Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/OMuHrubfJWGwlNuzC30PEWcNCM8.roa
File:                     OMuHrubfJWGwlNuzC30PEWcNCM8.roa (raw, json)
Hash identifier:          M58bIYoQudUR9NbJLatM9UTd5vfdvPCjwJFrF7hjBGY=
Subject key identifier:   38:CB:87:AE:E6:DF:25:61:B0:94:DB:B3:0B:7D:0F:11:67:0D:08:CF
Certificate issuer:       /CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Certificate serial:       01983C9CCB0FAB6E4D0588FB44E84B60248E
Authority key identifier: EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/OMuHrubfJWGwlNuzC30PEWcNCM8.roa
Signing time:             Thu 24 Jul 2025 13:26:05 +0000
ROA not before:           Thu 24 Jul 2025 13:26:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216416
IP address blocks:        185.207.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 15:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:9c:cb:0f:ab:6e:4d:05:88:fb:44:e8:4b:60:24:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
        Validity
            Not Before: Jul 24 13:26:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38cb87aee6df2561b094dbb30b7d0f11670d08cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:21:7b:67:77:b0:7a:d7:6c:a0:af:0f:ed:48:
                    b1:28:96:a8:39:7b:4d:9a:c9:bb:dd:9e:20:50:a1:
                    4f:e6:d6:79:aa:47:e6:3b:e7:31:07:b2:24:8b:2f:
                    8c:ac:0c:52:8e:4e:e6:5b:20:44:00:b2:ce:c9:e5:
                    e1:b2:09:b8:96:04:22:eb:7a:69:db:c9:96:b7:4e:
                    8e:e1:1e:78:ae:20:0d:54:dc:2b:18:04:d0:e6:1c:
                    84:80:d1:0e:de:12:24:a7:d5:2e:44:f3:7d:30:5b:
                    75:ca:dc:a7:c5:47:7d:4d:e5:13:52:a4:30:78:68:
                    10:36:f7:45:e8:32:9b:7d:ed:a7:49:09:e1:7e:8e:
                    5d:fb:38:07:b4:b8:33:88:6c:d7:df:c9:77:ff:86:
                    0a:e4:b8:07:4d:ba:f0:e4:ac:18:47:ca:c8:27:23:
                    98:84:88:51:ff:00:f8:87:88:82:60:b8:03:f9:ba:
                    52:f2:88:a0:e1:f1:02:cf:43:41:fe:cb:45:fc:ec:
                    77:10:70:ff:71:00:e8:6d:db:43:a5:4c:d5:cc:83:
                    0a:5e:03:d5:c5:fe:66:2b:c1:8b:ec:dc:2c:86:a2:
                    32:88:79:4f:d7:b3:4f:09:39:25:67:6e:ee:af:aa:
                    93:cd:ed:4b:a6:df:03:06:0c:d8:7f:92:67:15:16:
                    8a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:CB:87:AE:E6:DF:25:61:B0:94:DB:B3:0B:7D:0F:11:67:0D:08:CF
            X509v3 Authority Key Identifier:
                keyid:EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/OMuHrubfJWGwlNuzC30PEWcNCM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:e3:8b:19:b8:0e:4b:c2:7f:a9:30:24:d6:6a:26:dd:c8:93:
         70:cd:38:c3:00:97:d4:91:f8:34:ba:01:42:f5:5f:29:cd:86:
         49:8f:1c:ec:d6:d7:af:9c:54:65:29:82:22:50:9d:88:03:01:
         58:45:e5:12:59:ff:c2:2c:91:97:05:65:66:31:9d:c3:fd:f9:
         3b:a8:c1:91:19:76:75:0f:2e:66:70:07:01:6e:8f:6d:2c:57:
         f3:ca:fd:a6:2d:a0:76:70:8c:ed:8b:12:6e:d6:22:61:d5:38:
         50:34:df:76:1f:e7:10:8f:bb:69:2f:bd:7d:6f:9b:f9:42:03:
         a4:8c:91:ff:9f:8b:ef:85:bf:dc:61:5c:1a:b5:14:94:5d:75:
         ec:c3:d2:94:b7:84:fd:fc:c9:1c:44:c4:67:99:97:a9:b4:9e:
         cd:9b:77:c9:7f:f5:89:68:ef:0f:59:bc:8d:56:14:a0:83:85:
         41:43:2c:6c:3a:9c:a6:29:72:bc:25:d8:db:17:80:61:c7:03:
         9f:f7:1c:89:e4:72:ff:72:cd:18:01:43:9f:e7:54:a5:7c:c2:
         e4:cb:77:2f:63:42:e5:53:cd:0c:7d:bf:ab:54:e8:bc:76:55:
         06:aa:61:de:0e:ac:4c:18:97:6e:6a:d6:d9:93:ec:b4:1e:73:
         b8:90:60:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg8nMsPq25NBYj7ROhLYCSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTViNjIzNDdhMWI2NGNlYTQ5YTJhYjNhYjQ5ODNjMzQ4
NjFmYjIwHhcNMjUwNzI0MTMyNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNiODdhZWU2ZGYyNTYxYjA5NGRiYjMwYjdkMGYxMTY3MGQwOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriF7Z3ewetdsoK8P7UixKJaoOXtN
msm73Z4gUKFP5tZ5qkfmO+cxB7Ikiy+MrAxSjk7mWyBEALLOyeXhsgm4lgQi63pp
28mWt06O4R54riANVNwrGATQ5hyEgNEO3hIkp9UuRPN9MFt1ytynxUd9TeUTUqQw
eGgQNvdF6DKbfe2nSQnhfo5d+zgHtLgziGzX38l3/4YK5LgHTbrw5KwYR8rIJyOY
hIhR/wD4h4iCYLgD+bpS8oig4fECz0NB/stF/Ox3EHD/cQDobdtDpUzVzIMKXgPV
xf5mK8GL7NwshqIyiHlP17NPCTklZ27ur6qTze1Lpt8DBgzYf5JnFRaK3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjLh67m3yVhsJTbswt9DxFnDQjPMB8GA1UdIwQY
MBaAFO+ltiNHobZM6kmiqzq0mDw0hh+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQt
MDEzZDJhMTFjMGE1LzEvT011SHJ1YmZKV0d3bE51ekMzMFBFV2NOQ004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQtMDEzZDJhMTFjMGE1
LzEvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc+IMA0G
CSqGSIb3DQEBCwUAA4IBAQAz44sZuA5Lwn+pMCTWaibdyJNwzTjDAJfUkfg0ugFC
9V8pzYZJjxzs1tevnFRlKYIiUJ2IAwFYReUSWf/CLJGXBWVmMZ3D/fk7qMGRGXZ1
Dy5mcAcBbo9tLFfzyv2mLaB2cIztixJu1iJh1ThQNN92H+cQj7tpL719b5v5QgOk
jJH/n4vvhb/cYVwatRSUXXXsw9KUt4T9/MkcRMRnmZeptJ7Nm3fJf/WJaO8PWbyN
VhSgg4VBQyxsOpymKXK8JdjbF4BhxwOf9xyJ5HL/cs0YAUOf51SlfMLky3cvY0Ll
U80Mfb+rVOi8dlUGqmHeDqxMGJduatbZk+y0HnO4kGCq
-----END CERTIFICATE-----