Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/VgYgcy1XuxMKQGSHY-hjzWI5kkE.roa
File:                     VgYgcy1XuxMKQGSHY-hjzWI5kkE.roa (raw, json)
Hash identifier:          oBQf6gWYHRlLDqVnANAvLQUCngYQZiM07kbihjF3RpA=
Subject key identifier:   56:06:20:73:2D:57:BB:13:0A:40:64:87:63:E8:63:CD:62:39:92:41
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019DC9A32AFA9D3071BE8EF169B44DE23559
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/VgYgcy1XuxMKQGSHY-hjzWI5kkE.roa
Signing time:             Sun 26 Apr 2026 11:53:26 +0000
ROA not before:           Sun 26 Apr 2026 11:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.143.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c9:a3:2a:fa:9d:30:71:be:8e:f1:69:b4:4d:e2:35:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Apr 26 11:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=560620732d57bb130a40648763e863cd62399241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b4:50:78:7c:52:4c:26:0b:c8:89:7e:73:a7:
                    4f:d6:d3:fc:84:f6:db:35:63:4b:c8:d4:ec:47:1d:
                    54:8a:3f:64:52:58:03:4f:28:92:cf:13:6e:5c:97:
                    60:d4:e4:7a:df:66:32:85:da:3d:ce:15:de:61:cb:
                    07:b2:69:e3:00:a3:51:4c:a4:3c:4a:73:67:0a:6d:
                    4b:83:d9:7d:91:dc:a4:4a:b9:57:ef:0c:37:b6:8e:
                    9e:ab:73:26:d0:59:08:e0:9f:7f:d1:23:7b:74:5a:
                    07:9d:13:f2:0d:3a:39:14:d7:7c:3e:72:1d:32:58:
                    68:fb:68:13:5b:74:02:98:fc:7f:66:94:6e:70:45:
                    cb:3a:79:e6:cc:11:b8:81:77:ca:27:47:9f:f9:dd:
                    41:8a:6b:ba:62:fc:66:4c:4c:8b:5b:8d:cc:f5:9a:
                    81:8a:dd:f8:78:45:bd:6a:98:35:5b:4d:27:0d:e2:
                    cd:74:62:45:cc:1b:ae:eb:06:61:d9:bb:49:7f:53:
                    27:39:5e:c7:43:be:60:46:54:f7:9c:19:53:49:ef:
                    4a:d7:f4:8e:c4:e2:6e:2f:85:3e:d0:56:1e:d0:d2:
                    2e:a5:a9:b4:51:ca:98:5c:98:8a:5b:ce:49:2a:73:
                    08:7c:25:b9:64:0a:dd:5d:41:81:11:10:74:86:1b:
                    f4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:06:20:73:2D:57:BB:13:0A:40:64:87:63:E8:63:CD:62:39:92:41
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/VgYgcy1XuxMKQGSHY-hjzWI5kkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:81:3e:ae:5f:07:07:d2:2a:c1:33:53:0d:49:7b:65:57:30:
         73:ec:2f:4c:c0:c0:8a:cb:fd:f4:89:56:f0:80:d3:3c:3c:e1:
         64:3e:81:b7:b2:13:f2:34:c0:eb:09:bd:ad:04:88:c9:1c:f9:
         22:08:3b:1a:16:c5:c8:3a:2f:4a:9e:8c:cc:f9:d7:cc:4c:2f:
         72:d7:47:6b:be:08:bb:ce:bc:3d:d5:f1:3e:9e:6f:01:33:00:
         b0:ee:82:2f:64:49:ac:5d:58:d1:18:fd:be:7b:4a:39:ec:84:
         a0:8b:dc:8e:e8:c1:f4:d6:43:fc:a5:10:93:12:68:c0:2d:87:
         c4:25:c5:b6:ef:fe:63:0e:7f:15:f9:40:67:78:7f:e3:39:8d:
         b4:78:d7:91:09:b2:2e:75:23:5e:3f:80:5c:cf:5a:55:f0:6e:
         ae:64:9f:d9:6a:67:d8:c7:7c:60:0d:7b:31:45:79:37:c0:a2:
         ee:d3:1f:5d:93:21:2c:c0:36:99:dd:0b:ae:7f:e7:bc:ee:5f:
         39:be:39:fd:4e:4d:31:c3:20:96:23:91:62:f6:cd:6f:80:1b:
         82:0e:e3:b3:f5:97:37:06:7b:36:4c:7f:3e:9a:74:90:3f:23:
         5c:ba:b3:6a:5c:47:30:87:d7:23:48:1e:c2:e9:a3:4d:bf:3d:
         cc:ec:4b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Joyr6nTBxvo7xabRN4jVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwNDI2MTE1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjA2MjA3MzJkNTdiYjEzMGE0MDY0ODc2M2U4NjNjZDYyMzk5MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLRQeHxSTCYLyIl+c6dP1tP8hPbb
NWNLyNTsRx1Uij9kUlgDTyiSzxNuXJdg1OR632Yyhdo9zhXeYcsHsmnjAKNRTKQ8
SnNnCm1Lg9l9kdykSrlX7ww3to6eq3Mm0FkI4J9/0SN7dFoHnRPyDTo5FNd8PnId
Mlho+2gTW3QCmPx/ZpRucEXLOnnmzBG4gXfKJ0ef+d1Bimu6YvxmTEyLW43M9ZqB
it34eEW9apg1W00nDeLNdGJFzBuu6wZh2btJf1MnOV7HQ75gRlT3nBlTSe9K1/SO
xOJuL4U+0FYe0NIupam0UcqYXJiKW85JKnMIfCW5ZArdXUGBERB0hhv01wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYGIHMtV7sTCkBkh2PoY81iOZJBMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvVmdZZ2N5MVh1eE1LUUdTSFktaGp6V0k1a2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY9IMA0G
CSqGSIb3DQEBCwUAA4IBAQAHgT6uXwcH0irBM1MNSXtlVzBz7C9MwMCKy/30iVbw
gNM8POFkPoG3shPyNMDrCb2tBIjJHPkiCDsaFsXIOi9KnozM+dfMTC9y10drvgi7
zrw91fE+nm8BMwCw7oIvZEmsXVjRGP2+e0o57ISgi9yO6MH01kP8pRCTEmjALYfE
JcW27/5jDn8V+UBneH/jOY20eNeRCbIudSNeP4Bcz1pV8G6uZJ/ZamfYx3xgDXsx
RXk3wKLu0x9dkyEswDaZ3Quuf+e87l85vjn9Tk0xwyCWI5Fi9s1vgBuCDuOz9Zc3
Bns2TH8+mnSQPyNcurNqXEcwh9cjSB7C6aNNvz3M7Esp
-----END CERTIFICATE-----