Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/vTVExLKhWEraxLaHbYbF-5rPbAY.roa
File:                     vTVExLKhWEraxLaHbYbF-5rPbAY.roa (raw, json)
Hash identifier:          OkUaeri0ORy5KS5pNVCt7QDJ9Jtk+GKFKqYmDLuRx/Q=
Subject key identifier:   BD:35:44:C4:B2:A1:58:4A:DA:C4:B6:87:6D:86:C5:FB:9A:CF:6C:06
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019D3E5E8F3A1E7D71E511764B3139B7A96E
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/vTVExLKhWEraxLaHbYbF-5rPbAY.roa
Signing time:             Mon 30 Mar 2026 10:51:17 +0000
ROA not before:           Mon 30 Mar 2026 10:51:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204427
IP address blocks:        72.56.40.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:5e:8f:3a:1e:7d:71:e5:11:76:4b:31:39:b7:a9:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Mar 30 10:51:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd3544c4b2a1584adac4b6876d86c5fb9acf6c06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:18:d4:46:d9:84:a0:3b:17:ed:17:61:2f:51:
                    ed:eb:4f:cd:a5:81:46:e1:1c:75:a7:f4:53:cd:a2:
                    48:e0:86:3d:36:eb:ca:fc:e3:04:54:fe:32:22:de:
                    4a:29:ea:de:5b:02:64:1d:4c:79:18:d0:e8:6d:d3:
                    65:fb:c1:ab:bf:34:31:fa:5e:73:f2:49:29:25:f4:
                    f2:c4:4e:26:1e:73:30:2e:95:bc:ef:06:06:c3:f4:
                    e9:51:a9:3e:15:7e:89:6f:f7:54:41:87:c6:6c:21:
                    28:11:b5:90:45:96:1d:0d:c8:49:e0:2b:cb:d4:69:
                    67:b6:32:7f:8e:aa:c1:21:17:20:fc:db:7b:73:94:
                    fc:be:d3:e8:5f:d3:20:da:ac:ee:44:6a:8b:36:83:
                    3b:d0:41:5b:94:a7:83:f5:81:c7:6f:0b:59:a3:d4:
                    70:11:a8:29:c0:55:7f:af:84:13:99:a0:d1:05:7d:
                    fe:4c:53:31:e5:4c:b9:11:a7:59:fa:80:6b:40:59:
                    bf:76:f0:10:79:a6:b4:9c:64:60:a9:3d:52:15:f3:
                    59:cd:96:a3:1f:a6:a8:9b:00:5e:4b:54:6b:c7:62:
                    72:f2:2e:24:a3:06:53:b0:33:2d:95:64:ae:86:ff:
                    97:0c:29:c1:07:83:8e:96:2c:dc:ca:ae:78:c5:bf:
                    36:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:35:44:C4:B2:A1:58:4A:DA:C4:B6:87:6D:86:C5:FB:9A:CF:6C:06
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/vTVExLKhWEraxLaHbYbF-5rPbAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:19:49:01:16:a0:51:00:a2:f2:44:26:75:f8:b9:83:38:40:
         7f:03:ad:d7:42:4e:c3:0e:76:7d:3a:71:d7:b6:9d:7a:df:f1:
         85:4a:dd:45:26:d8:24:5b:cc:af:ac:bd:a8:72:94:e7:0e:48:
         38:ac:21:a2:19:2e:19:1a:06:b7:f1:5b:4c:6e:bc:0d:31:6e:
         dd:39:bb:55:6c:7a:48:99:8f:f9:e8:eb:34:56:11:82:79:9f:
         8e:52:5f:36:75:49:4c:bc:34:f6:0a:3c:00:0f:45:10:57:94:
         91:13:f3:c1:94:c5:b5:e5:b8:23:e0:4c:db:41:0d:dc:2b:1a:
         49:8c:84:01:83:c5:e5:dc:34:26:28:4d:d6:dc:bb:54:c3:29:
         2c:1b:12:0b:e3:06:37:b3:ab:4c:16:fd:f8:b3:f4:e2:e9:5f:
         e0:d6:e7:c4:8a:ba:3c:0a:65:34:df:b4:3c:ab:87:6c:f9:7b:
         4b:7f:be:a5:43:38:aa:51:87:d4:bf:84:c1:1f:33:92:f6:3e:
         f8:92:05:98:ad:51:e3:78:af:c5:e3:e3:d3:f6:d8:50:31:a3:
         3e:aa:21:c6:77:3a:39:5a:67:46:32:6c:2c:6b:38:7b:27:b0:
         11:91:ab:1f:ea:b9:ac:18:b4:06:1c:5b:4a:29:f5:c8:f4:50:
         da:2a:9c:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+Xo86Hn1x5RF2SzE5t6luMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwMzMwMTA1MTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDM1NDRjNGIyYTE1ODRhZGFjNGI2ODc2ZDg2YzVmYjlhY2Y2YzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxjURtmEoDsX7RdhL1Ht60/NpYFG
4Rx1p/RTzaJI4IY9NuvK/OMEVP4yIt5KKereWwJkHUx5GNDobdNl+8GrvzQx+l5z
8kkpJfTyxE4mHnMwLpW87wYGw/TpUak+FX6Jb/dUQYfGbCEoEbWQRZYdDchJ4CvL
1GlntjJ/jqrBIRcg/Nt7c5T8vtPoX9Mg2qzuRGqLNoM70EFblKeD9YHHbwtZo9Rw
EagpwFV/r4QTmaDRBX3+TFMx5Uy5EadZ+oBrQFm/dvAQeaa0nGRgqT1SFfNZzZaj
H6aomwBeS1Rrx2Jy8i4kowZTsDMtlWSuhv+XDCnBB4OOlizcyq54xb82IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL01RMSyoVhK2sS2h22Gxfuaz2wGMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvdlRWRXhMS2hXRXJheExhSGJZYkYtNXJQYkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBSDgoMA0G
CSqGSIb3DQEBCwUAA4IBAQCfGUkBFqBRAKLyRCZ1+LmDOEB/A63XQk7DDnZ9OnHX
tp163/GFSt1FJtgkW8yvrL2ocpTnDkg4rCGiGS4ZGga38VtMbrwNMW7dObtVbHpI
mY/56Os0VhGCeZ+OUl82dUlMvDT2CjwAD0UQV5SRE/PBlMW15bgj4EzbQQ3cKxpJ
jIQBg8Xl3DQmKE3W3LtUwyksGxIL4wY3s6tMFv34s/Ti6V/g1ufEiro8CmU037Q8
q4ds+XtLf76lQziqUYfUv4TBHzOS9j74kgWYrVHjeK/F4+PT9thQMaM+qiHGdzo5
WmdGMmwsazh7J7ARkasf6rmsGLQGHFtKKfXI9FDaKpyu
-----END CERTIFICATE-----