Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/kRIa94MWYWrUOVwjc9XA73SAMOA.roa
File:                     kRIa94MWYWrUOVwjc9XA73SAMOA.roa (raw, json)
Hash identifier:          CLFC01EOAmxOj0g9Emkl9wa15kGO2yyt+4qXoqbGCJI=
Subject key identifier:   91:12:1A:F7:83:16:61:6A:D4:39:5C:23:73:D5:C0:EF:74:80:30:E0
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       0198CD49852DF60292A35ED960BB01D4C45A
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/kRIa94MWYWrUOVwjc9XA73SAMOA.roa
Signing time:             Thu 21 Aug 2025 15:40:04 +0000
ROA not before:           Thu 21 Aug 2025 15:40:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        72.56.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:49:85:2d:f6:02:92:a3:5e:d9:60:bb:01:d4:c4:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Aug 21 15:40:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91121af78316616ad4395c2373d5c0ef748030e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bb:25:fc:b9:a8:0c:4d:aa:57:be:7a:fd:04:
                    bd:b8:e0:a4:d1:a0:eb:38:d2:db:32:fc:ad:97:40:
                    25:aa:0d:d8:7f:6d:d5:ac:ed:f5:7c:59:b6:a3:cc:
                    09:07:a3:62:75:2b:c5:03:9f:2d:15:c0:b0:6b:50:
                    10:e4:5c:8b:74:c5:02:11:9e:62:04:24:29:67:6c:
                    2e:53:c2:66:18:df:b6:b9:74:bb:90:f7:c5:aa:c1:
                    d7:08:8f:c1:57:53:bf:3c:e5:31:2e:27:36:c4:1c:
                    84:93:76:12:e9:e9:68:31:88:ed:a9:c7:f9:7e:8c:
                    a4:40:be:7f:0f:f8:ad:d8:9f:d1:a8:7c:4e:0f:09:
                    d8:f6:23:a8:43:df:15:8e:8e:d7:84:38:bf:81:65:
                    13:59:f2:c3:b1:f2:bd:2b:e3:04:05:ae:a2:41:e1:
                    98:2c:6d:7a:f1:91:ca:9e:45:8c:9a:da:c7:63:5a:
                    d4:d1:a3:7f:0e:eb:2e:70:e8:50:67:f2:92:3c:8d:
                    7d:19:a4:ad:45:67:ea:4b:25:40:fa:50:03:f8:ee:
                    db:cc:9d:82:42:f6:b2:0e:39:1d:fb:60:82:f0:68:
                    22:78:d4:76:a1:b6:97:f3:68:fc:26:b7:68:a9:3f:
                    e9:5c:85:61:37:cd:22:d9:38:82:39:65:57:75:04:
                    55:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:12:1A:F7:83:16:61:6A:D4:39:5C:23:73:D5:C0:EF:74:80:30:E0
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/kRIa94MWYWrUOVwjc9XA73SAMOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         87:f7:bb:b2:e8:99:a3:ed:07:e4:cd:c0:06:0f:e9:e7:ab:83:
         e0:7a:70:5f:f8:43:e7:d5:94:48:d0:c1:02:85:65:a0:f5:67:
         18:79:63:c2:95:75:86:18:fb:63:cd:c8:49:aa:98:f9:f5:da:
         7e:0c:18:e9:e6:87:f0:cb:9f:10:b8:14:03:4c:eb:eb:d8:a8:
         c4:3c:c4:d9:42:2d:7c:54:12:90:bd:ba:0e:56:84:21:2d:94:
         a2:c6:97:7b:ca:73:f8:62:53:8c:69:95:4b:36:a5:1f:3d:d7:
         db:5d:86:c5:95:30:74:dd:fa:a8:9b:f6:d3:eb:7a:19:f8:10:
         f1:78:cc:38:30:74:80:33:cd:ea:5f:78:55:3a:ce:b2:e6:fd:
         12:b6:cb:38:6c:ab:fa:97:3b:7a:ff:29:b1:ea:9b:b6:55:c3:
         35:3e:73:ab:f7:5a:dd:5d:ef:4a:03:c6:42:db:6c:1a:d9:39:
         ca:00:b0:52:4f:ec:5c:ef:73:07:25:db:76:0a:ad:3e:35:2e:
         bc:97:d8:12:d6:5e:59:29:46:57:b8:76:3f:0c:80:9e:53:76:
         4b:a1:df:f5:0a:f4:0e:4b:52:ce:f4:03:6c:f9:d3:f6:fe:7d:
         15:77:5d:07:17:66:79:4c:b8:e2:86:25:dc:b3:40:0e:a8:9a:
         a9:cf:88:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNSYUt9gKSo17ZYLsB1MRaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjUwODIxMTU0MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTEyMWFmNzgzMTY2MTZhZDQzOTVjMjM3M2Q1YzBlZjc0ODAzMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbsl/LmoDE2qV756/QS9uOCk0aDr
ONLbMvytl0Alqg3Yf23VrO31fFm2o8wJB6NidSvFA58tFcCwa1AQ5FyLdMUCEZ5i
BCQpZ2wuU8JmGN+2uXS7kPfFqsHXCI/BV1O/POUxLic2xByEk3YS6eloMYjtqcf5
foykQL5/D/it2J/RqHxODwnY9iOoQ98Vjo7XhDi/gWUTWfLDsfK9K+MEBa6iQeGY
LG168ZHKnkWMmtrHY1rU0aN/DusucOhQZ/KSPI19GaStRWfqSyVA+lAD+O7bzJ2C
QvayDjkd+2CC8GgieNR2obaX82j8JrdoqT/pXIVhN80i2TiCOWVXdQRVjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJESGveDFmFq1DlcI3PVwO90gDDgMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEva1JJYTk0TVdZV3JVT1Z3amM5WEE3M1NBTU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHSDiAMA0G
CSqGSIb3DQEBCwUAA4IBAQCH97uy6Jmj7QfkzcAGD+nnq4PgenBf+EPn1ZRI0MEC
hWWg9WcYeWPClXWGGPtjzchJqpj59dp+DBjp5ofwy58QuBQDTOvr2KjEPMTZQi18
VBKQvboOVoQhLZSixpd7ynP4YlOMaZVLNqUfPdfbXYbFlTB03fqom/bT63oZ+BDx
eMw4MHSAM83qX3hVOs6y5v0Stss4bKv6lzt6/ymx6pu2VcM1PnOr91rdXe9KA8ZC
22wa2TnKALBST+xc73MHJdt2Cq0+NS68l9gS1l5ZKUZXuHY/DICeU3ZLod/1CvQO
S1LO9ANs+dP2/n0Vd10HF2Z5TLjihiXcs0AOqJqpz4iL
-----END CERTIFICATE-----