Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/OTb3RJ8QGwAa0qmbJRJdand5oek.roa
File:                     OTb3RJ8QGwAa0qmbJRJdand5oek.roa (raw, json)
Hash identifier:          35s3aW51ENlACLiU5525DOVYomE/7TQws0tcqlRlsWs=
Subject key identifier:   39:36:F7:44:9F:10:1B:00:1A:D2:A9:9B:25:12:5D:6A:77:79:A1:E9
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0198D2371E28388AFBE5BA953897FDBD7DA2
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/OTb3RJ8QGwAa0qmbJRJdand5oek.roa
Signing time:             Fri 22 Aug 2025 14:38:04 +0000
ROA not before:           Fri 22 Aug 2025 14:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        178.253.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 23:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d2:37:1e:28:38:8a:fb:e5:ba:95:38:97:fd:bd:7d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Aug 22 14:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3936f7449f101b001ad2a99b25125d6a7779a1e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:34:11:87:27:69:9e:b0:6c:4c:82:db:68:d0:
                    30:0c:54:6a:50:a1:3a:37:df:4a:b5:c9:8f:40:a8:
                    d6:b6:c1:ea:88:56:e7:c2:04:c4:15:84:ec:a5:5b:
                    2c:6b:a0:0b:81:1a:fd:7e:d8:c5:fc:7f:03:7b:d9:
                    8d:55:66:e5:8a:74:56:30:2e:24:95:9c:c5:d9:38:
                    07:eb:a5:fe:b4:ce:92:be:e4:c6:f2:65:62:8e:6d:
                    e1:25:69:f0:85:9b:69:32:3c:10:6f:52:e8:2e:4e:
                    14:07:37:f3:aa:9c:e3:02:45:fb:84:34:3a:aa:94:
                    92:89:5d:ba:2d:b7:1c:9f:df:f8:42:4e:94:c1:87:
                    79:b0:b2:30:62:61:c0:d9:bf:3f:af:0f:61:d3:68:
                    91:97:40:21:29:7e:6d:93:d1:f2:67:c8:de:09:ba:
                    81:56:89:95:07:e7:8e:df:3d:b6:11:e9:96:e1:62:
                    f7:ff:aa:a7:f6:6f:c8:25:70:47:39:9d:6b:e1:92:
                    20:71:8b:fc:88:16:a4:cd:a6:7f:51:7e:41:7a:04:
                    36:b4:fb:1b:8d:95:a3:84:99:1e:d2:a2:4a:c9:6c:
                    80:5b:4c:23:59:73:6b:93:70:9d:62:55:60:10:8e:
                    0c:1e:2a:ab:a0:88:34:f4:20:c6:22:b6:95:b8:74:
                    f3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:36:F7:44:9F:10:1B:00:1A:D2:A9:9B:25:12:5D:6A:77:79:A1:E9
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/OTb3RJ8QGwAa0qmbJRJdand5oek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:9a:a9:34:54:6a:70:01:d3:95:43:ae:a0:8f:8f:c7:38:6b:
         09:26:ae:49:2a:64:b1:69:20:8a:e1:d1:b8:ff:91:7c:2e:9b:
         ef:53:dc:33:64:4d:70:f4:4d:6a:d3:a4:70:1d:82:93:fa:5d:
         8d:47:b7:15:c7:a5:21:29:58:49:24:a2:97:b7:36:21:dd:cf:
         f1:97:83:f9:a5:16:6c:34:84:ed:4d:69:34:f5:3d:cc:af:5f:
         9c:c2:ff:ed:f1:46:01:0e:33:3f:df:ec:8c:33:fe:5e:9d:9c:
         f4:72:b8:17:1d:2a:2e:4a:a5:24:88:5d:8a:7b:98:57:50:2b:
         8e:b3:ce:44:25:8d:bc:85:8a:ce:42:6e:10:52:73:a6:67:14:
         77:cd:93:54:77:5e:74:0f:a0:80:f9:8a:51:60:a6:e5:bb:e5:
         72:27:4d:59:fc:de:fc:ac:e9:da:3d:8d:f8:4d:84:c7:82:9c:
         01:79:75:68:d3:1c:92:ed:6a:39:18:72:ca:e5:08:48:2d:af:
         e2:17:36:6d:f8:c8:5e:84:0a:98:ba:81:39:78:97:d0:1c:ab:
         ff:6b:81:32:bc:9a:67:ac:c8:43:57:dc:ad:96:76:4b:78:2c:
         45:a6:f1:3e:2a:92:5a:45:1a:be:8a:fa:f0:3e:42:30:c0:06:
         7d:65:22:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjSNx4oOIr75bqVOJf9vX2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwODIyMTQzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTM2Zjc0NDlmMTAxYjAwMWFkMmE5OWIyNTEyNWQ2YTc3NzlhMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDQRhydpnrBsTILbaNAwDFRqUKE6
N99KtcmPQKjWtsHqiFbnwgTEFYTspVssa6ALgRr9ftjF/H8De9mNVWblinRWMC4k
lZzF2TgH66X+tM6SvuTG8mVijm3hJWnwhZtpMjwQb1LoLk4UBzfzqpzjAkX7hDQ6
qpSSiV26Lbccn9/4Qk6UwYd5sLIwYmHA2b8/rw9h02iRl0AhKX5tk9HyZ8jeCbqB
VomVB+eO3z22EemW4WL3/6qn9m/IJXBHOZ1r4ZIgcYv8iBakzaZ/UX5BegQ2tPsb
jZWjhJke0qJKyWyAW0wjWXNrk3CdYlVgEI4MHiqroIg09CDGIraVuHTzbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDk290SfEBsAGtKpmyUSXWp3eaHpMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvT1RiM1JKOFFHd0FhMHFtYkpSSmRhbmQ1b2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsv0mMA0G
CSqGSIb3DQEBCwUAA4IBAQA/mqk0VGpwAdOVQ66gj4/HOGsJJq5JKmSxaSCK4dG4
/5F8LpvvU9wzZE1w9E1q06RwHYKT+l2NR7cVx6UhKVhJJKKXtzYh3c/xl4P5pRZs
NITtTWk09T3Mr1+cwv/t8UYBDjM/3+yMM/5enZz0crgXHSouSqUkiF2Ke5hXUCuO
s85EJY28hYrOQm4QUnOmZxR3zZNUd150D6CA+YpRYKblu+VyJ01Z/N78rOnaPY34
TYTHgpwBeXVo0xyS7Wo5GHLK5QhILa/iFzZt+MhehAqYuoE5eJfQHKv/a4EyvJpn
rMhDV9ytlnZLeCxFpvE+KpJaRRq+ivrwPkIwwAZ9ZSKu
-----END CERTIFICATE-----