Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/17ca5f-4327-4a88-b976-b64ffce06580/1/ERZth0xX85HWn67GzDSpThEJK6U.roa
File:                     ERZth0xX85HWn67GzDSpThEJK6U.roa (raw, json)
Hash identifier:          7waXqANAdY315AAe2QRMY1aCHLszX3hvr0AdWM3OyXs=
Subject key identifier:   11:16:6D:87:4C:57:F3:91:D6:9F:AE:C6:CC:34:A9:4E:11:09:2B:A5
Certificate issuer:       /CN=ead20a22e948fb9644129ad3019f08d4f4981fcf
Certificate serial:       01998135AE2C2D7635C5E1B1FB6404B49395
Authority key identifier: EA:D2:0A:22:E9:48:FB:96:44:12:9A:D3:01:9F:08:D4:F4:98:1F:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6tIKIulI-5ZEEprTAZ8I1PSYH88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/17ca5f-4327-4a88-b976-b64ffce06580/1/ERZth0xX85HWn67GzDSpThEJK6U.roa
Signing time:             Thu 25 Sep 2025 14:10:02 +0000
ROA not before:           Thu 25 Sep 2025 14:10:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39923
IP address blocks:        45.153.152.0/22 maxlen: 22
                          45.153.152.0/23 maxlen: 23
                          45.153.152.0/24 maxlen: 24
                          45.153.153.0/24 maxlen: 24
                          45.153.154.0/23 maxlen: 23
                          45.153.154.0/24 maxlen: 24
                          45.153.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/17ca5f-4327-4a88-b976-b64ffce06580/1/6tIKIulI-5ZEEprTAZ8I1PSYH88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/17ca5f-4327-4a88-b976-b64ffce06580/1/6tIKIulI-5ZEEprTAZ8I1PSYH88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6tIKIulI-5ZEEprTAZ8I1PSYH88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:81:35:ae:2c:2d:76:35:c5:e1:b1:fb:64:04:b4:93:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ead20a22e948fb9644129ad3019f08d4f4981fcf
        Validity
            Not Before: Sep 25 14:10:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11166d874c57f391d69faec6cc34a94e11092ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:79:0f:b4:77:51:7e:d1:dc:b4:50:9a:85:77:
                    5b:1d:04:eb:2f:0e:5d:6e:9f:25:d7:44:27:ab:82:
                    8e:eb:64:eb:b7:fd:66:1d:14:3a:82:75:f7:3e:01:
                    42:5c:df:55:07:2b:f1:bd:8f:25:6c:7f:d5:1b:aa:
                    9d:1d:31:ef:ca:46:67:09:51:78:a5:33:9f:a5:39:
                    80:30:de:8a:a4:1e:44:33:44:57:54:76:47:e5:60:
                    98:de:23:2e:d7:70:87:46:54:1d:24:ef:5a:f7:99:
                    f9:c6:40:fa:32:77:b3:22:53:41:a8:f0:61:e5:cf:
                    b6:97:cc:a4:fa:e2:c0:6d:dd:96:da:4e:e6:d9:b8:
                    f3:17:26:a6:65:03:e5:e0:46:2d:db:e4:e7:6c:9e:
                    79:e2:9a:eb:94:7e:66:75:e6:7f:2d:51:dc:24:45:
                    a4:5d:7e:e8:64:61:5d:36:9a:3e:0d:83:5c:f1:77:
                    93:36:b2:76:d8:bf:29:59:ba:10:ef:08:b5:00:92:
                    91:59:1b:a4:96:cb:1f:3e:40:22:7e:a3:0b:c9:53:
                    16:6b:5d:17:ab:7d:d6:28:48:9d:6e:04:2f:f2:76:
                    98:27:b0:02:0d:52:6e:96:d3:9e:57:a1:74:56:cc:
                    ed:71:e7:41:f1:95:8c:7b:ad:98:78:b0:3d:f4:2b:
