Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/9xgiRaoDHZpfEWCuWGLVozZH1gk.roa
File:                     9xgiRaoDHZpfEWCuWGLVozZH1gk.roa (raw, json)
Hash identifier:          v8wEhG7uE5X+Pic34dsR8NNSQFk/2P4s8T0Y6bprmWQ=
Subject key identifier:   F7:18:22:45:AA:03:1D:9A:5F:11:60:AE:58:62:D5:A3:36:47:D6:09
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019D78D1108D60603D6644767EB7074A87FD
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/9xgiRaoDHZpfEWCuWGLVozZH1gk.roa
Signing time:             Fri 10 Apr 2026 19:14:20 +0000
ROA not before:           Fri 10 Apr 2026 19:14:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57604
IP address blocks:        139.28.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:d1:10:8d:60:60:3d:66:44:76:7e:b7:07:4a:87:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Apr 10 19:14:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7182245aa031d9a5f1160ae5862d5a33647d609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ea:ef:90:3a:93:44:c6:47:a4:a8:09:3e:f4:
                    b7:6b:42:e5:6f:4f:ef:3f:ef:1c:77:df:0c:fe:cc:
                    a2:b7:e5:ea:9a:e0:08:bd:39:c0:98:ea:db:74:45:
                    34:f9:bf:0b:c5:e5:b1:2e:9c:21:65:60:70:4f:07:
                    02:7e:32:d7:d2:de:49:12:8d:d6:a9:8f:3c:d4:e9:
                    94:22:f8:99:1a:4f:1d:5d:f9:bc:3f:6e:d3:fa:84:
                    c0:5e:c4:c7:78:30:b1:d5:db:5d:4c:a2:31:2e:41:
                    20:83:43:26:9f:44:b7:ca:67:52:61:bd:f7:59:27:
                    dc:e3:5b:f1:f5:dd:7a:c3:0c:11:b0:2a:48:85:11:
                    65:71:c0:db:38:29:cd:de:41:38:bd:ac:3a:81:26:
                    cc:92:dc:e6:fe:67:ce:f8:25:08:04:4a:c8:31:03:
                    cd:b5:0b:b7:5c:f5:86:d0:4d:7f:44:3f:d4:13:0e:
                    f7:f8:1f:e8:62:00:db:8c:1e:91:02:bc:3a:42:18:
                    35:8e:ed:8d:71:5f:20:25:35:3e:84:6f:de:de:d5:
                    68:4b:b8:d3:c8:66:19:65:52:fe:69:e3:f6:61:e2:
                    38:64:43:32:ba:8d:aa:f0:ed:c4:cd:93:93:fa:45:
                    4f:41:b8:44:ce:12:60:f2:dc:c3:69:92:36:18:c1:
                    0d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:18:22:45:AA:03:1D:9A:5F:11:60:AE:58:62:D5:A3:36:47:D6:09
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/9xgiRaoDHZpfEWCuWGLVozZH1gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:ef:72:0d:02:5e:a4:0f:be:0a:23:11:f0:ea:8e:d8:b9:10:
         8d:65:2e:35:a2:4e:1f:8f:72:3d:5d:d5:33:04:f2:a2:61:9a:
         4d:08:bf:65:10:b6:ad:95:dd:c3:23:da:b8:41:48:3b:c8:5c:
         12:d3:25:c1:ff:be:db:7a:d1:99:6b:d0:0d:c1:18:8b:af:d3:
         81:e3:ce:8a:82:18:37:f4:96:61:91:e2:4c:e3:e7:d8:6f:c0:
         97:4b:76:b5:fb:5e:2d:8e:d9:aa:a0:5d:b3:7e:cf:4f:e5:f2:
         18:d5:d5:4d:13:ec:12:89:f1:22:79:70:aa:43:e5:88:dd:ac:
         ff:70:41:7b:bf:0c:0b:54:d7:c4:67:03:53:e6:d1:1e:e5:ec:
         fb:5d:06:de:52:f9:91:00:b9:b7:a4:68:05:80:06:68:52:52:
         97:8a:d6:f2:77:b5:e8:f7:11:f7:a1:2c:da:71:ca:7f:60:f7:
         07:6f:1a:ea:fc:01:51:4b:26:8b:5b:96:f4:06:84:1c:03:13:
         7c:90:ee:1c:0e:de:bf:f6:38:d3:a8:0e:e0:a8:3e:d5:7f:13:
         eb:37:b9:d0:6f:ca:c5:a0:5d:8a:60:71:e7:69:69:84:51:ad:
         17:78:51:1d:ff:55:a3:0d:2b:ab:78:82:59:56:5b:7f:8a:88:
         7d:94:b0:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ140RCNYGA9ZkR2frcHSof9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwNDEwMTkxNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzE4MjI0NWFhMDMxZDlhNWYxMTYwYWU1ODYyZDVhMzM2NDdkNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuervkDqTRMZHpKgJPvS3a0Llb0/v
P+8cd98M/syit+XqmuAIvTnAmOrbdEU0+b8LxeWxLpwhZWBwTwcCfjLX0t5JEo3W
qY881OmUIviZGk8dXfm8P27T+oTAXsTHeDCx1dtdTKIxLkEgg0Mmn0S3ymdSYb33
WSfc41vx9d16wwwRsCpIhRFlccDbOCnN3kE4vaw6gSbMktzm/mfO+CUIBErIMQPN
tQu3XPWG0E1/RD/UEw73+B/oYgDbjB6RArw6Qhg1ju2NcV8gJTU+hG/e3tVoS7jT
yGYZZVL+aeP2YeI4ZEMyuo2q8O3EzZOT+kVPQbhEzhJg8tzDaZI2GMENpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcYIkWqAx2aXxFgrlhi1aM2R9YJMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvOXhnaVJhb0RIWnBmRVdDdVdHTFZvelpIMWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixxIMA0G
CSqGSIb3DQEBCwUAA4IBAQAn73INAl6kD74KIxHw6o7YuRCNZS41ok4fj3I9XdUz
BPKiYZpNCL9lELatld3DI9q4QUg7yFwS0yXB/77betGZa9ANwRiLr9OB486Kghg3
9JZhkeJM4+fYb8CXS3a1+14tjtmqoF2zfs9P5fIY1dVNE+wSifEieXCqQ+WI3az/
cEF7vwwLVNfEZwNT5tEe5ez7XQbeUvmRALm3pGgFgAZoUlKXitbyd7Xo9xH3oSza
ccp/YPcHbxrq/AFRSyaLW5b0BoQcAxN8kO4cDt6/9jjTqA7gqD7VfxPrN7nQb8rF
oF2KYHHnaWmEUa0XeFEd/1WjDSureIJZVlt/ioh9lLA4
-----END CERTIFICATE-----