Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/uaKmeO6LKIX6rxBUWDyV1uOP3r8.roa
File:                     uaKmeO6LKIX6rxBUWDyV1uOP3r8.roa (raw, json)
Hash identifier:          ljrg0kEBqDTYnK1gjCNNgZQo/wR3xSNbE6jtRQ4Fm5k=
Subject key identifier:   B9:A2:A6:78:EE:8B:28:85:FA:AF:10:54:58:3C:95:D6:E3:8F:DE:BF
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       018EBEF812D93033A7DB9B4841D272B6169C
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/uaKmeO6LKIX6rxBUWDyV1uOP3r8.roa
Signing time:             Mon 08 Apr 2024 18:28:32 +0000
ROA not before:           Mon 08 Apr 2024 18:28:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57844
IP address blocks:        139.28.168.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:f8:12:d9:30:33:a7:db:9b:48:41:d2:72:b6:16:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Apr  8 18:28:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a2a678ee8b2885faaf1054583c95d6e38fdebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3f:fe:73:b6:75:83:db:3f:88:a3:94:38:d6:
                    24:ff:9d:ea:58:26:1f:58:f6:0e:7e:8e:10:f2:8c:
                    c4:73:17:4d:3d:9a:d3:85:15:df:82:1e:6f:d9:6f:
                    74:bd:ab:6b:d4:cb:e1:2d:af:34:88:f0:3e:66:bc:
                    f4:fa:96:09:ad:69:5b:8b:81:d3:cc:33:42:21:87:
                    24:60:a4:24:91:55:6c:9d:18:b6:61:3b:cd:1e:de:
                    81:57:c8:d5:c4:be:c7:b7:33:32:e5:74:b4:72:f8:
                    90:11:68:44:a1:4f:c0:ac:85:34:37:59:ca:7c:24:
                    62:19:ed:13:62:26:93:fd:12:56:78:87:51:b1:44:
                    55:87:55:f2:8b:77:bb:0f:f3:d9:c4:2e:44:9e:50:
                    66:c9:11:6e:02:95:53:e3:71:5a:0f:19:43:be:76:
                    80:42:e5:7c:8d:81:62:ef:0b:27:0b:ba:ae:8a:10:
                    1a:85:68:06:fc:da:1f:83:04:a3:f1:2a:49:3d:73:
                    54:2a:6e:e1:fa:df:70:c3:79:bc:ab:2c:a9:8c:ba:
                    31:be:f1:2b:83:b5:91:f9:30:d0:22:97:27:06:9a:
                    8c:a8:ba:36:f3:de:30:63:99:f9:51:63:d0:25:62:
                    d9:48:88:48:1a:15:96:37:4f:a8:36:99:1b:b3:cc:
                    db:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A2:A6:78:EE:8B:28:85:FA:AF:10:54:58:3C:95:D6:E3:8F:DE:BF
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/uaKmeO6LKIX6rxBUWDyV1uOP3r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:26:c2:d2:88:5d:51:cb:ac:b0:c6:b3:3b:a7:70:d1:c8:52:
         05:9c:30:cf:86:51:5a:7d:f6:4e:4e:68:d0:09:61:16:54:2b:
         9c:30:4d:4d:bc:e5:d1:01:bd:fe:62:0c:ef:7a:90:b9:94:30:
         12:b3:5a:75:d0:a2:d5:40:2e:97:e7:72:14:e0:ba:a7:3d:fb:
         68:a0:36:cd:3d:6d:3d:0c:ea:11:b4:30:ad:54:c9:6c:8f:5e:
         a5:15:92:e9:b7:5d:8b:43:a2:85:48:a0:df:d2:cc:df:d2:48:
         bb:55:21:ca:d8:37:9a:d0:d0:c7:6c:6e:bf:34:a1:57:c3:0a:
         d9:87:d7:15:50:24:ec:42:67:b0:1c:36:d2:81:3a:df:06:5a:
         7f:01:3b:48:93:45:ac:9d:f3:bf:d8:27:b8:10:2f:56:bb:39:
         ce:73:9b:86:3b:75:a0:53:bf:16:87:e1:47:d5:ca:ed:77:bf:
         c3:12:84:07:22:bc:12:5c:ac:de:7b:8f:4c:66:77:3d:86:34:
         7c:70:2e:27:86:a0:08:26:15:7b:fb:ef:75:8d:cd:2f:23:bb:
         30:b6:bc:c6:ec:e7:76:47:34:b3:54:af:ec:39:13:ef:f4:ca:
         15:0f:13:71:fa:34:ef:40:0a:95:e0:16:45:e9:b9:c5:f4:ca:
         11:75:bc:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6++BLZMDOn25tIQdJythacMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjQwNDA4MTgyODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWEyYTY3OGVlOGIyODg1ZmFhZjEwNTQ1ODNjOTVkNmUzOGZkZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjT/+c7Z1g9s/iKOUONYk/53qWCYf
WPYOfo4Q8ozEcxdNPZrThRXfgh5v2W90vatr1MvhLa80iPA+Zrz0+pYJrWlbi4HT
zDNCIYckYKQkkVVsnRi2YTvNHt6BV8jVxL7HtzMy5XS0cviQEWhEoU/ArIU0N1nK
fCRiGe0TYiaT/RJWeIdRsURVh1Xyi3e7D/PZxC5EnlBmyRFuApVT43FaDxlDvnaA
QuV8jYFi7wsnC7quihAahWgG/NofgwSj8SpJPXNUKm7h+t9ww3m8qyypjLoxvvEr
g7WR+TDQIpcnBpqMqLo2894wY5n5UWPQJWLZSIhIGhWWN0+oNpkbs8zb1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmipnjuiyiF+q8QVFg8ldbjj96/MB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvdWFLbWVPNkxLSVg2cnhCVVdEeVYxdU9QM3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQCAJsLSiF1Ry6ywxrM7p3DRyFIFnDDPhlFaffZOTmjQ
CWEWVCucME1NvOXRAb3+YgzvepC5lDASs1p10KLVQC6X53IU4LqnPftooDbNPW09
DOoRtDCtVMlsj16lFZLpt12LQ6KFSKDf0szf0ki7VSHK2Dea0NDHbG6/NKFXwwrZ
h9cVUCTsQmewHDbSgTrfBlp/ATtIk0WsnfO/2Ce4EC9WuznOc5uGO3WgU78Wh+FH
1crtd7/DEoQHIrwSXKzee49MZnc9hjR8cC4nhqAIJhV7++91jc0vI7swtrzG7Od2
RzSzVK/sORPv9MoVDxNx+jTvQAqV4BZF6bnF9MoRdbzV
-----END CERTIFICATE-----