Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/iCAoTJ6_FbKXxlsZVDeLJRceNFg.roa
File:                     iCAoTJ6_FbKXxlsZVDeLJRceNFg.roa (raw, json)
Hash identifier:          bMQFyA/DfiURPI0ApEpZ777S9eYeQRmm3uEDLrIS7DM=
Subject key identifier:   88:20:28:4C:9E:BF:15:B2:97:C6:5B:19:54:37:8B:25:17:1E:34:58
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019CBE62B9ECD0A95A8A3CC21FDCF2BD6B8D
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/iCAoTJ6_FbKXxlsZVDeLJRceNFg.roa
Signing time:             Thu 05 Mar 2026 14:24:26 +0000
ROA not before:           Thu 05 Mar 2026 14:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209372
IP address blocks:        72.56.128.0/18 maxlen: 24
                          72.56.192.0/20 maxlen: 24
                          72.56.208.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 18:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:62:b9:ec:d0:a9:5a:8a:3c:c2:1f:dc:f2:bd:6b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Mar  5 14:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8820284c9ebf15b297c65b1954378b25171e3458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:02:6b:50:58:d0:64:97:13:45:ba:10:c4:f6:
                    43:dd:b9:03:3a:a4:b6:fd:36:53:d8:a8:df:0c:02:
                    e3:75:f5:e3:23:8d:40:98:d0:62:21:82:98:17:ab:
                    b2:f4:f6:40:7f:09:0d:56:85:c2:ea:0d:b3:0e:09:
                    f2:65:f7:05:20:22:d3:2f:36:6d:00:2f:7c:67:46:
                    77:74:e7:49:e1:fc:f8:43:f7:55:e7:d5:78:38:a4:
                    5d:ff:5b:36:68:0c:b8:64:90:c2:09:a2:91:9c:2e:
                    07:3d:0f:0b:cc:0d:ed:71:8b:93:1c:33:a3:09:19:
                    88:9c:28:4a:1a:fa:e5:7c:6f:7e:4e:16:b5:27:71:
                    40:81:d8:a0:06:6a:2f:27:12:6f:8b:95:68:b2:de:
                    fb:39:c2:37:ce:fb:1e:d5:31:03:c3:98:1e:c8:f3:
                    b3:6e:55:a7:43:db:57:77:a9:97:2d:7c:85:1e:e8:
                    23:ee:a6:88:f7:45:6d:cb:7d:3a:d5:8c:0a:11:31:
                    46:71:40:5e:6d:95:ce:28:34:ce:46:2f:ab:08:10:
                    8f:6b:4b:fe:90:af:56:8d:2b:8c:b0:ff:05:a6:6a:
                    00:b3:0f:e9:c7:5d:51:31:83:c3:4f:e2:30:ec:b9:
                    c1:14:11:64:8e:df:9c:2b:f9:0e:5b:f3:0d:89:b8:
                    f2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:20:28:4C:9E:BF:15:B2:97:C6:5B:19:54:37:8B:25:17:1E:34:58
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/iCAoTJ6_FbKXxlsZVDeLJRceNFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.128.0-72.56.215.255

    Signature Algorithm: sha256WithRSAEncryption
         09:1d:7e:e6:a2:eb:b0:ff:ea:2b:a5:16:b7:84:2b:c7:3e:b8:
         a4:24:a3:48:a9:ec:1e:51:4e:5e:cd:1f:6c:af:22:90:a2:aa:
         04:c8:9b:a5:4a:29:95:c4:30:1a:9e:17:88:5c:dd:af:8e:93:
         a3:bf:f8:a8:b3:80:39:99:7f:b3:0b:3e:86:1c:0b:a8:ad:6c:
         b7:d6:f9:61:c2:bf:f1:bd:48:b2:6d:1f:d8:58:ea:2e:e9:4c:
         e6:d8:dd:c3:d9:7e:8c:41:0b:ca:14:a2:88:db:1b:18:00:a8:
         97:ef:3e:63:b8:c9:9f:e6:2e:46:af:94:37:da:ae:91:ef:6a:
         1d:c6:c9:1d:45:9d:1d:cd:0f:6d:35:6d:03:dc:0b:ee:0c:04:
         70:48:4a:73:19:c0:40:86:28:b0:33:e0:b9:af:5a:11:31:39:
         97:af:d3:36:21:c9:f4:28:a7:80:eb:26:03:0e:b3:5b:17:a4:
         aa:92:a6:6f:81:3d:34:9e:65:1d:fb:d3:1e:d4:88:5a:f9:19:
         4e:04:76:6f:b6:b1:3a:2a:61:cd:16:49:46:87:69:51:33:8f:
         aa:c7:bb:0e:78:82:99:8c:d5:5a:c2:1c:f9:6d:ca:30:f3:4b:
         13:7a:4e:5c:9d:6a:59:51:c4:b5:82:11:f7:fc:bb:7b:0b:d1:
         d8:ba:f5:38
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZy+Yrns0KlaijzCH9zyvWuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwMzA1MTQyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODIwMjg0YzllYmYxNWIyOTdjNjViMTk1NDM3OGIyNTE3MWUzNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QJrUFjQZJcTRboQxPZD3bkDOqS2
/TZT2KjfDALjdfXjI41AmNBiIYKYF6uy9PZAfwkNVoXC6g2zDgnyZfcFICLTLzZt
AC98Z0Z3dOdJ4fz4Q/dV59V4OKRd/1s2aAy4ZJDCCaKRnC4HPQ8LzA3tcYuTHDOj
CRmInChKGvrlfG9+Tha1J3FAgdigBmovJxJvi5Vost77OcI3zvse1TEDw5geyPOz
blWnQ9tXd6mXLXyFHugj7qaI90Vty3061YwKETFGcUBebZXOKDTORi+rCBCPa0v+
kK9WjSuMsP8FpmoAsw/px11RMYPDT+Iw7LnBFBFkjt+cK/kOW/MNibjyWQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIggKEyevxWyl8ZbGVQ3iyUXHjRYMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvaUNBb1RKNl9GYktYeGxzWlZEZUxKUmNlTkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAdIOIAD
BANIONAwDQYJKoZIhvcNAQELBQADggEBAAkdfuai67D/6iulFreEK8c+uKQko0ip
7B5RTl7NH2yvIpCiqgTIm6VKKZXEMBqeF4hc3a+Ok6O/+KizgDmZf7MLPoYcC6it
bLfW+WHCv/G9SLJtH9hY6i7pTObY3cPZfoxBC8oUoojbGxgAqJfvPmO4yZ/mLkav
lDfarpHvah3GyR1FnR3ND201bQPcC+4MBHBISnMZwECGKLAz4LmvWhExOZev0zYh
yfQop4DrJgMOs1sXpKqSpm+BPTSeZR370x7UiFr5GU4Edm+2sToqYc0WSUaHaVEz
j6rHuw54gpmM1VrCHPltyjDzSxN6TlydallRxLWCEff8u3sL0di69Tg=
-----END CERTIFICATE-----