Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/VOndbqpoEbtrniHGJclVpTyd0sg.roa
File:                     VOndbqpoEbtrniHGJclVpTyd0sg.roa (raw, json)
Hash identifier:          uO/rvTFAvB10MU0tAI5r82qeP4ymCHiF1oP1ihKjH1o=
Subject key identifier:   54:E9:DD:6E:AA:68:11:BB:6B:9E:21:C6:25:C9:55:A5:3C:9D:D2:C8
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019CC425A3601B5DF51C2FA58D61D1E399EB
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/VOndbqpoEbtrniHGJclVpTyd0sg.roa
Signing time:             Fri 06 Mar 2026 17:15:26 +0000
ROA not before:           Fri 06 Mar 2026 17:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57844
IP address blocks:        139.28.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 20:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c4:25:a3:60:1b:5d:f5:1c:2f:a5:8d:61:d1:e3:99:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Mar  6 17:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54e9dd6eaa6811bb6b9e21c625c955a53c9dd2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9c:a6:aa:ab:2f:3c:45:f0:4a:25:51:d8:81:
                    77:b2:f8:c7:94:d5:27:71:b5:c0:77:49:2f:8c:f3:
                    4a:39:4a:d4:fd:d8:2a:44:42:d0:74:bd:ef:9d:c2:
                    6d:e9:f6:73:2f:2c:dd:f2:37:e5:57:c0:7c:c4:ef:
                    00:f0:bf:72:e5:da:72:c3:43:79:07:64:7f:0b:c0:
                    98:9b:3a:80:d3:51:6c:f0:b4:3b:e0:6a:ad:1c:1b:
                    64:b8:54:a6:8b:7f:89:97:3a:e0:96:90:57:4f:1b:
                    33:71:36:a5:a9:80:3c:e1:06:21:c4:0c:2e:4d:03:
                    c1:f2:ef:d1:92:d3:a9:3b:0a:7f:f8:23:09:fa:33:
                    f5:93:f3:47:52:9e:36:b4:d1:7c:84:98:7d:22:27:
                    62:15:85:80:97:7e:4d:3c:88:ab:f7:d0:b6:98:44:
                    ca:14:64:a9:f1:aa:31:0a:b6:52:42:5a:be:e7:21:
                    4e:3e:bd:97:9e:09:ff:ad:09:7a:3a:a9:34:91:f9:
                    0a:a3:30:0e:96:3a:fd:12:f6:ad:c1:04:09:2b:93:
                    a3:a9:71:92:e1:ec:cc:04:18:6b:9f:93:06:d8:16:
                    0d:eb:f5:bb:3a:96:65:f4:02:2d:4f:bb:91:d7:a1:
                    f0:de:46:93:18:c6:34:ac:d7:5f:4d:78:76:a8:ec:
                    2f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:E9:DD:6E:AA:68:11:BB:6B:9E:21:C6:25:C9:55:A5:3C:9D:D2:C8
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/VOndbqpoEbtrniHGJclVpTyd0sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:84:5e:0d:03:b5:52:c3:cb:65:dc:16:53:18:ed:af:cf:19:
         d6:ec:c2:18:35:72:c7:8c:4d:09:53:eb:19:16:0e:3a:0a:56:
         60:9b:87:4f:07:ff:06:d7:f3:67:0a:0c:31:4b:4a:1d:33:df:
         1b:25:50:0b:c8:92:69:37:2a:bc:4b:bd:15:17:06:48:52:e7:
         a4:f9:15:82:7f:8f:a2:b1:f7:eb:34:ca:f7:73:1a:72:00:ae:
         8b:bf:46:e3:0a:64:96:ba:44:a3:47:0e:0a:05:ac:90:41:58:
         a8:67:eb:28:53:23:12:a4:b5:6d:11:80:7a:99:9c:67:a5:6d:
         df:ee:0d:2f:9d:30:cb:d1:31:72:9f:07:c7:e9:ea:62:96:98:
         7b:7e:b1:25:ab:c6:d8:fb:57:14:94:45:2d:da:66:06:79:3f:
         5a:f7:c9:8b:b8:e3:5b:ca:b8:2c:ed:ef:6f:a4:05:d8:3e:d4:
         55:d9:f9:b8:9d:1b:85:a7:02:cd:fc:41:fa:fe:a1:8e:b5:ef:
         17:f7:09:37:0d:ef:62:f2:a1:53:f3:1d:c3:21:fe:54:16:0f:
         38:c6:2a:9f:50:0a:ac:56:5f:10:f8:9c:c2:3b:b4:dd:65:c5:
         ab:f4:2e:ba:6f:a0:6b:fc:e5:2f:23:1b:8b:9e:ff:32:73:9f:
         8a:c8:a4:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzEJaNgG131HC+ljWHR45nrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjYwMzA2MTcxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGU5ZGQ2ZWFhNjgxMWJiNmI5ZTIxYzYyNWM5NTVhNTNjOWRkMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZymqqsvPEXwSiVR2IF3svjHlNUn
cbXAd0kvjPNKOUrU/dgqRELQdL3vncJt6fZzLyzd8jflV8B8xO8A8L9y5dpyw0N5
B2R/C8CYmzqA01Fs8LQ74GqtHBtkuFSmi3+JlzrglpBXTxszcTalqYA84QYhxAwu
TQPB8u/RktOpOwp/+CMJ+jP1k/NHUp42tNF8hJh9IidiFYWAl35NPIir99C2mETK
FGSp8aoxCrZSQlq+5yFOPr2Xngn/rQl6Oqk0kfkKozAOljr9EvatwQQJK5OjqXGS
4ezMBBhrn5MG2BYN6/W7OpZl9AItT7uR16Hw3kaTGMY0rNdfTXh2qOwv2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTp3W6qaBG7a54hxiXJVaU8ndLIMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvVk9uZGJxcG9FYnRybmlIR0pjbFZwVHlkMHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQCLhF4NA7VSw8tl3BZTGO2vzxnW7MIYNXLHjE0JU+sZ
Fg46ClZgm4dPB/8G1/NnCgwxS0odM98bJVALyJJpNyq8S70VFwZIUuek+RWCf4+i
sffrNMr3cxpyAK6Lv0bjCmSWukSjRw4KBayQQVioZ+soUyMSpLVtEYB6mZxnpW3f
7g0vnTDL0TFynwfH6epilph7frElq8bY+1cUlEUt2mYGeT9a98mLuONbyrgs7e9v
pAXYPtRV2fm4nRuFpwLN/EH6/qGOte8X9wk3De9i8qFT8x3DIf5UFg84xiqfUAqs
Vl8Q+JzCO7TdZcWr9C66b6Br/OUvIxuLnv8yc5+KyKST
-----END CERTIFICATE-----