Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/bbzw8o7c6VtGIh95zl-U6szB2BY.roa
File:                     bbzw8o7c6VtGIh95zl-U6szB2BY.roa (raw, json)
Hash identifier:          MD9Zcftr9ffUWHiZywLUbrkpG30Qx7ZQ0FkXcSju2q0=
Subject key identifier:   6D:BC:F0:F2:8E:DC:E9:5B:46:22:1F:79:CE:5F:94:EA:CC:C1:D8:16
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019C22DF127D8839374EE005DC73319C3FE1
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/bbzw8o7c6VtGIh95zl-U6szB2BY.roa
Signing time:             Tue 03 Feb 2026 09:39:30 +0000
ROA not before:           Tue 03 Feb 2026 09:39:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57844
IP address blocks:        139.28.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:22:df:12:7d:88:39:37:4e:e0:05:dc:73:31:9c:3f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Feb  3 09:39:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6dbcf0f28edce95b46221f79ce5f94eaccc1d816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:04:b9:4f:16:8c:25:3b:e6:38:05:bc:66:f2:
                    73:80:b0:b0:13:28:a7:67:a8:c3:56:48:2d:34:96:
                    38:97:48:2e:fa:f0:83:e0:f7:79:04:bc:f1:d0:bd:
                    9a:a7:26:65:2b:f9:98:8c:83:b3:fa:c4:ec:f1:0e:
                    72:8c:a2:5f:76:db:f9:86:67:34:bb:b9:d2:cb:b9:
                    a2:b4:fa:a2:92:a2:e2:9c:f2:e0:e7:f5:99:45:8c:
                    01:30:51:e4:59:75:8b:12:57:73:a2:f7:48:3c:08:
                    69:b4:bf:bb:ad:13:91:33:26:b2:6c:b0:4c:b2:6c:
                    34:09:4e:13:0b:48:c2:d0:02:60:50:35:76:20:93:
                    f4:49:d3:6e:c8:95:f9:a9:f7:b4:49:1a:1d:39:d2:
                    c0:2c:30:af:4d:d3:8a:23:ae:6b:d9:d7:79:ed:b5:
                    96:28:ea:4a:1f:d1:60:1a:d1:11:b4:67:e2:ce:72:
                    0c:a7:32:a4:81:c6:30:03:65:d0:ab:c4:db:a6:de:
                    bf:dd:c7:a3:38:b7:52:69:64:b5:38:bf:63:a1:15:
                    d2:81:07:b1:0c:76:ff:12:82:db:cc:78:ea:58:04:
                    e8:65:36:46:a6:3c:69:58:c1:8e:64:22:49:7b:cc:
                    27:5f:dd:a5:0a:20:7b:a0:73:60:a5:bd:cb:b0:d7:
                    b5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:BC:F0:F2:8E:DC:E9:5B:46:22:1F:79:CE:5F:94:EA:CC:C1:D8:16
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/bbzw8o7c6VtGIh95zl-U6szB2BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:85:c1:8d:b3:92:8d:f9:64:80:21:45:da:0a:b8:41:e6:11:
         33:c6:49:6e:83:13:5c:f1:a8:8c:28:c8:f4:da:c5:7c:ae:5c:
         53:f6:3c:64:93:e9:9c:c7:b8:01:5e:b5:c4:13:53:63:ea:60:
         36:96:96:94:e5:f2:ab:f3:a1:f2:ec:71:f2:37:71:52:1d:d8:
         f5:7a:c7:b0:31:75:bb:06:15:77:52:0c:1c:20:33:c4:81:c0:
         18:ec:cc:9a:4c:70:3a:7c:04:da:32:3d:10:01:03:32:7d:d3:
         bf:57:12:61:a5:db:d4:de:0a:77:13:14:57:8c:62:19:e9:0c:
         68:be:33:9d:e7:12:b0:12:ec:6b:a0:87:fa:25:7c:ec:b5:7a:
         b4:d2:70:23:ed:5b:30:1c:c9:91:85:ea:21:07:de:0b:84:cb:
         b4:2f:44:a8:29:5c:cd:c4:93:d8:17:35:21:30:31:1b:e0:a6:
         aa:5a:37:cb:d2:aa:67:d4:42:c9:51:ac:0b:ef:5e:c7:d3:f6:
         1e:ed:7d:e4:c7:47:25:25:e4:3e:39:34:f2:52:67:d7:70:8f:
         e8:c0:e4:03:30:e9:06:9d:3b:ba:fa:9d:08:bc:80:ea:23:fd:
         ac:f4:06:07:02:da:a1:23:0e:a5:bc:83:f3:e8:d5:da:0e:9b:
         8c:e1:96:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwi3xJ9iDk3TuAF3HMxnD/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjYwMjAzMDkzOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJjZjBmMjhlZGNlOTViNDYyMjFmNzljZTVmOTRlYWNjYzFkODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgS5TxaMJTvmOAW8ZvJzgLCwEyin
Z6jDVkgtNJY4l0gu+vCD4Pd5BLzx0L2apyZlK/mYjIOz+sTs8Q5yjKJfdtv5hmc0
u7nSy7mitPqikqLinPLg5/WZRYwBMFHkWXWLEldzovdIPAhptL+7rRORMyaybLBM
smw0CU4TC0jC0AJgUDV2IJP0SdNuyJX5qfe0SRodOdLALDCvTdOKI65r2dd57bWW
KOpKH9FgGtERtGfiznIMpzKkgcYwA2XQq8Tbpt6/3cejOLdSaWS1OL9joRXSgQex
DHb/EoLbzHjqWAToZTZGpjxpWMGOZCJJe8wnX92lCiB7oHNgpb3LsNe1fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG288PKO3OlbRiIfec5flOrMwdgWMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvYmJ6dzhvN2M2VnRHSWg5NXpsLVU2c3pCMkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQA0hcGNs5KN+WSAIUXaCrhB5hEzxklugxNc8aiMKMj0
2sV8rlxT9jxkk+mcx7gBXrXEE1Nj6mA2lpaU5fKr86Hy7HHyN3FSHdj1esewMXW7
BhV3UgwcIDPEgcAY7MyaTHA6fATaMj0QAQMyfdO/VxJhpdvU3gp3ExRXjGIZ6Qxo
vjOd5xKwEuxroIf6JXzstXq00nAj7VswHMmRheohB94LhMu0L0SoKVzNxJPYFzUh
MDEb4KaqWjfL0qpn1ELJUawL717H0/Ye7X3kx0clJeQ+OTTyUmfXcI/owOQDMOkG
nTu6+p0IvIDqI/2s9AYHAtqhIw6lvIPz6NXaDpuM4Zbf
-----END CERTIFICATE-----