Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/HS9PpWT4FCSSstlIOFCaEuTYhZA.roa
File:                     HS9PpWT4FCSSstlIOFCaEuTYhZA.roa (raw, json)
Hash identifier:          dTpJ+Vqey+wyIsJCiKM1TfllRZ7B3eMpNoAigDi5hoo=
Subject key identifier:   1D:2F:4F:A5:64:F8:14:24:92:B2:D9:48:38:50:9A:12:E4:D8:85:90
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019961DD6602F65E3B2D43B8B8B4C9D4E6D4
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/HS9PpWT4FCSSstlIOFCaEuTYhZA.roa
Signing time:             Fri 19 Sep 2025 12:05:23 +0000
ROA not before:           Fri 19 Sep 2025 12:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205261
IP address blocks:        72.56.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:dd:66:02:f6:5e:3b:2d:43:b8:b8:b4:c9:d4:e6:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Sep 19 12:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d2f4fa564f8142492b2d94838509a12e4d88590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1e:d2:16:a6:73:17:96:4c:c0:dd:52:5c:5c:
                    f0:30:d5:53:8f:09:80:31:ae:9d:d6:0f:7c:17:7e:
                    d4:db:fb:f0:d5:fb:2f:86:99:27:3e:ec:a7:4e:39:
                    69:43:89:ba:2d:1a:a8:2a:b7:fa:4a:15:b2:e4:d7:
                    28:93:e5:ef:d4:8b:58:a7:48:a3:a2:44:dd:71:fb:
                    c8:a4:68:82:5b:06:cd:5a:6e:6a:86:78:39:f7:5c:
                    f1:39:79:6c:b2:40:a6:b8:a5:65:9b:1d:c3:0e:e0:
                    e4:56:83:62:4f:d2:dc:bc:fc:60:78:08:07:c9:0b:
                    39:d1:10:8a:93:19:aa:1f:ac:d6:ca:76:d6:fc:17:
                    91:fc:14:e1:fb:5d:d5:5e:c0:39:c7:96:ef:e8:2b:
                    af:61:7a:f5:e8:17:ba:36:28:8e:81:21:ed:58:b2:
                    e8:5f:58:4d:e2:48:d2:d3:80:68:37:8b:d6:77:1a:
                    af:aa:c8:c8:d6:71:43:b5:e7:ae:cd:6c:f7:14:22:
                    09:bc:3f:da:9e:75:1b:5d:5b:fb:99:19:6c:c5:03:
                    c5:88:fe:cd:cf:db:74:9a:8e:e8:28:c2:31:50:40:
                    d6:91:6a:29:cf:c6:a5:f9:3f:30:7e:b2:d3:9e:d2:
                    ca:8b:2a:57:e6:22:13:03:84:0f:5b:61:0a:27:98:
                    cf:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:2F:4F:A5:64:F8:14:24:92:B2:D9:48:38:50:9A:12:E4:D8:85:90
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/HS9PpWT4FCSSstlIOFCaEuTYhZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:4b:98:50:5c:88:34:3c:a1:1e:55:ff:87:cc:0d:25:2c:ae:
         3d:c4:b6:0a:9a:30:07:6c:79:e9:f4:1f:44:12:22:63:5f:a3:
         9b:9a:33:9b:e9:37:48:3a:ec:85:99:12:d8:9f:03:6f:93:be:
         0b:33:49:30:1c:13:86:ae:60:a6:05:ca:64:b9:a7:49:f6:9f:
         a1:86:41:35:95:e8:2d:6b:88:bb:2c:dd:ec:29:13:c0:14:a2:
         2b:52:ac:b8:c0:78:20:fd:e5:34:bf:cd:c9:e8:e2:4d:53:97:
         e2:0f:a3:e4:b8:10:01:16:23:a8:3a:86:db:40:60:41:cd:67:
         17:1a:66:5d:9c:91:29:46:b4:8c:b0:df:ac:03:fe:b7:f9:2c:
         ee:22:84:cb:46:ee:66:ca:77:07:0d:f2:d7:fb:6e:53:95:5a:
         8f:97:46:14:21:b4:c8:67:6b:99:b0:9b:aa:da:2d:9b:a3:e3:
         96:53:1a:c8:26:89:13:02:c6:6e:6f:cb:a7:6b:53:69:67:a1:
         e9:6b:25:76:2e:aa:28:35:10:26:26:44:65:bd:8c:65:60:02:
         03:97:85:ac:35:0f:77:ed:de:15:fe:85:58:88:c6:ec:9e:43:
         6a:79:fd:c1:e9:5b:5a:46:46:62:c1:4c:93:cd:f2:30:26:02:
         40:a9:92:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlh3WYC9l47LUO4uLTJ1ObUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjUwOTE5MTIwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDJmNGZhNTY0ZjgxNDI0OTJiMmQ5NDgzODUwOWExMmU0ZDg4NTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx7SFqZzF5ZMwN1SXFzwMNVTjwmA
Ma6d1g98F37U2/vw1fsvhpknPuynTjlpQ4m6LRqoKrf6ShWy5Ncok+Xv1ItYp0ij
okTdcfvIpGiCWwbNWm5qhng591zxOXlsskCmuKVlmx3DDuDkVoNiT9LcvPxgeAgH
yQs50RCKkxmqH6zWynbW/BeR/BTh+13VXsA5x5bv6CuvYXr16Be6NiiOgSHtWLLo
X1hN4kjS04BoN4vWdxqvqsjI1nFDteeuzWz3FCIJvD/annUbXVv7mRlsxQPFiP7N
z9t0mo7oKMIxUEDWkWopz8al+T8wfrLTntLKiypX5iITA4QPW2EKJ5jPAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0vT6Vk+BQkkrLZSDhQmhLk2IWQMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvSFM5UHBXVDRGQ1NTc3RsSU9GQ2FFdVRZaFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASDg9MA0G
CSqGSIb3DQEBCwUAA4IBAQDBS5hQXIg0PKEeVf+HzA0lLK49xLYKmjAHbHnp9B9E
EiJjX6ObmjOb6TdIOuyFmRLYnwNvk74LM0kwHBOGrmCmBcpkuadJ9p+hhkE1legt
a4i7LN3sKRPAFKIrUqy4wHgg/eU0v83J6OJNU5fiD6PkuBABFiOoOobbQGBBzWcX
GmZdnJEpRrSMsN+sA/63+SzuIoTLRu5myncHDfLX+25TlVqPl0YUIbTIZ2uZsJuq
2i2bo+OWUxrIJokTAsZub8una1NpZ6HpayV2LqooNRAmJkRlvYxlYAIDl4WsNQ93
7d4V/oVYiMbsnkNqef3B6VtaRkZiwUyTzfIwJgJAqZLn
-----END CERTIFICATE-----