Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/g_xhFlxALcLse_-Oj4PBePBZJnY.roa
File:                     g_xhFlxALcLse_-Oj4PBePBZJnY.roa (raw, json)
Hash identifier:          ZZWn8HGPLGkcu+1b7mxcw+bmNtXcMX/Z/tSj0BCyotA=
Subject key identifier:   83:FC:61:16:5C:40:2D:C2:EC:7B:FF:8E:8F:83:C1:78:F0:59:26:76
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019961DD67BFF1DA9E547A1D8ACE51E423AB
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/g_xhFlxALcLse_-Oj4PBePBZJnY.roa
Signing time:             Fri 19 Sep 2025 12:05:23 +0000
ROA not before:           Fri 19 Sep 2025 12:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213114
IP address blocks:        72.56.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:dd:67:bf:f1:da:9e:54:7a:1d:8a:ce:51:e4:23:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Sep 19 12:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83fc61165c402dc2ec7bff8e8f83c178f0592676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bd:38:84:dc:6f:82:2f:d9:16:9d:f9:a2:44:
                    f7:84:83:b8:63:0f:69:97:68:d5:1d:2f:24:cc:54:
                    19:2a:1e:b3:68:8a:72:ea:a1:ad:d7:3e:f5:1b:f3:
                    71:b6:66:be:d4:2c:0d:89:6d:f8:90:c5:3f:5a:0c:
                    29:b2:b7:26:8c:0d:6f:a6:57:89:04:4e:0c:20:ec:
                    f3:0d:5d:82:9d:40:93:c7:3e:a7:df:c1:79:20:7b:
                    37:51:f0:9d:a2:3c:a4:d5:6b:bf:b4:ce:47:3e:dc:
                    f0:16:ef:05:4b:53:60:ca:18:8a:2b:8b:bb:44:35:
                    79:1e:26:9e:45:18:f4:ed:b6:66:b6:e1:f5:11:1f:
                    91:36:a5:f7:21:8c:89:17:46:b4:c4:29:9d:e9:fe:
                    5a:22:c3:6f:d1:15:29:d0:16:09:59:ce:7a:0e:6d:
                    b0:a2:34:a3:28:36:88:1a:a4:9a:c2:da:12:5f:b4:
                    72:8c:41:67:b6:7f:8a:da:9b:8c:e1:3b:e0:8c:cc:
                    01:d0:01:d2:fd:5f:b5:5f:af:58:a5:e3:f9:36:a5:
                    43:c5:d0:7f:64:d8:45:8c:98:54:be:8c:37:ae:b9:
                    29:25:de:45:3a:ef:ca:77:c3:18:c6:64:df:1f:62:
                    a4:69:66:2e:f1:60:24:c2:34:9e:9b:f8:a1:10:42:
                    29:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:FC:61:16:5C:40:2D:C2:EC:7B:FF:8E:8F:83:C1:78:F0:59:26:76
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/g_xhFlxALcLse_-Oj4PBePBZJnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:a1:14:fd:44:83:92:2e:26:f1:a9:97:86:dc:78:5e:da:fa:
         1c:1f:14:61:c1:70:c4:38:c8:8a:ae:60:c5:2f:9a:03:1f:35:
         de:6d:18:96:27:e4:90:99:16:e3:a5:e8:95:28:af:17:ba:c2:
         97:94:0d:56:75:ed:8c:f4:3e:35:cc:77:9f:65:72:4c:36:6a:
         2f:60:f8:68:9d:db:41:e0:49:77:70:c9:fc:b2:d0:77:6b:33:
         1b:d6:5e:f6:23:c6:8b:66:5c:e0:62:03:9c:66:a2:fc:b2:10:
         99:2f:1b:a8:77:eb:a1:43:80:b1:78:8a:34:c0:0b:ca:29:95:
         e8:67:84:ba:5c:78:27:7b:18:43:38:ba:e0:d5:b7:39:1e:11:
         83:a9:7b:0e:10:e3:b2:1d:87:0e:c7:1d:09:ed:11:7c:5a:24:
         66:38:e7:35:89:75:7e:2f:dc:4d:2b:3a:f2:ec:60:36:5d:c0:
         8b:8c:82:90:f2:02:95:b4:b2:8b:19:7a:db:53:97:01:d3:1c:
         64:92:b1:4f:e2:3c:67:60:36:a4:b1:58:18:dc:77:a5:f2:c0:
         ee:d8:e6:9f:48:0d:3d:c8:c5:6f:6a:52:5b:87:f3:53:14:dc:
         a3:88:c8:36:c8:4e:12:f6:06:00:86:d1:58:95:df:da:de:ba:
         af:26:ac:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlh3We/8dqeVHodis5R5COrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjUwOTE5MTIwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ZjNjExNjVjNDAyZGMyZWM3YmZmOGU4ZjgzYzE3OGYwNTkyNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL04hNxvgi/ZFp35okT3hIO4Yw9p
l2jVHS8kzFQZKh6zaIpy6qGt1z71G/Nxtma+1CwNiW34kMU/WgwpsrcmjA1vpleJ
BE4MIOzzDV2CnUCTxz6n38F5IHs3UfCdojyk1Wu/tM5HPtzwFu8FS1NgyhiKK4u7
RDV5HiaeRRj07bZmtuH1ER+RNqX3IYyJF0a0xCmd6f5aIsNv0RUp0BYJWc56Dm2w
ojSjKDaIGqSawtoSX7RyjEFntn+K2puM4TvgjMwB0AHS/V+1X69YpeP5NqVDxdB/
ZNhFjJhUvow3rrkpJd5FOu/Kd8MYxmTfH2KkaWYu8WAkwjSem/ihEEIpEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIP8YRZcQC3C7Hv/jo+DwXjwWSZ2MB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvZ194aEZseEFMY0xzZV8tT2o0UEJlUEJaSm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASDg6MA0G
CSqGSIb3DQEBCwUAA4IBAQBhoRT9RIOSLibxqZeG3Hhe2vocHxRhwXDEOMiKrmDF
L5oDHzXebRiWJ+SQmRbjpeiVKK8XusKXlA1Wde2M9D41zHefZXJMNmovYPhondtB
4El3cMn8stB3azMb1l72I8aLZlzgYgOcZqL8shCZLxuod+uhQ4CxeIo0wAvKKZXo
Z4S6XHgnexhDOLrg1bc5HhGDqXsOEOOyHYcOxx0J7RF8WiRmOOc1iXV+L9xNKzry
7GA2XcCLjIKQ8gKVtLKLGXrbU5cB0xxkkrFP4jxnYDaksVgY3Hel8sDu2OafSA09
yMVvalJbh/NTFNyjiMg2yE4S9gYAhtFYld/a3rqvJqx1
-----END CERTIFICATE-----