Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/4pRecLSQ-xIl4IPEZzRcqIax3-I.roa
File:                     4pRecLSQ-xIl4IPEZzRcqIax3-I.roa (raw, json)
Hash identifier:          H+a8jrfauVXAPTlOBPXoA0IxSm3rMjg8mh86PIxmueU=
Subject key identifier:   E2:94:5E:70:B4:90:FB:12:25:E0:83:C4:67:34:5C:A8:86:B1:DF:E2
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019961DD66C6A8828695A3AE7855638768F8
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/4pRecLSQ-xIl4IPEZzRcqIax3-I.roa
Signing time:             Fri 19 Sep 2025 12:05:23 +0000
ROA not before:           Fri 19 Sep 2025 12:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209183
IP address blocks:        72.56.59.0/24 maxlen: 24
                          72.56.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:dd:66:c6:a8:82:86:95:a3:ae:78:55:63:87:68:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Sep 19 12:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2945e70b490fb1225e083c467345ca886b1dfe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7a:9b:43:5c:d4:d0:ce:ca:64:14:61:81:83:
                    98:b2:7f:f4:a4:e9:e1:d4:cb:99:59:56:61:ba:6c:
                    7d:bc:4d:e8:dd:8a:43:90:55:70:24:07:c2:9b:2f:
                    ed:78:a7:82:ae:f0:e6:63:b7:ff:c3:9a:c7:be:a5:
                    33:69:05:3d:5e:80:64:92:61:7c:81:85:f6:3f:5e:
                    b3:f5:07:92:32:4d:aa:70:4d:f3:d6:26:77:ba:b2:
                    9e:cc:d0:0f:01:16:02:79:28:42:dc:d8:84:ff:1f:
                    34:c4:ca:2a:38:bd:49:d1:f6:7d:c0:ec:3d:ab:41:
                    31:f2:40:42:d5:a7:57:45:4d:12:a3:d4:f4:3b:a8:
                    90:2f:aa:f0:e6:ff:1b:aa:f6:ed:c9:e9:7c:27:f2:
                    8f:32:fc:9e:51:c0:38:8c:ae:dc:db:28:b0:bf:74:
                    ab:e8:2c:2d:90:08:79:dd:16:0b:95:94:59:99:cc:
                    7a:d4:f2:5e:96:f3:da:52:7a:8f:21:41:2b:a3:58:
                    d0:27:3d:de:cd:bd:cc:9c:70:36:dc:33:97:1d:c2:
                    dc:10:35:52:83:75:62:38:24:4f:35:46:4d:d1:41:
                    fb:49:8d:81:7a:01:86:7d:73:e6:84:ec:0a:31:f9:
                    a0:d5:16:c8:af:26:1c:29:6c:6a:e2:9d:e5:4a:7c:
                    7d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:94:5E:70:B4:90:FB:12:25:E0:83:C4:67:34:5C:A8:86:B1:DF:E2
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/4pRecLSQ-xIl4IPEZzRcqIax3-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.59.0-72.56.60.255

    Signature Algorithm: sha256WithRSAEncryption
         b3:9a:d6:87:7d:f8:25:7c:be:40:6e:b7:85:8f:8e:17:4a:41:
         8a:f5:56:5c:6d:5d:5b:74:6f:37:13:c8:5e:0e:32:2b:7f:4b:
         ee:7d:a8:3c:95:7f:b5:a9:92:ec:de:82:9b:69:0e:4b:89:4b:
         22:d8:c2:98:b9:8c:78:5a:63:7a:23:37:4d:05:eb:00:60:f3:
         11:60:69:47:06:79:31:3e:fe:76:c4:84:78:46:72:b6:17:41:
         2f:07:f2:8c:62:a4:f0:ec:ae:2d:28:81:33:78:aa:01:8b:54:
         6d:f5:f8:77:72:1a:89:ef:31:47:37:fc:a4:54:26:3d:35:5e:
         c3:83:7c:ea:67:de:d7:04:41:30:08:a6:33:4c:0b:58:25:86:
         51:71:ab:69:05:e7:33:73:54:42:04:36:ca:e6:c6:75:a4:1c:
         f8:92:3f:c7:44:39:e9:37:21:5f:35:7b:a4:c5:64:4b:4c:2e:
         c5:82:42:9e:49:b7:41:98:1f:c3:49:4d:40:08:0a:78:e0:50:
         4f:1e:5b:dc:43:2a:38:d0:8f:c0:58:90:92:eb:09:ba:55:be:
         ec:a5:9a:ce:93:00:b7:a4:7f:eb:26:24:91:fc:6d:54:71:14:
         e8:69:63:b4:fb:53:43:ad:19:59:ea:37:c2:21:70:1e:f4:fc:
         01:85:6f:2b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZlh3WbGqIKGlaOueFVjh2j4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjUwOTE5MTIwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjk0NWU3MGI0OTBmYjEyMjVlMDgzYzQ2NzM0NWNhODg2YjFkZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXqbQ1zU0M7KZBRhgYOYsn/0pOnh
1MuZWVZhumx9vE3o3YpDkFVwJAfCmy/teKeCrvDmY7f/w5rHvqUzaQU9XoBkkmF8
gYX2P16z9QeSMk2qcE3z1iZ3urKezNAPARYCeShC3NiE/x80xMoqOL1J0fZ9wOw9
q0Ex8kBC1adXRU0So9T0O6iQL6rw5v8bqvbtyel8J/KPMvyeUcA4jK7c2yiwv3Sr
6CwtkAh53RYLlZRZmcx61PJelvPaUnqPIUEro1jQJz3ezb3MnHA23DOXHcLcEDVS
g3ViOCRPNUZN0UH7SY2BegGGfXPmhOwKMfmg1RbIryYcKWxq4p3lSnx9lQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOKUXnC0kPsSJeCDxGc0XKiGsd/iMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvNHBSZWNMU1EteElsNElQRVp6UmNxSWF4My1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABIODsD
BABIODwwDQYJKoZIhvcNAQELBQADggEBALOa1od9+CV8vkBut4WPjhdKQYr1Vlxt
XVt0bzcTyF4OMit/S+59qDyVf7WpkuzegptpDkuJSyLYwpi5jHhaY3ojN00F6wBg
8xFgaUcGeTE+/nbEhHhGcrYXQS8H8oxipPDsri0ogTN4qgGLVG31+HdyGonvMUc3
/KRUJj01XsODfOpn3tcEQTAIpjNMC1glhlFxq2kF5zNzVEIENsrmxnWkHPiSP8dE
Oek3IV81e6TFZEtMLsWCQp5Jt0GYH8NJTUAICnjgUE8eW9xDKjjQj8BYkJLrCbpV
vuylms6TALekf+smJJH8bVRxFOhpY7T7U0OtGVnqN8IhcB70/AGFbys=
-----END CERTIFICATE-----