Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0ba51c-1770-4dfa-8367-28f68a4a143b/1/XOVijXohL6GDC1Kx8J5Tdsax6DM.roa
File:                     XOVijXohL6GDC1Kx8J5Tdsax6DM.roa (raw, json)
Hash identifier:          6F2C15fZUiyjtyiAXYQZ6forjHYQ0NssfRJ0NaTv6OY=
Subject key identifier:   5C:E5:62:8D:7A:21:2F:A1:83:0B:52:B1:F0:9E:53:76:C6:B1:E8:33
Certificate issuer:       /CN=8d58406ad38b155c198e385a9c2f621bce21f877
Certificate serial:       0198AD65C351B9B1CCD2638460F5841F5857
Authority key identifier: 8D:58:40:6A:D3:8B:15:5C:19:8E:38:5A:9C:2F:62:1B:CE:21:F8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVhAatOLFVwZjjhanC9iG84h-Hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0ba51c-1770-4dfa-8367-28f68a4a143b/1/XOVijXohL6GDC1Kx8J5Tdsax6DM.roa
Signing time:             Fri 15 Aug 2025 11:03:04 +0000
ROA not before:           Fri 15 Aug 2025 11:03:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209573
IP address blocks:        139.28.64.0/22 maxlen: 22
                          139.28.64.0/23 maxlen: 23
                          139.28.65.0/24 maxlen: 24
                          139.28.66.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0ba51c-1770-4dfa-8367-28f68a4a143b/1/jVhAatOLFVwZjjhanC9iG84h-Hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0ba51c-1770-4dfa-8367-28f68a4a143b/1/jVhAatOLFVwZjjhanC9iG84h-Hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVhAatOLFVwZjjhanC9iG84h-Hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:65:c3:51:b9:b1:cc:d2:63:84:60:f5:84:1f:58:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d58406ad38b155c198e385a9c2f621bce21f877
        Validity
            Not Before: Aug 15 11:03:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ce5628d7a212fa1830b52b1f09e5376c6b1e833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:70:78:50:b2:32:1c:76:ea:dc:1b:af:c8:3b:
                    ef:ef:b1:d1:09:76:e4:20:0b:2e:27:08:67:71:0d:
                    64:c2:04:dd:e9:85:51:fe:e3:28:9f:c5:a0:23:b1:
                    ac:8f:74:c5:b0:7c:2e:42:8c:e2:97:40:13:6b:15:
                    e3:59:e1:57:88:09:f6:21:79:3e:cc:8b:c6:a7:7f:
                    6a:3c:36:0a:18:3f:98:1b:36:3a:07:14:75:29:8f:
                    e5:81:28:4d:6e:21:52:40:c2:d5:80:81:4b:55:03:
                    27:cc:94:a1:43:f4:fc:d9:5d:23:13:9f:9f:a6:b2:
                    22:90:4c:69:13:55:ca:4a:be:84:78:70:a6:73:e8:
                    2e:cd:83:38:9e:62:fb:79:d9:23:4f:2b:ee:e7:1f:
                    53:65:59:a1:17:c2:5b:62:23:d8:ce:78:7b:6b:ac:
                    49:cf:98:83:03:b5:f2:fe:6e:cf:c2:3a:56:4e:7d:
                    57:6c:ae:89:61:24:0f:a9:3d:81:db:12:ff:4a:8b:
                    7f:ad:34:3b:53:fd:86:43:19:1d:0c:d3:c9:2d:25:
                    10:50:4c:43:81:0d:8d:ab:d8:4d:b4:9f:f7:e2:d7:
                    e9:65:9c:e2:70:06:55:66:e3:d4:80:b0:da:60:9a:
                    3e:02:c7:cf:0d:6c:e5:52:c3:01:58:fa:9c:4e:16:
                    11:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E5:62:8D:7A:21:2F:A1:83:0B:52:B1:F0:9E:53:76:C6:B1:E8:33
