Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/IBOCMLtB9SlMS-tohbmgCBrthAM.roa
File:                     IBOCMLtB9SlMS-tohbmgCBrthAM.roa (raw, json)
Hash identifier:          +UtnxSEyg9bxUTqT8YASdLBvopMgQOQk8XviZQHhIXQ=
Subject key identifier:   20:13:82:30:BB:41:F5:29:4C:4B:EB:68:85:B9:A0:08:1A:ED:84:03
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0198C105435CF65353102D8546448D6DD913
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/IBOCMLtB9SlMS-tohbmgCBrthAM.roa
Signing time:             Tue 19 Aug 2025 06:30:04 +0000
ROA not before:           Tue 19 Aug 2025 06:30:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        178.253.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 22:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:05:43:5c:f6:53:53:10:2d:85:46:44:8d:6d:d9:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Aug 19 06:30:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20138230bb41f5294c4beb6885b9a0081aed8403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:13:b0:6d:1a:47:b7:14:d6:6f:89:6c:3b:d0:
                    35:25:ac:c1:e2:54:fa:80:a4:b3:45:f3:b8:ec:e1:
                    fa:db:22:6b:85:bc:16:24:a1:27:65:0d:d3:ea:0e:
                    75:61:a5:c6:f3:ea:9a:d7:a7:1a:3a:c8:b1:17:4d:
                    26:e7:20:6b:05:0b:84:54:f3:ec:d4:d6:20:f6:7d:
                    5b:8a:01:36:34:71:e7:29:d2:58:c3:8d:d8:b9:78:
                    2f:48:ec:72:68:bc:12:ed:62:00:66:47:20:98:58:
                    c3:46:d0:5a:98:89:9e:e7:cf:c6:fc:85:b6:7c:c0:
                    32:e4:18:06:3d:bb:87:0f:32:2d:12:cc:a3:e6:41:
                    45:26:ef:de:3f:e8:af:c5:cc:44:9f:da:ce:20:50:
                    a9:71:4c:77:36:dd:76:01:d3:71:6d:f0:99:95:b3:
                    46:f8:fe:2b:4d:85:9d:6c:23:27:42:19:4a:50:91:
                    01:56:36:8a:f8:88:03:6e:7e:c9:1a:03:3d:11:2e:
                    2f:96:92:5f:e1:ca:84:b3:e1:83:f9:2f:b2:21:bc:
                    e4:87:ad:8d:e8:9b:07:1b:42:9e:b5:49:13:0e:75:
                    52:5c:e4:e7:f6:7d:87:75:39:7c:62:18:5e:7e:bc:
                    ca:aa:f1:60:d2:7e:70:6d:29:79:95:1d:5a:40:cf:
                    ba:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:13:82:30:BB:41:F5:29:4C:4B:EB:68:85:B9:A0:08:1A:ED:84:03
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/IBOCMLtB9SlMS-tohbmgCBrthAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:90:5f:e6:0c:81:1b:7c:b6:bb:8e:c3:4c:6d:e1:53:47:f0:
         96:36:05:2d:6d:c4:d4:b0:54:41:4a:e0:8c:be:d3:0f:62:10:
         f3:cd:1b:33:06:66:d3:8c:16:e3:e2:f5:ff:ba:18:a2:98:4f:
         44:42:42:24:2c:88:c4:f0:54:d2:42:58:8b:6e:67:91:25:e7:
         22:af:e8:0b:ca:b0:2e:be:68:f8:ce:9a:7f:2e:db:bb:f3:72:
         fb:38:b8:77:ca:67:6d:43:cf:ea:04:fd:5e:89:3b:94:b5:ab:
         90:c8:81:2d:31:3c:18:d4:a7:87:46:eb:2a:00:e0:b2:0c:c9:
         b1:4f:54:86:79:5f:87:d1:eb:59:28:46:92:09:55:65:37:b5:
         64:77:8e:1b:e4:87:1a:e2:63:02:aa:82:b6:49:7a:0a:2e:73:
         40:ef:7d:97:1b:67:e4:cc:f4:35:65:38:f0:e3:e3:6c:a8:5a:
         9d:1b:73:06:35:18:28:47:08:84:ce:42:fc:6d:64:77:a0:60:
         53:0b:2d:8a:0e:98:a0:96:ff:74:dd:be:45:d9:3e:49:a7:f1:
         9e:be:82:87:55:37:4e:65:58:86:1b:f8:e9:ef:7c:35:a1:da:
         4a:5f:80:f8:12:44:99:ec:2d:e9:f0:e1:75:76:fb:74:a9:af:
         63:87:3a:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBBUNc9lNTEC2FRkSNbdkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwODE5MDYzMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDEzODIzMGJiNDFmNTI5NGM0YmViNjg4NWI5YTAwODFhZWQ4NDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hOwbRpHtxTWb4lsO9A1JazB4lT6
gKSzRfO47OH62yJrhbwWJKEnZQ3T6g51YaXG8+qa16caOsixF00m5yBrBQuEVPPs
1NYg9n1bigE2NHHnKdJYw43YuXgvSOxyaLwS7WIAZkcgmFjDRtBamIme58/G/IW2
fMAy5BgGPbuHDzItEsyj5kFFJu/eP+ivxcxEn9rOIFCpcUx3Nt12AdNxbfCZlbNG
+P4rTYWdbCMnQhlKUJEBVjaK+IgDbn7JGgM9ES4vlpJf4cqEs+GD+S+yIbzkh62N
6JsHG0KetUkTDnVSXOTn9n2HdTl8YhhefrzKqvFg0n5wbSl5lR1aQM+6qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCATgjC7QfUpTEvraIW5oAga7YQDMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvSUJPQ01MdEI5U2xNUy10b2hibWdDQnJ0aEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0QMA0G
CSqGSIb3DQEBCwUAA4IBAQBlkF/mDIEbfLa7jsNMbeFTR/CWNgUtbcTUsFRBSuCM
vtMPYhDzzRszBmbTjBbj4vX/uhiimE9EQkIkLIjE8FTSQliLbmeRJecir+gLyrAu
vmj4zpp/Ltu783L7OLh3ymdtQ8/qBP1eiTuUtauQyIEtMTwY1KeHRusqAOCyDMmx
T1SGeV+H0etZKEaSCVVlN7Vkd44b5Ica4mMCqoK2SXoKLnNA732XG2fkzPQ1ZTjw
4+NsqFqdG3MGNRgoRwiEzkL8bWR3oGBTCy2KDpiglv903b5F2T5Jp/GevoKHVTdO
ZViGG/jp73w1odpKX4D4EkSZ7C3p8OF1dvt0qa9jhzqT
-----END CERTIFICATE-----