Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/TDs3SCHkSwxi2Xb9E5-5lxldSWA.roa
File:                     TDs3SCHkSwxi2Xb9E5-5lxldSWA.roa (raw, json)
Hash identifier:          UmMaqKmCtjb0oErlYVHbczcMBZ32+2r0z5hmDOfKCCM=
Subject key identifier:   4C:3B:37:48:21:E4:4B:0C:62:D9:76:FD:13:9F:B9:97:19:5D:49:60
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       0198CD4984DCB3D9910A3154F27A3FDFD1D6
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/TDs3SCHkSwxi2Xb9E5-5lxldSWA.roa
Signing time:             Thu 21 Aug 2025 15:40:04 +0000
ROA not before:           Thu 21 Aug 2025 15:40:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        72.56.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:49:84:dc:b3:d9:91:0a:31:54:f2:7a:3f:df:d1:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Aug 21 15:40:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c3b374821e44b0c62d976fd139fb997195d4960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3f:fd:3d:61:a0:9a:8e:dc:83:54:4d:c3:78:
                    f9:ce:d6:09:08:1b:db:b1:37:0f:05:11:1a:e2:e4:
                    40:7c:d5:71:3f:92:f1:2f:a2:6e:82:f5:cc:26:ed:
                    3e:c7:a6:4e:dd:96:3d:04:40:08:db:05:70:d9:80:
                    80:72:8d:c0:92:17:06:02:ec:69:98:41:24:45:aa:
                    05:da:be:a4:c8:94:03:1b:cd:27:f0:9f:d1:e8:33:
                    57:09:09:d1:bf:2a:45:28:9b:e3:94:72:a8:35:00:
                    95:ee:86:9d:e3:c4:ac:05:50:6b:65:b0:e8:14:c8:
                    87:bc:89:b5:ab:5a:fa:57:d2:77:1f:48:c9:e7:e9:
                    b2:8a:29:aa:87:a4:4f:75:67:f4:51:97:bc:b2:21:
                    cc:80:a9:f6:74:a9:e5:77:9e:84:9e:51:28:37:78:
                    d3:53:dc:b8:83:ec:92:bd:13:1a:57:3a:99:e7:93:
                    12:02:4d:ad:71:99:dd:df:b6:f6:0d:07:37:ed:86:
                    ab:68:f6:22:5c:fe:5d:46:3f:af:3d:c4:cd:17:d8:
                    28:79:ce:fb:f9:1c:60:1a:95:95:96:92:07:69:65:
                    0c:b2:68:32:43:35:f7:83:92:f3:80:11:7e:d5:fc:
                    ab:1a:a0:4b:13:97:f6:2e:b9:35:3e:3f:3d:7e:a4:
                    50:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3B:37:48:21:E4:4B:0C:62:D9:76:FD:13:9F:B9:97:19:5D:49:60
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/TDs3SCHkSwxi2Xb9E5-5lxldSWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a9:60:16:1f:64:b2:f4:81:31:1d:d5:45:3d:3c:22:de:42:26:
         1e:f6:1d:be:7f:98:5c:d7:6d:d5:da:d7:f4:a6:f2:2d:c9:8d:
         98:1c:a8:f1:f6:96:aa:97:c1:6a:a6:1b:69:1f:c2:65:0a:07:
         f8:72:66:97:fc:e3:67:d7:5b:ff:14:b3:fd:5f:d4:72:74:13:
         e4:05:f2:50:83:f6:07:e0:f4:f4:e2:39:25:d3:15:da:2d:bf:
         09:c2:b0:27:0a:b2:fd:d6:54:5b:4a:6b:35:be:b3:2c:eb:9f:
         b3:c3:9f:9a:77:77:10:27:d0:94:14:e7:34:81:eb:8b:55:50:
         39:fe:7d:7f:5a:67:f4:e8:d6:e2:6f:d1:f2:65:1b:bd:5c:2b:
         f2:d8:55:8a:4d:16:ed:df:87:bd:f2:fb:37:57:b1:c1:e1:aa:
         1f:10:47:06:7d:89:06:e8:47:80:10:a8:d1:db:94:c0:92:34:
         30:cb:81:0c:df:a6:d4:d9:56:2b:5a:c1:52:06:c6:78:2e:bf:
         20:88:53:ef:78:67:a6:34:28:27:b4:c3:80:76:0e:76:94:b4:
         0b:41:3b:f2:17:5a:9a:e1:c7:65:95:19:04:d8:32:32:4e:8a:
         05:61:d9:2e:4a:23:e2:6c:91:a8:24:1e:f3:70:5c:69:1b:85:
         1d:ac:3f:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNSYTcs9mRCjFU8no/39HWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjUwODIxMTU0MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNiMzc0ODIxZTQ0YjBjNjJkOTc2ZmQxMzlmYjk5NzE5NWQ0OTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD/9PWGgmo7cg1RNw3j5ztYJCBvb
sTcPBREa4uRAfNVxP5LxL6JugvXMJu0+x6ZO3ZY9BEAI2wVw2YCAco3AkhcGAuxp
mEEkRaoF2r6kyJQDG80n8J/R6DNXCQnRvypFKJvjlHKoNQCV7oad48SsBVBrZbDo
FMiHvIm1q1r6V9J3H0jJ5+myiimqh6RPdWf0UZe8siHMgKn2dKnld56EnlEoN3jT
U9y4g+ySvRMaVzqZ55MSAk2tcZnd37b2DQc37YaraPYiXP5dRj+vPcTNF9goec77
+RxgGpWVlpIHaWUMsmgyQzX3g5LzgBF+1fyrGqBLE5f2Lrk1Pj89fqRQEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEw7N0gh5EsMYtl2/ROfuZcZXUlgMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvVERzM1NDSGtTd3hpMlhiOUU1LTVseGxkU1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHSDiAMA0G
CSqGSIb3DQEBCwUAA4IBAQCpYBYfZLL0gTEd1UU9PCLeQiYe9h2+f5hc123V2tf0
pvItyY2YHKjx9paql8FqphtpH8JlCgf4cmaX/ONn11v/FLP9X9RydBPkBfJQg/YH
4PT04jkl0xXaLb8JwrAnCrL91lRbSms1vrMs65+zw5+ad3cQJ9CUFOc0geuLVVA5
/n1/Wmf06Nbib9HyZRu9XCvy2FWKTRbt34e98vs3V7HB4aofEEcGfYkG6EeAEKjR
25TAkjQwy4EM36bU2VYrWsFSBsZ4Lr8giFPveGemNCgntMOAdg52lLQLQTvyF1qa
4cdllRkE2DIyTooFYdkuSiPibJGoJB7zcFxpG4UdrD+n
-----END CERTIFICATE-----