Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/tjiLAgV_TT2NyNiZuDVhU5bqqZY.roa
File:                     tjiLAgV_TT2NyNiZuDVhU5bqqZY.roa (raw, json)
Hash identifier:          zHRwDxWzvT6bwi3u/Iu6Jv7W42vmkmv7HRyCD1w/Eek=
Subject key identifier:   B6:38:8B:02:05:7F:4D:3D:8D:C8:D8:99:B8:35:61:53:96:EA:A9:96
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01971E024827A78390EFC28A15680B146227
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/tjiLAgV_TT2NyNiZuDVhU5bqqZY.roa
Signing time:             Thu 29 May 2025 21:45:55 +0000
ROA not before:           Thu 29 May 2025 21:45:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39944
IP address blocks:        139.28.84.0/22 maxlen: 24
                          139.28.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1e:02:48:27:a7:83:90:ef:c2:8a:15:68:0b:14:62:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 29 21:45:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6388b02057f4d3d8dc8d899b835615396eaa996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:56:f7:36:4c:6d:86:45:1f:9e:90:ee:f0:f0:
                    a0:c5:d1:61:c0:5f:e8:3d:49:66:38:a3:53:ec:7a:
                    0e:bc:4d:1d:8f:35:72:34:78:3b:0d:57:07:88:22:
                    43:9f:19:8e:23:d7:36:8c:e2:e8:0c:d1:1b:27:15:
                    d8:79:ee:69:dd:e0:43:8b:b7:ee:08:7f:2e:24:eb:
                    c0:43:bd:0a:65:e7:e7:5f:de:f5:18:aa:b4:17:d1:
                    8f:fb:f2:59:7c:14:af:cb:f4:cf:2d:d0:07:4f:6b:
                    cb:85:50:ab:6f:28:4c:9e:04:20:3b:9e:76:45:6e:
                    97:e2:79:32:ff:4b:8b:fc:58:7b:05:73:8b:34:c1:
                    b5:31:34:f8:cb:06:44:64:c0:3e:c7:3f:86:58:2a:
                    51:03:ac:09:a0:f3:bf:7c:4e:e1:e6:43:4e:84:3f:
                    db:7e:72:3b:56:77:37:38:8c:85:20:60:1e:7d:b1:
                    f6:7c:b9:56:7f:48:a4:24:2c:d5:cd:86:62:a6:82:
                    38:ae:8e:29:4f:2c:6d:a0:b3:36:9e:94:04:7a:ff:
                    96:3e:e3:80:17:39:bc:20:8b:0e:9a:0e:29:fd:ca:
                    05:e3:70:f0:b4:07:1a:3f:3b:4d:e2:10:b8:ae:15:
                    65:33:cb:bd:24:cc:ab:36:70:77:1a:50:fb:e8:04:
                    ce:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:38:8B:02:05:7F:4D:3D:8D:C8:D8:99:B8:35:61:53:96:EA:A9:96
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/tjiLAgV_TT2NyNiZuDVhU5bqqZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:69:99:93:87:5b:cc:29:cf:e3:4f:45:90:18:95:96:03:09:
         47:5f:dc:8f:57:68:de:cc:a4:92:c3:03:17:a6:28:d1:f7:b0:
         fa:38:84:f1:0a:5f:8e:a6:17:20:7f:3e:6d:86:e8:bb:3b:b7:
         e7:a6:d1:b7:35:e5:79:47:ff:0b:23:c9:b6:b0:97:a7:24:da:
         79:29:21:d1:e9:ca:c1:51:1e:44:d8:5c:c4:14:cc:00:b9:a3:
         28:55:22:77:d1:32:ca:73:7c:49:18:be:1c:39:23:b4:e3:e3:
         ba:10:96:35:a1:d0:3a:81:4e:32:58:e8:71:e9:b6:b5:a8:21:
         0e:d8:a4:be:22:aa:53:01:c8:00:ac:ac:6c:ab:d1:8d:3b:72:
         1b:73:ff:f9:c5:4b:46:7a:91:02:31:86:b7:35:45:d3:ed:95:
         9d:0b:21:4c:1e:1c:33:73:ec:cb:bb:95:1d:1e:d4:52:3a:68:
         4d:15:5b:84:5a:47:30:8e:01:82:6e:12:65:9b:db:fb:4a:65:
         46:06:10:d9:89:14:6e:a8:50:d4:30:74:7c:14:52:30:f1:bf:
         d8:bd:a4:c6:65:7f:ee:5f:83:28:4f:bf:c3:40:42:31:28:1c:
         bf:72:56:c6:d6:2f:36:2d:67:9f:6c:af:b2:67:f1:c9:7f:1e:
         a1:98:4a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZceAkgnp4OQ78KKFWgLFGInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNTI5MjE0NTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjM4OGIwMjA1N2Y0ZDNkOGRjOGQ4OTliODM1NjE1Mzk2ZWFhOTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1b3NkxthkUfnpDu8PCgxdFhwF/o
PUlmOKNT7HoOvE0djzVyNHg7DVcHiCJDnxmOI9c2jOLoDNEbJxXYee5p3eBDi7fu
CH8uJOvAQ70KZefnX971GKq0F9GP+/JZfBSvy/TPLdAHT2vLhVCrbyhMngQgO552
RW6X4nky/0uL/Fh7BXOLNMG1MTT4ywZEZMA+xz+GWCpRA6wJoPO/fE7h5kNOhD/b
fnI7Vnc3OIyFIGAefbH2fLlWf0ikJCzVzYZipoI4ro4pTyxtoLM2npQEev+WPuOA
Fzm8IIsOmg4p/coF43DwtAcaPztN4hC4rhVlM8u9JMyrNnB3GlD76ATOgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLY4iwIFf009jcjYmbg1YVOW6qmWMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvdGppTEFnVl9UVDJOeU5pWnVEVmhVNWJxcVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixxUMA0G
CSqGSIb3DQEBCwUAA4IBAQCuaZmTh1vMKc/jT0WQGJWWAwlHX9yPV2jezKSSwwMX
pijR97D6OITxCl+Ophcgfz5thui7O7fnptG3NeV5R/8LI8m2sJenJNp5KSHR6crB
UR5E2FzEFMwAuaMoVSJ30TLKc3xJGL4cOSO04+O6EJY1odA6gU4yWOhx6ba1qCEO
2KS+IqpTAcgArKxsq9GNO3Ibc//5xUtGepECMYa3NUXT7ZWdCyFMHhwzc+zLu5Ud
HtRSOmhNFVuEWkcwjgGCbhJlm9v7SmVGBhDZiRRuqFDUMHR8FFIw8b/YvaTGZX/u
X4MoT7/DQEIxKBy/clbG1i82LWefbK+yZ/HJfx6hmEqF
-----END CERTIFICATE-----