Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/ONUCtbkDeeY2PA4jyY-af2rV2nc.roa
File:                     ONUCtbkDeeY2PA4jyY-af2rV2nc.roa (raw, json)
Hash identifier:          UqkqTmMsI7S3ytTnMMGoR5/dJydP8VGBx/KeOodELdE=
Subject key identifier:   38:D5:02:B5:B9:03:79:E6:36:3C:0E:23:C9:8F:9A:7F:6A:D5:DA:77
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       0196F4B219DE96CF8DF73B934692D6A4225D
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/ONUCtbkDeeY2PA4jyY-af2rV2nc.roa
Signing time:             Wed 21 May 2025 21:13:54 +0000
ROA not before:           Wed 21 May 2025 21:13:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        139.28.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f4:b2:19:de:96:cf:8d:f7:3b:93:46:92:d6:a4:22:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: May 21 21:13:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38d502b5b90379e6363c0e23c98f9a7f6ad5da77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:60:39:9c:13:03:8c:1c:e3:16:58:c9:68:8d:
                    be:05:9f:bd:50:53:48:17:ea:69:db:75:8f:40:59:
                    db:9c:fa:fe:f5:8e:5f:38:52:7d:98:f8:e1:04:7e:
                    8c:dd:2c:ca:42:a9:30:63:a5:18:88:3c:d8:99:2e:
                    e6:34:ea:f1:36:12:45:8c:9c:f3:90:3c:32:5e:b2:
                    9b:1c:7d:51:cf:6b:b1:4c:91:b9:5f:6e:cd:72:70:
                    66:11:05:03:e5:50:01:0f:52:c4:70:39:87:cb:f3:
                    21:e9:fd:ce:0f:a6:bc:35:0a:17:f9:b6:4d:db:86:
                    ae:49:08:a0:ce:90:11:52:70:38:be:17:57:d5:5e:
                    80:5c:d0:17:ac:df:b7:15:36:6c:e7:eb:2d:ed:6a:
                    e5:99:46:5d:92:05:0f:05:40:fd:25:a3:bd:46:88:
                    d7:f4:bd:9a:b7:71:ed:d0:1f:f0:e3:63:42:04:64:
                    f9:70:2b:7c:fe:4a:5c:10:28:56:91:7d:ac:87:c1:
                    d3:72:a2:d8:7a:8c:bf:bd:39:03:af:d4:ca:31:c2:
                    6d:1b:49:c1:c0:f6:dc:21:c3:11:b3:4a:03:93:e9:
                    27:79:66:f9:9c:20:29:3e:7d:4b:4f:00:fd:99:6c:
                    7a:ad:f5:6d:d3:f7:a8:2b:5a:4c:8d:7b:df:ec:8c:
                    00:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D5:02:B5:B9:03:79:E6:36:3C:0E:23:C9:8F:9A:7F:6A:D5:DA:77
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/ONUCtbkDeeY2PA4jyY-af2rV2nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:1e:b9:80:39:01:c4:56:47:47:08:b9:24:c5:2f:12:fa:ae:
         e0:8e:4d:f4:b1:ba:80:d9:23:84:83:c0:c9:c8:94:21:a2:27:
         b3:ec:6b:f1:1f:ac:0c:eb:45:e9:79:8c:62:8f:d4:75:58:a5:
         ef:a7:10:97:eb:59:a1:8d:07:c5:2c:7b:24:0a:72:09:9b:0a:
         46:d0:65:7a:aa:f9:d9:cc:78:84:d8:de:f0:91:3f:3f:d0:f0:
         d1:75:df:32:e3:52:6c:2c:6a:cd:04:09:5e:42:36:9b:78:b0:
         fb:45:42:fd:ff:1a:bd:7b:61:3a:1b:28:ef:1d:d1:31:db:de:
         19:6f:c5:92:c6:c6:78:c6:f1:e1:aa:d4:78:dc:6b:bd:7f:7c:
         1d:c3:28:98:72:44:87:64:d4:2c:90:ab:11:0f:a2:40:00:00:
         43:20:20:8e:83:89:94:9c:55:ed:c5:8e:23:0c:87:f4:c0:a8:
         45:41:ba:05:11:eb:b0:38:3b:de:0a:ae:90:fc:fc:b6:06:c8:
         d5:fe:bf:b7:aa:4f:5a:93:77:76:e7:97:18:c6:12:b1:c9:1b:
         61:a1:45:98:d9:1b:d3:6d:82:9e:64:e0:c3:09:4c:f1:03:90:
         41:4e:58:3e:c7:6a:0e:fc:7d:56:dd:81:5d:a9:61:90:db:dc:
         5b:36:7d:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb0shnels+N9zuTRpLWpCJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwNTIxMjExMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ1MDJiNWI5MDM3OWU2MzYzYzBlMjNjOThmOWE3ZjZhZDVkYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2A5nBMDjBzjFljJaI2+BZ+9UFNI
F+pp23WPQFnbnPr+9Y5fOFJ9mPjhBH6M3SzKQqkwY6UYiDzYmS7mNOrxNhJFjJzz
kDwyXrKbHH1Rz2uxTJG5X27NcnBmEQUD5VABD1LEcDmHy/Mh6f3OD6a8NQoX+bZN
24auSQigzpARUnA4vhdX1V6AXNAXrN+3FTZs5+st7WrlmUZdkgUPBUD9JaO9RojX
9L2at3Ht0B/w42NCBGT5cCt8/kpcEChWkX2sh8HTcqLYeoy/vTkDr9TKMcJtG0nB
wPbcIcMRs0oDk+kneWb5nCApPn1LTwD9mWx6rfVt0/eoK1pMjXvf7IwA/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjVArW5A3nmNjwOI8mPmn9q1dp3MB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvT05VQ3Ria0RlZVkyUEE0anlZLWFmMnJWMm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQCHHrmAOQHEVkdHCLkkxS8S+q7gjk30sbqA2SOEg8DJ
yJQhoiez7GvxH6wM60XpeYxij9R1WKXvpxCX61mhjQfFLHskCnIJmwpG0GV6qvnZ
zHiE2N7wkT8/0PDRdd8y41JsLGrNBAleQjabeLD7RUL9/xq9e2E6GyjvHdEx294Z
b8WSxsZ4xvHhqtR43Gu9f3wdwyiYckSHZNQskKsRD6JAAABDICCOg4mUnFXtxY4j
DIf0wKhFQboFEeuwODveCq6Q/Py2BsjV/r+3qk9ak3d255cYxhKxyRthoUWY2RvT
bYKeZODDCUzxA5BBTlg+x2oO/H1W3YFdqWGQ29xbNn3W
-----END CERTIFICATE-----