Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/V6wlyE81nOSUZZNevO5fwFq_yuI.roa
File:                     V6wlyE81nOSUZZNevO5fwFq_yuI.roa (raw, json)
Hash identifier:          BJWgiCN26bDpqIeJaukxrOIxIn7K1eaqwr8a29JJlYg=
Subject key identifier:   57:AC:25:C8:4F:35:9C:E4:94:65:93:5E:BC:EE:5F:C0:5A:BF:CA:E2
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019905972920F58084D8A4D91110FAB0F8A4
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/V6wlyE81nOSUZZNevO5fwFq_yuI.roa
Signing time:             Mon 01 Sep 2025 14:03:36 +0000
ROA not before:           Mon 01 Sep 2025 14:03:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210976
IP address blocks:        72.56.64.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 23:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:05:97:29:20:f5:80:84:d8:a4:d9:11:10:fa:b0:f8:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Sep  1 14:03:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57ac25c84f359ce49465935ebcee5fc05abfcae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:60:d9:9b:ab:13:9c:ac:c0:cc:90:ee:61:af:
                    8e:0a:10:74:3f:23:da:24:80:78:ba:d2:59:d4:c8:
                    fe:1c:ab:44:32:cb:a5:29:a9:e6:4f:6e:6d:f3:ae:
                    c6:52:b7:62:9a:60:86:70:85:d9:c4:8c:3b:e0:13:
                    da:3e:20:f5:f9:31:39:33:48:a1:bb:7a:26:27:22:
                    e8:5e:40:76:be:d1:ec:dc:19:d0:a8:d4:ca:9f:ff:
                    0a:79:6f:47:95:cf:ac:b4:07:9c:cd:bc:71:90:65:
                    f1:37:4d:16:a0:5a:8a:1a:59:f3:e7:52:f9:fa:fa:
                    61:fd:38:20:f4:b7:c1:1a:49:83:3f:b4:b1:99:2e:
                    93:19:69:4e:84:c4:f5:15:a1:98:2d:6f:42:3f:7d:
                    8c:72:5e:14:a4:e0:2a:11:d6:79:6a:6c:46:f0:6e:
                    d9:26:a9:b0:53:0b:97:e2:d6:e1:2d:18:2a:b3:d5:
                    5d:39:54:1a:d9:83:9f:30:ab:29:3c:00:10:09:ac:
                    c3:0c:3f:35:2c:95:20:7c:c0:73:76:9a:9a:56:6f:
                    a0:69:96:24:c6:8f:e6:35:a0:cd:31:54:84:23:15:
                    7f:58:12:ce:e2:10:b4:23:f3:4f:f3:be:1b:35:81:
                    95:79:b5:39:b5:33:19:17:a1:c2:03:62:68:0b:4a:
                    83:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:AC:25:C8:4F:35:9C:E4:94:65:93:5E:BC:EE:5F:C0:5A:BF:CA:E2
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/V6wlyE81nOSUZZNevO5fwFq_yuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         45:ac:65:ee:fe:f9:e4:a2:ce:80:15:7d:63:97:d2:b0:1d:af:
         3f:82:3f:bc:57:e3:30:38:2f:6c:98:5f:ce:70:2f:10:19:0e:
         cb:2d:ea:62:18:f6:cc:9f:af:66:5e:9d:84:f6:39:4c:1e:69:
         f4:96:bf:71:5a:5f:59:03:81:72:8b:94:57:16:cc:49:33:7b:
         8c:4d:34:ec:63:3d:ed:89:0f:a4:17:ae:9a:db:13:66:88:80:
         ec:29:2a:55:e3:d9:64:83:c2:e9:61:92:b7:8d:1d:68:3a:4a:
         e7:8a:b3:ea:5a:19:64:f3:3b:6b:47:6b:04:3e:81:0d:33:05:
         dd:4d:40:7e:29:85:1b:fc:ce:3c:4c:47:89:bc:cb:83:30:86:
         09:f1:74:6a:d2:f0:43:70:b9:9b:27:8e:ba:c4:64:d7:b5:3d:
         38:b9:bd:13:55:9d:bd:14:67:2d:67:cb:2a:88:f7:0b:16:26:
         7b:99:69:0f:c9:36:ef:9b:80:37:6a:ab:af:a4:24:b1:f0:2a:
         9a:57:15:e5:5d:7b:4d:df:68:84:82:39:8f:5b:6a:00:de:82:
         cc:bf:25:81:7b:81:96:73:82:3d:e8:03:54:da:cb:cf:c4:21:
         f6:eb:3d:ef:7a:fd:46:55:3d:b8:f3:ce:9b:58:c6:43:61:89:
         06:f5:da:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkFlykg9YCE2KTZERD6sPikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjUwOTAxMTQwMzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2FjMjVjODRmMzU5Y2U0OTQ2NTkzNWViY2VlNWZjMDVhYmZjYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWDZm6sTnKzAzJDuYa+OChB0PyPa
JIB4utJZ1Mj+HKtEMsulKanmT25t867GUrdimmCGcIXZxIw74BPaPiD1+TE5M0ih
u3omJyLoXkB2vtHs3BnQqNTKn/8KeW9Hlc+stAeczbxxkGXxN00WoFqKGlnz51L5
+vph/Tgg9LfBGkmDP7SxmS6TGWlOhMT1FaGYLW9CP32Mcl4UpOAqEdZ5amxG8G7Z
JqmwUwuX4tbhLRgqs9VdOVQa2YOfMKspPAAQCazDDD81LJUgfMBzdpqaVm+gaZYk
xo/mNaDNMVSEIxV/WBLO4hC0I/NP874bNYGVebU5tTMZF6HCA2JoC0qDeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFesJchPNZzklGWTXrzuX8Bav8riMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvVjZ3bHlFODFuT1NVWlpOZXZPNWZ3RnFfeXVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFSDhAMA0G
CSqGSIb3DQEBCwUAA4IBAQBFrGXu/vnkos6AFX1jl9KwHa8/gj+8V+MwOC9smF/O
cC8QGQ7LLepiGPbMn69mXp2E9jlMHmn0lr9xWl9ZA4Fyi5RXFsxJM3uMTTTsYz3t
iQ+kF66a2xNmiIDsKSpV49lkg8LpYZK3jR1oOkrnirPqWhlk8ztrR2sEPoENMwXd
TUB+KYUb/M48TEeJvMuDMIYJ8XRq0vBDcLmbJ466xGTXtT04ub0TVZ29FGctZ8sq
iPcLFiZ7mWkPyTbvm4A3aquvpCSx8CqaVxXlXXtN32iEgjmPW2oA3oLMvyWBe4GW
c4I96ANU2svPxCH26z3vev1GVT24886bWMZDYYkG9dpR
-----END CERTIFICATE-----