            X509v3 Authority Key Identifier:
                keyid:8D:58:40:6A:D3:8B:15:5C:19:8E:38:5A:9C:2F:62:1B:CE:21:F8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVhAatOLFVwZjjhanC9iG84h-Hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0ba51c-1770-4dfa-8367-28f68a4a143b/1/XOVijXohL6GDC1Kx8J5Tdsax6DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0ba51c-1770-4dfa-8367-28f68a4a143b/1/jVhAatOLFVwZjjhanC9iG84h-Hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:13:56:17:ae:c5:09:70:4d:03:11:1a:10:65:8a:ae:35:47:
         cd:de:1b:93:b4:eb:99:42:e1:21:88:2b:6e:a1:6a:1e:8d:d4:
         0f:a5:05:96:10:12:bc:6d:ea:62:9f:bc:89:39:fa:40:46:a2:
         70:e5:6f:f4:5a:2f:b4:56:23:e0:5c:31:5c:df:f1:07:69:2d:
         6c:b3:ed:66:3a:b0:17:13:87:4a:cd:1c:04:23:4e:d5:2e:4b:
         09:63:11:37:01:8d:50:65:c2:3a:c0:1e:d9:2b:9c:ea:e5:17:
         06:bf:97:27:8d:ba:b5:6d:04:ac:c5:8b:bd:0b:9f:49:b0:82:
         c7:53:de:d7:34:34:78:7b:c6:80:33:23:bc:53:74:22:e0:66:
         9f:60:ee:c0:5f:cb:33:cf:a8:21:3f:da:97:0a:c6:41:dd:3f:
         38:f8:5a:3e:c9:7a:9a:db:4a:23:45:3f:91:33:4c:ef:d4:73:
         c9:b0:3b:01:f7:b6:73:b5:d2:41:75:61:8d:87:b8:bb:29:b3:
         1d:9c:fb:22:da:79:61:99:21:19:da:d2:82:d8:da:97:35:88:
         92:c8:1e:ab:f7:29:89:d2:58:e9:30:ea:8f:72:29:8a:f0:f2:
         90:92:28:70:71:c9:b9:ec:43:ad:ab:0e:4f:7b:41:a2:0a:1b:
         b5:04:7f:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZitZcNRubHM0mOEYPWEH1hXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTg0MDZhZDM4YjE1NWMxOThlMzg1YTljMmY2MjFiY2Uy
MWY4NzcwHhcNMjUwODE1MTEwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2U1NjI4ZDdhMjEyZmExODMwYjUyYjFmMDllNTM3NmM2YjFlODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnB4ULIyHHbq3BuvyDvv77HRCXbk
IAsuJwhncQ1kwgTd6YVR/uMon8WgI7Gsj3TFsHwuQozil0ATaxXjWeFXiAn2IXk+
zIvGp39qPDYKGD+YGzY6BxR1KY/lgShNbiFSQMLVgIFLVQMnzJShQ/T82V0jE5+f
prIikExpE1XKSr6EeHCmc+guzYM4nmL7edkjTyvu5x9TZVmhF8JbYiPYznh7a6xJ
z5iDA7Xy/m7PwjpWTn1XbK6JYSQPqT2B2xL/Sot/rTQ7U/2GQxkdDNPJLSUQUExD
gQ2Nq9hNtJ/34tfpZZzicAZVZuPUgLDaYJo+AsfPDWzlUsMBWPqcThYR5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzlYo16IS+hgwtSsfCeU3bGsegzMB8GA1UdIwQY
MBaAFI1YQGrTixVcGY44WpwvYhvOIfh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZoQWF0T0xGVndaampoYW5DOWlHODRoLUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wYmE1MWMtMTc3MC00ZGZhLTgzNjct
MjhmNjhhNGExNDNiLzEvWE9WaWpYb2hMNkdEQzFLeDhKNVRkc2F4NkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wYmE1MWMtMTc3MC00ZGZhLTgzNjctMjhmNjhhNGExNDNi
LzEvalZoQWF0T0xGVndaampoYW5DOWlHODRoLUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixxAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEE1YXrsUJcE0DERoQZYquNUfN3huTtOuZQuEhiCtu
oWoejdQPpQWWEBK8bepin7yJOfpARqJw5W/0Wi+0ViPgXDFc3/EHaS1ss+1mOrAX
E4dKzRwEI07VLksJYxE3AY1QZcI6wB7ZK5zq5RcGv5cnjbq1bQSsxYu9C59JsILH
U97XNDR4e8aAMyO8U3Qi4GafYO7AX8szz6ghP9qXCsZB3T84+Fo+yXqa20ojRT+R
M0zv1HPJsDsB97ZztdJBdWGNh7i7KbMdnPsi2nlhmSEZ2tKC2NqXNYiSyB6r9ymJ
0ljpMOqPcimK8PKQkihwccm57EOtqw5Pe0GiChu1BH9V
-----END CERTIFICATE-----