Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/wMrCQWEm2lPKU1aAl1mFhi-JWnE.roa
File:                     wMrCQWEm2lPKU1aAl1mFhi-JWnE.roa (raw, json)
Hash identifier:          hT7L1jOf2Ub3XumgetpA4h0Ys4xPjaNTHFtmr8cP4hQ=
Subject key identifier:   C0:CA:C2:41:61:26:DA:53:CA:53:56:80:97:59:85:86:2F:89:5A:71
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       0199589490B22EA7162AA2CCD5FC6C4A118A
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/wMrCQWEm2lPKU1aAl1mFhi-JWnE.roa
Signing time:             Wed 17 Sep 2025 16:49:15 +0000
ROA not before:           Wed 17 Sep 2025 16:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205290
IP address blocks:        72.56.62.0/24 maxlen: 24
                          72.56.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:58:94:90:b2:2e:a7:16:2a:a2:cc:d5:fc:6c:4a:11:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Sep 17 16:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0cac2416126da53ca535680975985862f895a71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e6:be:79:71:c0:37:c5:92:07:fb:a7:4c:28:
                    38:f7:a5:3a:e2:3d:e1:b3:df:91:30:ec:b3:de:19:
                    cc:b6:f4:bc:9b:0f:78:0e:f5:11:40:6b:de:79:71:
                    33:f2:d6:ae:ec:8d:56:f6:9a:ec:ea:be:af:6e:10:
                    87:38:0d:ba:3b:cc:f0:31:65:62:b3:94:f8:c3:03:
                    35:84:45:17:0b:3f:69:59:16:f7:79:07:0b:4c:2d:
                    1e:93:2f:a6:54:84:5e:ca:1e:20:2b:d0:c0:0a:29:
                    19:98:bd:29:35:30:c3:df:21:9c:c5:d5:08:16:d0:
                    4e:39:7e:4f:89:56:8e:79:c7:f6:7b:da:cd:9b:8d:
                    58:72:4f:95:8e:88:8c:cf:06:67:33:86:37:67:fb:
                    ba:d6:e8:30:97:9a:24:41:cf:ae:ba:ca:b1:ce:30:
                    79:20:70:19:f6:d9:94:f8:4a:8c:15:79:29:c1:15:
                    62:bb:67:b6:5b:2c:5e:0c:36:43:c8:3d:c2:b2:05:
                    56:f8:79:83:ed:3f:74:bc:f2:4b:5a:68:65:d5:af:
                    99:fb:c1:29:d0:b7:a5:3c:25:93:ec:99:17:08:d8:
                    1e:77:dc:a4:80:2c:4a:21:77:cf:98:55:a8:b0:d2:
                    df:88:c5:c2:7e:e4:d6:09:64:58:00:2d:8a:ec:89:
                    cc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:CA:C2:41:61:26:DA:53:CA:53:56:80:97:59:85:86:2F:89:5A:71
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/wMrCQWEm2lPKU1aAl1mFhi-JWnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:f7:07:bb:09:8d:0a:ba:38:7d:aa:1d:81:dd:7a:f7:32:fb:
         91:6a:88:e0:d5:91:05:1b:5f:32:86:76:92:f7:51:18:f2:97:
         e6:41:dd:94:e4:57:63:9a:cf:8b:04:32:a6:7a:19:d6:c5:77:
         28:fd:83:65:14:72:98:3c:f5:77:f8:96:6a:dc:ea:15:91:07:
         4a:93:f5:1c:9e:43:9c:f9:92:85:ec:45:12:7f:5c:07:f7:77:
         10:36:a0:b9:bb:9b:70:e7:35:6c:45:51:e6:ef:ac:2c:51:a5:
         fd:4c:6b:9d:ac:51:55:79:5f:8b:32:7c:c2:14:39:28:d9:22:
         24:3a:5d:c6:19:df:ec:fe:17:a2:98:59:63:4e:77:19:47:0b:
         b0:ce:6d:1c:45:45:a0:2c:2c:6c:40:e3:1e:1a:71:4c:43:a8:
         08:77:a9:32:56:c5:69:a3:5a:da:7f:d4:95:5a:47:fe:2f:c4:
         63:1f:14:e5:b1:1f:0c:19:f3:d5:16:11:20:37:45:d9:17:e1:
         a2:e7:f4:5b:46:a4:43:75:9a:ac:f9:b4:80:4e:53:7e:ca:92:
         87:a3:31:cb:72:52:42:05:b9:a4:88:1b:91:a9:f3:66:31:06:
         f5:8f:36:da:82:cd:ce:c2:06:6b:61:12:05:4e:eb:2c:67:42:
         7e:f1:22:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlYlJCyLqcWKqLM1fxsShGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjUwOTE3MTY0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGNhYzI0MTYxMjZkYTUzY2E1MzU2ODA5NzU5ODU4NjJmODk1YTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApea+eXHAN8WSB/unTCg496U64j3h
s9+RMOyz3hnMtvS8mw94DvURQGveeXEz8tau7I1W9prs6r6vbhCHOA26O8zwMWVi
s5T4wwM1hEUXCz9pWRb3eQcLTC0eky+mVIReyh4gK9DACikZmL0pNTDD3yGcxdUI
FtBOOX5PiVaOecf2e9rNm41Yck+VjoiMzwZnM4Y3Z/u61ugwl5okQc+uusqxzjB5
IHAZ9tmU+EqMFXkpwRViu2e2WyxeDDZDyD3CsgVW+HmD7T90vPJLWmhl1a+Z+8Ep
0LelPCWT7JkXCNged9ykgCxKIXfPmFWosNLfiMXCfuTWCWRYAC2K7InM0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDKwkFhJtpTylNWgJdZhYYviVpxMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvd01yQ1FXRW0ybFBLVTFhQWwxbUZoaS1KV25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBSDg+MA0G
CSqGSIb3DQEBCwUAA4IBAQCy9we7CY0Kujh9qh2B3Xr3MvuRaojg1ZEFG18yhnaS
91EY8pfmQd2U5Fdjms+LBDKmehnWxXco/YNlFHKYPPV3+JZq3OoVkQdKk/UcnkOc
+ZKF7EUSf1wH93cQNqC5u5tw5zVsRVHm76wsUaX9TGudrFFVeV+LMnzCFDko2SIk
Ol3GGd/s/heimFljTncZRwuwzm0cRUWgLCxsQOMeGnFMQ6gId6kyVsVpo1raf9SV
Wkf+L8RjHxTlsR8MGfPVFhEgN0XZF+Gi5/RbRqRDdZqs+bSATlN+ypKHozHLclJC
BbmkiBuRqfNmMQb1jzbags3OwgZrYRIFTussZ0J+8SKZ
-----END CERTIFICATE-----