Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/q-681xeErrkyi1_UfCWV6VuSKy0.roa
File:                     q-681xeErrkyi1_UfCWV6VuSKy0.roa (raw, json)
Hash identifier:          LaMRSMCJzlOLzsPmxG86n/mfFhkBquKna+YZu/e2Gj0=
Subject key identifier:   AB:EE:BC:D7:17:84:AE:B9:32:8B:5F:D4:7C:25:95:E9:5B:92:2B:2D
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019D29E3567037ECF61EF9FD0503551DAC28
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/q-681xeErrkyi1_UfCWV6VuSKy0.roa
Signing time:             Thu 26 Mar 2026 11:24:17 +0000
ROA not before:           Thu 26 Mar 2026 11:24:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57604
IP address blocks:        139.28.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:e3:56:70:37:ec:f6:1e:f9:fd:05:03:55:1d:ac:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Mar 26 11:24:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abeebcd71784aeb9328b5fd47c2595e95b922b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:05:84:8c:dc:3f:28:57:01:79:20:34:60:34:
                    35:05:f7:71:ff:1e:07:5b:7b:3d:b9:76:3e:9c:a1:
                    25:5d:c9:43:ec:24:aa:d1:ec:0b:88:1a:ab:55:0b:
                    e7:82:7f:88:2b:e0:4a:5c:90:23:41:8e:45:38:c5:
                    e9:1c:35:28:77:b8:be:dc:40:7c:88:88:e9:74:91:
                    ba:cd:93:03:97:6b:bd:b2:c6:1f:5a:8e:64:a7:c1:
                    9e:6a:4f:73:fd:f4:93:00:eb:31:cf:43:d0:b9:d1:
                    f2:c7:62:8a:0b:ee:17:b5:e3:6e:3c:4b:b7:68:e0:
                    17:eb:50:24:f6:89:03:6f:ab:f6:00:da:7d:b2:77:
                    6c:c4:b8:36:86:65:77:82:36:98:0d:e8:a7:fb:56:
                    6a:dc:0b:d2:76:8d:73:1b:b4:d0:03:7c:c5:04:f1:
                    be:e2:c4:ce:f4:64:65:07:2c:00:5c:5b:17:94:18:
                    b0:12:2b:42:a7:e1:ac:f9:48:c2:9b:eb:30:c5:c3:
                    b7:35:5f:ad:cb:5f:aa:48:06:a6:72:45:45:37:b9:
                    2f:14:54:dc:af:07:d1:4d:91:a4:20:34:3d:71:19:
                    f9:46:56:c2:56:bf:98:e1:40:04:5c:3a:f3:08:f5:
                    ef:8f:a2:00:c3:75:a0:60:2f:a8:17:12:96:76:90:
                    62:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:EE:BC:D7:17:84:AE:B9:32:8B:5F:D4:7C:25:95:E9:5B:92:2B:2D
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/q-681xeErrkyi1_UfCWV6VuSKy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:a4:af:f7:bc:80:14:ba:ec:4b:84:a1:13:e9:b2:95:27:ac:
         d1:13:a6:9c:42:b9:26:65:cb:04:a6:cd:7a:04:a5:b6:ca:45:
         b1:76:c9:87:fc:b5:82:77:dd:3f:19:c8:82:fe:82:bb:f6:85:
         96:8b:a5:61:fa:ed:13:56:f5:59:a5:d6:40:ae:be:b0:f8:5b:
         8f:cd:6f:df:05:f7:32:78:08:2d:06:1b:82:23:83:32:84:98:
         a0:79:ff:7d:0e:df:3f:d0:50:4b:33:ac:40:ff:e9:ab:40:94:
         a9:3e:f9:ab:75:35:55:89:2f:c2:ca:dc:ac:fe:39:da:04:68:
         19:6f:79:53:29:73:a0:e7:0b:b7:fc:6b:a0:45:99:23:1a:f4:
         9f:d0:0f:7b:5a:50:cb:a2:50:ae:3b:18:b0:5c:10:a3:56:27:
         8f:a1:92:0c:77:5f:71:01:55:24:05:97:03:2f:b7:14:9d:d1:
         ef:00:f4:3b:48:49:9c:8f:a2:b4:5e:38:1d:3f:9e:3d:4f:d9:
         3d:46:9e:64:f6:9c:4b:46:20:8f:43:95:54:b2:dd:7c:ea:2d:
         4a:2f:6d:1a:b9:65:9d:fe:11:4e:41:65:46:d8:0f:43:60:0e:
         c9:b6:9b:d4:57:78:2e:d0:f3:d4:da:1c:79:5f:35:42:6b:1c:
         cc:bf:ae:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0p41ZwN+z2Hvn9BQNVHawoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjYwMzI2MTEyNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmVlYmNkNzE3ODRhZWI5MzI4YjVmZDQ3YzI1OTVlOTViOTIyYjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gWEjNw/KFcBeSA0YDQ1Bfdx/x4H
W3s9uXY+nKElXclD7CSq0ewLiBqrVQvngn+IK+BKXJAjQY5FOMXpHDUod7i+3EB8
iIjpdJG6zZMDl2u9ssYfWo5kp8Geak9z/fSTAOsxz0PQudHyx2KKC+4XteNuPEu3
aOAX61Ak9okDb6v2ANp9sndsxLg2hmV3gjaYDein+1Zq3AvSdo1zG7TQA3zFBPG+
4sTO9GRlBywAXFsXlBiwEitCp+Gs+UjCm+swxcO3NV+ty1+qSAamckVFN7kvFFTc
rwfRTZGkIDQ9cRn5RlbCVr+Y4UAEXDrzCPXvj6IAw3WgYC+oFxKWdpBi9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvuvNcXhK65Motf1HwllelbkistMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvcS02ODF4ZUVycmt5aTFfVWZDV1Y2VnVTS3kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQAOpK/3vIAUuuxLhKET6bKVJ6zRE6acQrkmZcsEps16
BKW2ykWxdsmH/LWCd90/GciC/oK79oWWi6Vh+u0TVvVZpdZArr6w+FuPzW/fBfcy
eAgtBhuCI4MyhJigef99Dt8/0FBLM6xA/+mrQJSpPvmrdTVViS/Cytys/jnaBGgZ
b3lTKXOg5wu3/GugRZkjGvSf0A97WlDLolCuOxiwXBCjViePoZIMd19xAVUkBZcD
L7cUndHvAPQ7SEmcj6K0XjgdP549T9k9Rp5k9pxLRiCPQ5VUst186i1KL20auWWd
/hFOQWVG2A9DYA7JtpvUV3gu0PPU2hx5XzVCaxzMv67c
-----END CERTIFICATE-----