Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/WuBrzTMwE7HOdA0Tjdz_HZVzBgo.roa
File:                     WuBrzTMwE7HOdA0Tjdz_HZVzBgo.roa (raw, json)
Hash identifier:          DnIEHQKHfh076YMR1PXf1VI9TILeIAYv9upMo2Ja63I=
Subject key identifier:   5A:E0:6B:CD:33:30:13:B1:CE:74:0D:13:8D:DC:FF:1D:95:73:06:0A
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019F00C8066B2B1DE322E7CEB6E57E0B5DB8
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/WuBrzTMwE7HOdA0Tjdz_HZVzBgo.roa
Signing time:             Thu 25 Jun 2026 21:55:36 +0000
ROA not before:           Thu 25 Jun 2026 21:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204427
IP address blocks:        72.56.40.0/23 maxlen: 24
                          201.24.58.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:00:c8:06:6b:2b:1d:e3:22:e7:ce:b6:e5:7e:0b:5d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Jun 25 21:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ae06bcd333013b1ce740d138ddcff1d9573060a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:00:db:e6:74:cd:c5:ff:9b:fb:2e:ad:dc:fc:
                    85:e7:73:59:34:55:a4:80:69:13:cd:02:7e:62:47:
                    f2:2a:06:77:6f:26:a3:d4:d8:e0:78:02:01:1a:01:
                    f2:bd:f8:94:3f:fc:bf:3e:f0:b5:43:ba:e0:c6:53:
                    9e:1d:e3:56:aa:0b:81:07:69:19:ba:0d:a8:27:3f:
                    81:97:60:85:03:57:9f:3d:5f:9d:c5:c5:2d:49:e6:
                    fa:fe:a3:38:e0:6d:76:46:96:30:57:b2:9b:cc:11:
                    57:92:6c:bc:d6:3a:e2:40:70:da:93:d9:5d:48:a6:
                    9b:31:38:df:a4:0f:dd:ed:70:90:2f:ba:bd:37:32:
                    2a:02:49:59:99:7c:54:70:28:7d:65:40:19:78:07:
                    95:c9:17:d1:60:96:de:a7:91:24:fd:a7:88:2e:fa:
                    aa:76:9c:d1:f1:30:b0:f3:f4:b1:8a:28:ec:09:b9:
                    23:32:a4:0a:1e:e0:ca:1e:a7:e4:2f:12:c5:1c:59:
                    a7:21:96:f2:fb:d9:d3:ac:35:fb:5f:61:c8:0c:40:
                    e6:65:cd:1d:71:ed:d3:1a:8b:01:f1:f0:bf:7f:7c:
                    f1:d6:21:b1:14:ae:3b:5d:35:73:d2:cc:0b:3d:56:
                    7b:c7:2a:d7:24:99:cb:1d:ba:d7:d7:be:fd:74:ef:
                    4b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E0:6B:CD:33:30:13:B1:CE:74:0D:13:8D:DC:FF:1D:95:73:06:0A
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/WuBrzTMwE7HOdA0Tjdz_HZVzBgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.40.0/23
                  201.24.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:cf:bd:9e:f8:fa:10:9c:24:22:c6:ed:30:0b:d0:c6:a4:74:
         2b:0d:79:79:a8:2a:d3:2e:29:68:68:e2:0c:77:99:a3:ee:a7:
         4c:63:ee:81:c3:bc:62:5b:a7:f6:ac:3a:45:8a:b0:34:d6:3a:
         12:87:05:02:97:7a:b9:93:91:67:2e:fc:bf:9a:4a:19:7c:62:
         c9:d9:4d:1e:bd:3f:1e:2a:05:13:5d:ee:ce:2e:c0:7d:82:a8:
         37:91:a9:3d:e7:13:d3:17:2e:33:f4:97:c8:1f:65:1c:c9:14:
         ba:dd:70:84:35:ca:59:f0:6b:8c:56:61:e2:0f:71:9a:b4:7b:
         0b:ad:db:ae:b3:a2:ff:23:10:48:53:4a:7d:93:8f:43:7e:bb:
         5f:97:a5:dc:39:18:16:e2:04:a0:23:6f:ea:14:c9:65:3f:f7:
         ec:cd:00:c9:f4:34:0a:db:5f:fd:18:fd:f5:36:db:f7:93:63:
         99:0f:61:b3:c2:42:15:0a:eb:c5:3c:61:5f:81:7f:32:2d:35:
         3b:b1:fe:bb:74:64:d8:c6:5c:55:ba:d9:ba:c6:d4:02:19:0d:
         ea:58:a8:7d:c7:a0:53:b1:ed:e8:3e:05:88:ce:59:1e:8e:8f:
         8f:1e:50:24:2a:45:11:33:d3:c7:ee:98:de:42:5f:cb:34:f0:
         aa:8f:98:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8AyAZrKx3jIufOtuV+C124MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwNjI1MjE1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWUwNmJjZDMzMzAxM2IxY2U3NDBkMTM4ZGRjZmYxZDk1NzMwNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ADb5nTNxf+b+y6t3PyF53NZNFWk
gGkTzQJ+YkfyKgZ3byaj1NjgeAIBGgHyvfiUP/y/PvC1Q7rgxlOeHeNWqguBB2kZ
ug2oJz+Bl2CFA1efPV+dxcUtSeb6/qM44G12RpYwV7KbzBFXkmy81jriQHDak9ld
SKabMTjfpA/d7XCQL7q9NzIqAklZmXxUcCh9ZUAZeAeVyRfRYJbep5Ek/aeILvqq
dpzR8TCw8/SxiijsCbkjMqQKHuDKHqfkLxLFHFmnIZby+9nTrDX7X2HIDEDmZc0d
ce3TGosB8fC/f3zx1iGxFK47XTVz0swLPVZ7xyrXJJnLHbrX1779dO9LQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFrga80zMBOxznQNE43c/x2VcwYKMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvV3VCcnpUTXdFN0hPZEEwVGpkel9IWlZ6QmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBSDgoAwQB
yRg6MA0GCSqGSIb3DQEBCwUAA4IBAQAYz72e+PoQnCQixu0wC9DGpHQrDXl5qCrT
LiloaOIMd5mj7qdMY+6Bw7xiW6f2rDpFirA01joShwUCl3q5k5FnLvy/mkoZfGLJ
2U0evT8eKgUTXe7OLsB9gqg3kak95xPTFy4z9JfIH2UcyRS63XCENcpZ8GuMVmHi
D3GatHsLrduus6L/IxBIU0p9k49Dfrtfl6XcORgW4gSgI2/qFMllP/fszQDJ9DQK
21/9GP31Ntv3k2OZD2GzwkIVCuvFPGFfgX8yLTU7sf67dGTYxlxVutm6xtQCGQ3q
WKh9x6BTse3oPgWIzlkejo+PHlAkKkURM9PH7pjeQl/LNPCqj5hS
-----END CERTIFICATE-----