Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/3XuA-YVzPEgJjeMJ8s1Vm2HEV7M.roa
File:                     3XuA-YVzPEgJjeMJ8s1Vm2HEV7M.roa (raw, json)
Hash identifier:          L2BlNBBMkivGXWvUezO7Aw0uWHpwLq/KSkHq0trlQZE=
Subject key identifier:   DD:7B:80:F9:85:73:3C:48:09:8D:E3:09:F2:CD:55:9B:61:C4:57:B3
Certificate issuer:       /CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Certificate serial:       019E4A8084288E16952403D668C4C156C85E
Authority key identifier: CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/3XuA-YVzPEgJjeMJ8s1Vm2HEV7M.roa
Signing time:             Thu 21 May 2026 12:26:36 +0000
ROA not before:           Thu 21 May 2026 12:26:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396356
IP address blocks:        72.251.223.0/24 maxlen: 24
                          134.82.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:80:84:28:8e:16:95:24:03:d6:68:c4:c1:56:c8:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
        Validity
            Not Before: May 21 12:26:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd7b80f985733c48098de309f2cd559b61c457b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:04:8c:b8:9a:25:70:99:55:e0:52:f3:b1:4e:
                    f5:03:cb:d6:7b:93:2c:b1:83:9c:de:78:6c:dd:fe:
                    32:24:1f:e5:e5:47:c7:10:ed:25:f8:5c:56:31:47:
                    51:c5:ee:d8:62:39:52:14:2c:dd:7a:0a:36:ea:cb:
                    49:bc:b4:cc:9b:46:17:68:89:c8:26:48:6a:9f:5a:
                    cf:b2:3b:e1:e7:ce:75:73:db:b7:84:c9:61:de:7c:
                    d9:46:6d:2e:65:0a:8b:7b:09:22:ca:e9:bd:68:8a:
                    4f:f7:ef:bc:12:cd:29:80:cb:b5:dd:db:2a:e5:f1:
                    b4:f4:46:9a:80:6c:3d:5c:54:6a:02:8a:1a:7a:f0:
                    2e:ed:93:5c:b1:b8:59:8a:ee:0d:d0:ea:2a:f6:25:
                    73:ad:cf:71:49:24:aa:5d:40:4e:1f:17:54:dc:c4:
                    f3:3f:7c:7a:e0:bb:46:f5:04:3f:7c:b5:f6:df:68:
                    cd:94:88:51:f7:f5:b5:77:f4:b5:31:b5:13:ec:47:
                    4c:3f:b4:4d:f2:0d:de:0a:d0:7c:61:c5:b3:56:1f:
                    af:4c:92:53:6d:ef:29:53:62:3e:04:00:3e:e7:aa:
                    fd:1c:74:29:73:71:37:38:1b:32:cc:3e:ac:3d:ba:
                    ea:2b:33:7b:49:28:4c:c7:e1:a9:c3:27:ca:8a:3d:
                    62:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:7B:80:F9:85:73:3C:48:09:8D:E3:09:F2:CD:55:9B:61:C4:57:B3
            X509v3 Authority Key Identifier:
                keyid:CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/3XuA-YVzPEgJjeMJ8s1Vm2HEV7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.251.223.0/24
                  134.82.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:6b:18:c4:41:20:ca:c5:b1:5c:69:74:6f:4d:cc:b6:ed:b4:
         fa:64:6a:17:fa:cc:f0:05:93:e6:ce:da:bc:13:a0:58:05:f6:
         a0:82:81:75:7a:ea:21:3f:b1:8f:6b:7a:66:26:1f:3a:d8:88:
         bc:a0:9f:ac:b8:ad:79:a5:b5:60:8b:49:f5:df:44:cb:4c:61:
         45:f4:7b:c9:77:98:b4:97:f4:6e:de:f4:1e:ff:d3:32:e5:fa:
         4d:0d:e8:a5:ea:7e:44:55:c9:d7:42:74:84:51:b4:e5:c7:4f:
         e0:1a:93:71:cf:82:85:f2:2d:4e:20:0c:d2:92:9b:33:2d:1b:
         29:47:4e:b1:11:9d:de:f1:7e:78:1b:24:a9:45:de:71:9b:fd:
         18:d9:48:3d:5b:f8:46:69:e7:d7:32:65:fc:33:cf:d4:91:5f:
         31:39:41:a3:f6:a1:d5:1f:f3:5b:e8:55:01:5d:ae:15:24:cd:
         4d:af:5e:74:5a:f6:fc:31:24:71:87:fb:13:87:e8:53:80:fa:
         7f:fc:0b:a3:f0:ee:c0:56:09:03:80:77:8e:da:42:60:1c:fa:
         92:df:90:04:ef:02:86:f4:ef:3f:fa:a4:3d:81:75:92:8a:87:
         b2:1d:57:b6:0c:f5:a5:34:05:88:4b:0a:d6:4d:2f:12:1f:41:
         60:c2:f9:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5KgIQojhaVJAPWaMTBVsheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNTc2ZDg3NmUxN2U2N2FhM2IxZjFjMTBkYWIzOWRiMjkz
NWUyMmIwHhcNMjYwNTIxMTIyNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDdiODBmOTg1NzMzYzQ4MDk4ZGUzMDlmMmNkNTU5YjYxYzQ1N2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgSMuJolcJlV4FLzsU71A8vWe5Ms
sYOc3nhs3f4yJB/l5UfHEO0l+FxWMUdRxe7YYjlSFCzdego26stJvLTMm0YXaInI
Jkhqn1rPsjvh5851c9u3hMlh3nzZRm0uZQqLewkiyum9aIpP9++8Es0pgMu13dsq
5fG09EaagGw9XFRqAooaevAu7ZNcsbhZiu4N0Ooq9iVzrc9xSSSqXUBOHxdU3MTz
P3x64LtG9QQ/fLX232jNlIhR9/W1d/S1MbUT7EdMP7RN8g3eCtB8YcWzVh+vTJJT
be8pU2I+BAA+56r9HHQpc3E3OBsyzD6sPbrqKzN7SShMx+GpwyfKij1iqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN17gPmFczxICY3jCfLNVZthxFezMB8GA1UdIwQY
MBaAFM1XbYduF+Z6o7HxwQ2rOdspNeIrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMt
MWE4MGEyZjdkN2VhLzEvM1h1QS1ZVnpQRWdKamVNSjhzMVZtMkhFVjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMtMWE4MGEyZjdkN2Vh
LzEvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQASPvfAwQA
hlJIMA0GCSqGSIb3DQEBCwUAA4IBAQBHaxjEQSDKxbFcaXRvTcy27bT6ZGoX+szw
BZPmztq8E6BYBfaggoF1euohP7GPa3pmJh862Ii8oJ+suK15pbVgi0n130TLTGFF
9HvJd5i0l/Ru3vQe/9My5fpNDeil6n5EVcnXQnSEUbTlx0/gGpNxz4KF8i1OIAzS
kpszLRspR06xEZ3e8X54GySpRd5xm/0Y2Ug9W/hGaefXMmX8M8/UkV8xOUGj9qHV
H/Nb6FUBXa4VJM1Nr150Wvb8MSRxh/sTh+hTgPp//Auj8O7AVgkDgHeO2kJgHPqS
35AE7wKG9O8/+qQ9gXWSioeyHVe2DPWlNAWISwrWTS8SH0FgwvkS
-----END CERTIFICATE-----