Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/IAVMzOtz-_56l10XXW1XpGPX7FA.roa
File:                     IAVMzOtz-_56l10XXW1XpGPX7FA.roa (raw, json)
Hash identifier:          hrsUGBohTqkchtKuuNqlxk60990twah7968fUr2crR8=
Subject key identifier:   20:05:4C:CC:EB:73:FB:FE:7A:97:5D:17:5D:6D:57:A4:63:D7:EC:50
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       0196680F3ADDDFAEF346385FE2F31D5E4CCB
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/IAVMzOtz-_56l10XXW1XpGPX7FA.roa
Signing time:             Thu 24 Apr 2025 13:49:10 +0000
ROA not before:           Thu 24 Apr 2025 13:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        139.28.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:0f:3a:dd:df:ae:f3:46:38:5f:e2:f3:1d:5e:4c:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Apr 24 13:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20054ccceb73fbfe7a975d175d6d57a463d7ec50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b6:4a:93:ee:5b:00:4a:c8:03:8f:25:7a:12:
                    a6:9e:e1:c1:31:04:0e:d9:f4:82:50:3c:ac:dc:2f:
                    fc:0a:85:2e:f1:71:df:31:b0:77:fb:4c:b3:7b:74:
                    9a:0e:5a:fe:d0:69:a4:99:72:52:7d:96:ef:33:c5:
                    59:cd:a3:b0:72:d6:24:2d:58:9f:aa:cb:5d:d7:a1:
                    c3:05:90:59:f5:a2:4d:59:61:26:0f:2c:c6:bb:fa:
                    49:8e:ed:30:aa:d6:6e:d6:fd:b7:b0:98:b6:af:28:
                    87:52:b5:66:70:e6:62:8c:d3:9b:33:eb:47:d7:09:
                    99:6b:5b:70:f3:03:4f:7d:5e:d3:9a:48:86:8b:49:
                    4e:7a:0e:ad:a4:f0:ed:be:79:94:df:db:65:3f:a3:
                    60:45:c1:da:4b:33:2b:ee:c4:e4:b1:36:04:34:9d:
                    28:8b:ec:3a:c2:fa:d2:97:21:f3:23:28:df:9a:eb:
                    02:e4:23:9c:c5:63:01:5d:e7:a4:a5:3b:81:19:2f:
                    be:b2:f8:74:ea:b5:79:c5:a6:c5:db:ad:f9:3e:cf:
                    2f:e6:63:e4:82:ea:93:65:ca:6c:88:64:9a:a7:d7:
                    07:e5:e9:c3:f6:9d:cf:8e:21:55:66:40:f5:cd:a0:
                    d9:ef:a3:b1:11:96:a8:04:6c:1b:6d:a3:bd:0a:b7:
                    bb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:05:4C:CC:EB:73:FB:FE:7A:97:5D:17:5D:6D:57:A4:63:D7:EC:50
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/IAVMzOtz-_56l10XXW1XpGPX7FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:6c:2e:ca:ff:de:ff:1d:af:20:71:3e:2a:36:75:9f:23:3f:
         09:ea:f8:46:a9:78:aa:25:78:fd:de:1c:f9:b0:cf:bb:7a:ab:
         6e:67:82:c2:cc:4e:80:44:fa:2f:a6:41:1e:d5:63:b2:64:42:
         69:4c:03:e3:60:6d:b8:c4:e9:c3:96:fe:a8:af:52:56:7d:e6:
         5a:de:d7:2b:82:f7:fb:78:c5:ff:f1:0b:b4:fb:55:67:a7:06:
         dc:11:9b:a3:15:73:70:4d:a3:71:e6:13:b1:6d:95:d3:15:21:
         94:3f:b3:e1:29:c5:da:fb:9c:65:30:95:df:d4:71:5a:15:55:
         66:e4:53:5f:ec:5d:7c:e3:2f:86:94:85:03:b0:55:0f:48:b2:
         d9:26:c2:53:c4:6f:5a:ba:ed:fd:57:96:67:6f:2b:f5:bb:72:
         fa:af:3d:d7:bd:bf:a6:16:62:b0:b0:70:b9:d3:50:39:04:7b:
         1a:65:dc:37:90:68:8a:e4:cb:8a:5c:e3:87:39:bd:31:21:19:
         5e:ea:42:cf:a9:2c:d8:7c:2a:61:92:99:33:ae:1b:52:1c:5a:
         83:55:63:b0:16:c0:9f:c8:55:6f:65:6a:05:6b:20:40:b8:2a:
         0d:99:43:25:60:ed:7a:8f:48:6e:f8:b3:1c:90:49:e1:9c:26:
         3d:4a:ef:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZoDzrd367zRjhf4vMdXkzLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwNDI0MTM0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDA1NGNjY2ViNzNmYmZlN2E5NzVkMTc1ZDZkNTdhNDYzZDdlYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbZKk+5bAErIA48lehKmnuHBMQQO
2fSCUDys3C/8CoUu8XHfMbB3+0yze3SaDlr+0GmkmXJSfZbvM8VZzaOwctYkLVif
qstd16HDBZBZ9aJNWWEmDyzGu/pJju0wqtZu1v23sJi2ryiHUrVmcOZijNObM+tH
1wmZa1tw8wNPfV7TmkiGi0lOeg6tpPDtvnmU39tlP6NgRcHaSzMr7sTksTYENJ0o
i+w6wvrSlyHzIyjfmusC5COcxWMBXeekpTuBGS++svh06rV5xabF2635Ps8v5mPk
guqTZcpsiGSap9cH5enD9p3PjiFVZkD1zaDZ76OxEZaoBGwbbaO9Cre7oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAFTMzrc/v+epddF11tV6Rj1+xQMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvSUFWTXpPdHotXzU2bDEwWFhXMVhwR1BYN0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQAxbC7K/97/Ha8gcT4qNnWfIz8J6vhGqXiqJXj93hz5
sM+7eqtuZ4LCzE6ARPovpkEe1WOyZEJpTAPjYG24xOnDlv6or1JWfeZa3tcrgvf7
eMX/8Qu0+1VnpwbcEZujFXNwTaNx5hOxbZXTFSGUP7PhKcXa+5xlMJXf1HFaFVVm
5FNf7F184y+GlIUDsFUPSLLZJsJTxG9auu39V5Znbyv1u3L6rz3Xvb+mFmKwsHC5
01A5BHsaZdw3kGiK5MuKXOOHOb0xIRle6kLPqSzYfCphkpkzrhtSHFqDVWOwFsCf
yFVvZWoFayBAuCoNmUMlYO16j0hu+LMckEnhnCY9Su88
-----END CERTIFICATE-----