eb:c9:17:99:c3:b8:ac:3b:61:
                    54:d3:79:73:a3:64:97:db:52:71:fd:5b:3f:8c:9b:
                    51:ed:05:c7:14:94:02:80:b0:4c:b8:e5:99:48:a2:
                    5a:44:e9:78:df:42:9c:e2:72:91:9b:03:cc:88:77:
                    ab:f1:13:f1:32:88:46:34:4d:ed:17:e4:ae:bf:06:
                    47:3e:0e:3d:fa:eb:73:20:1f:31:a9:91:21:6c:3e:
                    37:9e:30:f2:5b:51:8a:f1:67:65:67:23:f9:6a:27:
                    d5:a4:8e:bd:e3:e8:a5:e2:5c:ad:0c:a8:de:d9:51:
                    94:d6:9a:81:52:dd:97:dc:72:52:dd:7d:c8:1a:e8:
                    42:90:ed:93:d0:39:ba:0f:dc:45:3e:fb:68:6a:39:
                    62:98:bd:fd:29:8c:46:99:50:8f:ff:cc:8f:ac:d8:
                    c2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:14:33:CA:43:AE:27:A0:D1:95:52:C1:6A:1A:15:BA:E2:95:3B:AE
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ChQzykOuJ6DRlVLBahoVuuKVO64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.153.0/24
                  88.209.198.0/24
                  88.209.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:62:11:6e:39:ca:d8:1e:98:e4:11:fd:fa:88:27:20:d1:43:
         4b:38:10:12:c6:1a:bd:1d:a3:1f:a1:7a:50:46:ef:c8:be:3e:
         0b:12:a7:75:66:f1:ef:1e:bb:2c:8c:20:a3:0f:32:a5:9c:4e:
         cc:ac:df:24:a5:2a:bb:92:18:02:32:bf:22:47:d0:39:4d:5e:
         53:50:ec:8a:53:83:00:b5:e6:18:bb:7c:9a:c4:e7:c7:44:60:
         10:82:f4:1e:1a:c9:da:d8:99:b2:ef:63:5d:97:07:05:12:b4:
         a2:34:f7:51:4b:78:80:36:28:f7:ab:81:76:83:a9:11:d3:8c:
         c2:60:38:8a:bc:87:46:aa:e1:53:7c:f1:71:d7:dc:49:54:94:
         58:27:d5:b9:20:97:6f:51:5a:69:d0:66:9f:63:27:89:e7:43:
         aa:6b:2d:47:cb:ff:6f:e1:bd:c0:81:2b:7e:bf:fa:e2:8b:7f:
         f2:c1:62:f0:f9:18:c0:6e:d5:59:6f:12:2b:dd:17:b1:5f:f2:
         0e:78:d8:eb:c2:62:7c:7b:ff:65:40:08:a2:24:76:41:80:75:
         7b:ec:90:ed:c8:97:63:23:37:a7:eb:75:d5:6c:49:3a:3f:6f:
         27:48:99:85:ee:68:d7:ef:6f:ea:8d:3a:6b:5d:da:12:d7:13:
         5f:03:76:cc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoROfkd0xrm+AC2iOeHeSPAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUxMDIzMTMyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTE0MzNjYTQzYWUyN2EwZDE5NTUyYzE2YTFhMTViYWUyOTUzYmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy4jP+SETGEdrGN7QiM+IDtAiLOy
Z11Qz62qdZrVL/ixyALZftbpV2+pSV09xU1IthIepOb4Fx+iFOq7hxaMxVTLRpkX
4IHoSPQ/1izv/AIFT+Jur9SRXT9FLhLtT+fryReZw7isO2FU03lzo2SX21Jx/Vs/
jJtR7QXHFJQCgLBMuOWZSKJaROl430Kc4nKRmwPMiHer8RPxMohGNE3tF+SuvwZH
Pg49+utzIB8xqZEhbD43njDyW1GK8WdlZyP5aifVpI694+il4lytDKje2VGU1pqB
Ut2X3HJS3X3IGuhCkO2T0Dm6D9xFPvtoajlimL39KYxGmVCP/8yPrNjCIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAoUM8pDrieg0ZVSwWoaFbrilTuuMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvQ2hRenlrT3VKNkRSbFZMQmFob1Z1dUtWTzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU4mZAwQA
WNHGAwQAWNHRMA0GCSqGSIb3DQEBCwUAA4IBAQAUYhFuOcrYHpjkEf36iCcg0UNL
OBASxhq9HaMfoXpQRu/Ivj4LEqd1ZvHvHrssjCCjDzKlnE7MrN8kpSq7khgCMr8i
R9A5TV5TUOyKU4MAteYYu3yaxOfHRGAQgvQeGsna2Jmy72NdlwcFErSiNPdRS3iA
Nij3q4F2g6kR04zCYDiKvIdGquFTfPFx19xJVJRYJ9W5IJdvUVpp0GafYyeJ50Oq
ay1Hy/9v4b3AgSt+v/rii3/ywWLw+RjAbtVZbxIr3RexX/IOeNjrwmJ8e/9lQAii
JHZBgHV77JDtyJdjIzen63XVbEk6P28nSJmF7mjX72/qjTprXdoS1xNfA3bM
-----END CERTIFICATE-----