                    ac:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:16:6D:87:4C:57:F3:91:D6:9F:AE:C6:CC:34:A9:4E:11:09:2B:A5
            X509v3 Authority Key Identifier:
                keyid:EA:D2:0A:22:E9:48:FB:96:44:12:9A:D3:01:9F:08:D4:F4:98:1F:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6tIKIulI-5ZEEprTAZ8I1PSYH88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/17ca5f-4327-4a88-b976-b64ffce06580/1/ERZth0xX85HWn67GzDSpThEJK6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/17ca5f-4327-4a88-b976-b64ffce06580/1/6tIKIulI-5ZEEprTAZ8I1PSYH88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:c8:39:38:11:c0:ea:e3:0e:3e:99:e0:b5:fe:f0:17:63:d8:
         ba:36:68:be:88:e5:6a:cb:7a:48:80:59:58:75:71:a4:d9:30:
         04:f0:e1:27:21:4c:50:09:51:c8:60:83:5c:79:d1:13:45:74:
         05:9c:f3:dd:10:8e:af:a8:29:fb:0c:e1:c9:fc:43:5f:15:3c:
         ea:e1:e2:0d:f7:6c:37:50:c3:26:f5:7c:02:df:a8:50:f2:a9:
         61:38:75:38:c1:6c:66:1a:65:44:6b:81:d6:e2:6e:79:f9:7c:
         7c:e6:3f:1b:b3:26:46:f3:a3:5f:19:32:73:a8:04:a0:db:4e:
         6b:25:cb:61:fd:40:88:91:f2:cd:3f:e5:66:4e:18:f9:6f:1b:
         79:e4:3d:c7:0c:3c:5c:58:20:8b:31:22:8c:de:20:f9:23:24:
         d7:5c:01:a5:c5:b1:0c:d1:43:ef:c2:43:c6:ab:1d:b1:9f:bc:
         ec:73:33:fb:1a:c7:70:e4:d4:be:dc:e1:0d:38:c9:16:65:18:
         b9:69:77:14:4d:59:c4:0e:12:7c:c2:bb:50:fc:53:9f:ce:5f:
         d8:0c:ac:b1:ae:20:45:25:09:05:ac:ba:4d:a3:de:cd:de:93:
         85:b7:65:eb:40:e4:68:55:66:b4:8f:9f:86:8a:90:95:42:79:
         3b:41:58:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmBNa4sLXY1xeGx+2QEtJOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZDIwYTIyZTk0OGZiOTY0NDEyOWFkMzAxOWYwOGQ0ZjQ5
ODFmY2YwHhcNMjUwOTI1MTQxMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE2NmQ4NzRjNTdmMzkxZDY5ZmFlYzZjYzM0YTk0ZTExMDkyYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXkPtHdRftHctFCahXdbHQTrLw5d
bp8l10Qnq4KO62Trt/1mHRQ6gnX3PgFCXN9VByvxvY8lbH/VG6qdHTHvykZnCVF4
pTOfpTmAMN6KpB5EM0RXVHZH5WCY3iMu13CHRlQdJO9a95n5xkD6MnezIlNBqPBh
5c+2l8yk+uLAbd2W2k7m2bjzFyamZQPl4EYt2+TnbJ554prrlH5mdeZ/LVHcJEWk
XX7oZGFdNpo+DYNc8XeTNrJ22L8pWboQ7wi1AJKRWRuklssfPkAifqMLyVMWa10X
q33WKEidbgQv8naYJ7ACDVJultOeV6F0VsztcedB8ZWMe62YeLA99CusrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEWbYdMV/OR1p+uxsw0qU4RCSulMB8GA1UdIwQY
MBaAFOrSCiLpSPuWRBKa0wGfCNT0mB/PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnRJS0l1bEktNVpFRXByVEFaOEkxUFNZSDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8xN2NhNWYtNDMyNy00YTg4LWI5NzYt
YjY0ZmZjZTA2NTgwLzEvRVJadGgweFg4NUhXbjY3R3pEU3BUaEVKSzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8xN2NhNWYtNDMyNy00YTg4LWI5NzYtYjY0ZmZjZTA2NTgw
LzEvNnRJS0l1bEktNVpFRXByVEFaOEkxUFNZSDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZmYMA0G
CSqGSIb3DQEBCwUAA4IBAQATyDk4EcDq4w4+meC1/vAXY9i6Nmi+iOVqy3pIgFlY
dXGk2TAE8OEnIUxQCVHIYINcedETRXQFnPPdEI6vqCn7DOHJ/ENfFTzq4eIN92w3
UMMm9XwC36hQ8qlhOHU4wWxmGmVEa4HW4m55+Xx85j8bsyZG86NfGTJzqASg205r
Jcth/UCIkfLNP+VmThj5bxt55D3HDDxcWCCLMSKM3iD5IyTXXAGlxbEM0UPvwkPG
qx2xn7zsczP7Gsdw5NS+3OENOMkWZRi5aXcUTVnEDhJ8wrtQ/FOfzl/YDKyxriBF
JQkFrLpNo97N3pOFt2XrQORoVWa0j5+GipCVQnk7QVhC
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:52 2025 by rpki-client