Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/khb_nHg0pSGTidoxptDUDhVpMRE.roa
File:                     khb_nHg0pSGTidoxptDUDhVpMRE.roa (raw, json)
Hash identifier:          a1Y69sqRSLymfDktz/oYdmUj3z7+Bwa6JrhSMrXtZDY=
Subject key identifier:   92:16:FF:9C:78:34:A5:21:93:89:DA:31:A6:D0:D4:0E:15:69:31:11
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019ED53654C7887E09FDBE23A32F9A5030EE
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/khb_nHg0pSGTidoxptDUDhVpMRE.roa
Signing time:             Wed 17 Jun 2026 10:52:48 +0000
ROA not before:           Wed 17 Jun 2026 10:52:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205261
IP address blocks:        72.56.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d5:36:54:c7:88:7e:09:fd:be:23:a3:2f:9a:50:30:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Jun 17 10:52:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9216ff9c7834a5219389da31a6d0d40e15693111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:50:50:af:9d:46:ed:d5:b4:73:e0:3c:25:38:
                    fa:33:ec:38:4e:d3:cc:17:ab:57:0d:71:d8:33:b9:
                    fb:40:72:ad:fa:1e:a4:84:d7:bf:83:66:e4:89:25:
                    c0:e6:50:17:21:fb:af:9f:e9:d0:56:11:21:ff:68:
                    49:c8:fb:17:68:e4:52:05:b9:c7:bf:fd:a1:cd:95:
                    76:ba:8e:ae:d7:d4:27:45:2a:21:4b:9e:57:0c:d1:
                    bd:50:6f:38:da:a5:53:c8:2c:d9:87:2b:cb:ab:36:
                    8d:f5:42:4e:61:ca:55:0a:b4:54:b5:9d:5c:84:16:
                    77:ed:38:1d:db:62:3f:5b:e3:b4:aa:a2:75:34:03:
                    f1:cd:27:d1:94:f3:77:58:bb:0e:a2:51:d4:9a:4e:
                    21:81:c9:db:86:bd:d2:0f:2b:88:e2:85:15:df:b9:
                    af:5f:38:fc:88:e5:d7:6d:04:7c:01:c7:81:90:47:
                    1b:15:7c:40:04:a5:0e:1d:6d:b4:55:72:a7:94:e4:
                    8c:4e:93:83:e3:85:89:d2:87:65:d2:45:bf:65:15:
                    56:5a:a8:80:99:39:14:65:06:0a:d7:30:bb:ff:b1:
                    7f:c9:f4:66:b9:05:87:10:d0:ee:98:fb:c9:f6:d9:
                    51:11:8a:b4:bf:1b:db:48:84:11:b8:42:93:b3:26:
                    c7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:16:FF:9C:78:34:A5:21:93:89:DA:31:A6:D0:D4:0E:15:69:31:11
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/khb_nHg0pSGTidoxptDUDhVpMRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:7f:ff:68:52:2d:fa:46:6c:76:7b:c8:4a:d4:d4:da:aa:9c:
         1b:f6:19:e8:a4:c9:9c:8f:4e:17:d8:25:79:6e:6c:d4:ac:ef:
         c8:b1:cd:d2:0b:8c:8b:59:c5:2b:24:b2:dd:06:23:9b:fb:ba:
         53:e6:fa:11:59:7f:da:f4:74:85:ea:fb:cc:b0:97:28:dc:ff:
         ff:cf:60:c0:ed:e8:56:ef:b5:11:57:10:16:75:e2:1a:29:50:
         83:e5:2b:b7:18:3e:c2:38:89:4d:db:61:bb:30:d9:f8:65:e9:
         d1:9d:77:78:31:80:55:18:da:87:49:4b:c0:93:e2:3e:33:2b:
         7b:0b:dd:2b:e6:6b:27:fa:46:45:98:c4:3f:fb:03:25:f9:7b:
         fb:08:90:79:ff:3c:09:69:bd:d7:62:6d:81:c2:ae:4e:28:e9:
         40:5d:a7:8a:6a:15:a5:71:a3:f7:8d:d6:aa:43:d3:e5:d4:01:
         83:05:6f:f4:32:f9:8f:19:e5:52:ce:57:d8:10:8f:dc:65:3c:
         66:9b:2c:46:f6:09:7b:19:88:01:1b:bf:d0:04:5c:96:f3:cc:
         c2:64:6d:70:f8:fa:89:ea:07:79:7a:8a:02:6b:62:88:e7:1e:
         cc:f8:34:84:f8:10:c9:de:90:f7:42:d2:35:66:75:26:59:6e:
         61:a0:1d:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7VNlTHiH4J/b4joy+aUDDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwNjE3MTA1MjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjE2ZmY5Yzc4MzRhNTIxOTM4OWRhMzFhNmQwZDQwZTE1NjkzMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlBQr51G7dW0c+A8JTj6M+w4TtPM
F6tXDXHYM7n7QHKt+h6khNe/g2bkiSXA5lAXIfuvn+nQVhEh/2hJyPsXaORSBbnH
v/2hzZV2uo6u19QnRSohS55XDNG9UG842qVTyCzZhyvLqzaN9UJOYcpVCrRUtZ1c
hBZ37Tgd22I/W+O0qqJ1NAPxzSfRlPN3WLsOolHUmk4hgcnbhr3SDyuI4oUV37mv
Xzj8iOXXbQR8AceBkEcbFXxABKUOHW20VXKnlOSMTpOD44WJ0odl0kW/ZRVWWqiA
mTkUZQYK1zC7/7F/yfRmuQWHENDumPvJ9tlREYq0vxvbSIQRuEKTsybHFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIW/5x4NKUhk4naMabQ1A4VaTERMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEva2hiX25IZzBwU0dUaWRveHB0RFVEaFZwTVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASDjlMA0G
CSqGSIb3DQEBCwUAA4IBAQDaf/9oUi36Rmx2e8hK1NTaqpwb9hnopMmcj04X2CV5
bmzUrO/Isc3SC4yLWcUrJLLdBiOb+7pT5voRWX/a9HSF6vvMsJco3P//z2DA7ehW
77URVxAWdeIaKVCD5Su3GD7COIlN22G7MNn4ZenRnXd4MYBVGNqHSUvAk+I+Myt7
C90r5msn+kZFmMQ/+wMl+Xv7CJB5/zwJab3XYm2Bwq5OKOlAXaeKahWlcaP3jdaq
Q9Pl1AGDBW/0MvmPGeVSzlfYEI/cZTxmmyxG9gl7GYgBG7/QBFyW88zCZG1w+PqJ
6gd5eooCa2KI5x7M+DSE+BDJ3pD3QtI1ZnUmWW5hoB3d
-----END CERTIFICATE-----