Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/ngVIm6V8McjWt-UsDZ8SI1OBzB8.roa
File:                     ngVIm6V8McjWt-UsDZ8SI1OBzB8.roa (raw, json)
Hash identifier:          TG6EiZUK8fMKZ//ITtR5n/6R2Ry6qOs7fabIjuGyGt8=
Subject key identifier:   9E:05:48:9B:A5:7C:31:C8:D6:B7:E5:2C:0D:9F:12:23:53:81:CC:1F
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       01988B89DD05B760473A2B8F74F220F7A032
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/ngVIm6V8McjWt-UsDZ8SI1OBzB8.roa
Signing time:             Fri 08 Aug 2025 21:15:24 +0000
ROA not before:           Fri 08 Aug 2025 21:15:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        139.28.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8b:89:dd:05:b7:60:47:3a:2b:8f:74:f2:20:f7:a0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Aug  8 21:15:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e05489ba57c31c8d6b7e52c0d9f12235381cc1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:73:b3:49:93:7e:75:e5:bd:cd:06:ad:f7:14:
                    8b:03:e2:7b:bb:d3:90:1e:a5:6a:1e:a0:10:42:57:
                    8a:ee:52:b0:33:4a:35:d3:3a:4c:c0:c7:75:03:07:
                    cf:ea:72:30:a2:c9:18:aa:ed:d3:aa:ab:50:b0:66:
                    31:bb:34:a4:98:6a:be:b9:a3:cc:40:19:79:89:78:
                    50:11:b2:e7:ef:f1:80:b7:26:49:78:af:13:86:89:
                    e0:2a:9e:b2:40:55:a8:30:65:b9:6d:02:19:16:32:
                    46:b8:3a:ac:c7:26:1a:62:ad:eb:17:74:c8:ee:27:
                    21:cd:7e:db:63:e5:3e:7f:46:7b:8b:e4:ab:f3:22:
                    1e:29:4d:1f:a7:12:ed:3e:71:a6:90:d2:f5:9a:bf:
                    7e:90:1d:1e:9d:de:75:50:f3:c6:7d:14:21:a1:b4:
                    47:bc:b4:4f:2a:25:a1:1a:70:55:73:7e:c8:0b:df:
                    52:e4:01:a3:c0:6b:bd:9f:52:ca:bc:81:97:8c:6d:
                    7f:b2:47:90:bc:6a:b8:68:cc:e5:31:93:ed:17:85:
                    38:74:63:76:2c:3b:f8:88:91:e1:d8:10:de:86:e0:
                    03:45:17:c5:91:76:06:52:3f:b4:ea:d8:b2:e6:d5:
                    0a:09:14:ec:14:91:25:29:54:ea:5c:c3:33:b9:9d:
                    16:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:05:48:9B:A5:7C:31:C8:D6:B7:E5:2C:0D:9F:12:23:53:81:CC:1F
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/ngVIm6V8McjWt-UsDZ8SI1OBzB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:89:08:19:16:8f:0e:b2:ea:04:54:ab:1a:fe:ca:99:42:a6:
         8d:23:23:ec:96:61:60:e3:e9:af:b3:ac:86:fb:3c:a3:71:e0:
         3d:d3:6d:e6:3e:e1:1f:5d:bb:f8:e5:13:de:f3:d9:f8:e6:fb:
         a7:0c:a8:98:e7:8b:9a:a2:e9:9e:87:b5:02:b9:0c:1a:39:76:
         e2:c2:22:2b:26:fa:54:86:a6:0d:41:d0:f6:0f:d0:36:fa:62:
         36:eb:dd:ba:bf:b6:4b:fa:8d:16:b8:85:e0:c8:5a:87:a2:7c:
         bd:64:50:f2:f1:a7:fe:9e:3a:6e:54:29:f2:d0:9b:1e:fe:6f:
         53:f1:e7:53:85:28:9c:e9:02:f3:ab:66:b4:8a:76:c8:e0:14:
         8a:f9:a5:4f:4b:01:2c:de:85:7f:c0:ee:cc:c3:38:8a:ac:70:
         bd:38:35:1f:75:b4:78:45:8d:16:f7:11:00:ad:41:8c:b6:05:
         e5:71:25:5a:67:80:2f:65:33:02:08:02:4c:95:a1:a7:27:75:
         f1:51:29:e3:d5:ff:3d:9c:30:ca:d8:a6:e1:6b:be:d5:c1:23:
         5c:29:ec:ae:3a:07:3e:3a:5a:5e:b0:81:92:d8:26:f9:bd:e3:
         22:07:b5:d1:75:ee:ac:58:a4:02:f7:26:41:3e:67:3c:33:2e:
         d9:ac:60:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiLid0Ft2BHOiuPdPIg96AyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwODA4MjExNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTA1NDg5YmE1N2MzMWM4ZDZiN2U1MmMwZDlmMTIyMzUzODFjYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3OzSZN+deW9zQat9xSLA+J7u9OQ
HqVqHqAQQleK7lKwM0o10zpMwMd1AwfP6nIwoskYqu3TqqtQsGYxuzSkmGq+uaPM
QBl5iXhQEbLn7/GAtyZJeK8ThongKp6yQFWoMGW5bQIZFjJGuDqsxyYaYq3rF3TI
7ichzX7bY+U+f0Z7i+Sr8yIeKU0fpxLtPnGmkNL1mr9+kB0end51UPPGfRQhobRH
vLRPKiWhGnBVc37IC99S5AGjwGu9n1LKvIGXjG1/skeQvGq4aMzlMZPtF4U4dGN2
LDv4iJHh2BDehuADRRfFkXYGUj+06tiy5tUKCRTsFJElKVTqXMMzuZ0WawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4FSJulfDHI1rflLA2fEiNTgcwfMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvbmdWSW02VjhNY2pXdC1Vc0RaOFNJMU9CekI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQByiQgZFo8OsuoEVKsa/sqZQqaNIyPslmFg4+mvs6yG
+zyjceA9023mPuEfXbv45RPe89n45vunDKiY54uaoumeh7UCuQwaOXbiwiIrJvpU
hqYNQdD2D9A2+mI26926v7ZL+o0WuIXgyFqHony9ZFDy8af+njpuVCny0Jse/m9T
8edThSic6QLzq2a0inbI4BSK+aVPSwEs3oV/wO7MwziKrHC9ODUfdbR4RY0W9xEA
rUGMtgXlcSVaZ4AvZTMCCAJMlaGnJ3XxUSnj1f89nDDK2Kbha77VwSNcKeyuOgc+
OlpesIGS2Cb5veMiB7XRde6sWKQC9yZBPmc8My7ZrGDt
-----END CERTIFICATE-----