Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/omogO-53hv4pnqw4NQwPLhHBlGE.roa
File:                     omogO-53hv4pnqw4NQwPLhHBlGE.roa (raw, json)
Hash identifier:          32U7MfouOBRFQW9pXzlugwtn7uE6295TC/Ncm0R3ehw=
Subject key identifier:   A2:6A:20:3B:EE:77:86:FE:29:9E:AC:38:35:0C:0F:2E:11:C1:94:61
Certificate issuer:       /CN=64cfba184ff9442a8fe7517b503a9e017fa9f2cb
Certificate serial:       019748C5961398328381BDD032AFB6457975
Authority key identifier: 64:CF:BA:18:4F:F9:44:2A:8F:E7:51:7B:50:3A:9E:01:7F:A9:F2:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZM-6GE_5RCqP51F7UDqeAX-p8ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/omogO-53hv4pnqw4NQwPLhHBlGE.roa
Signing time:             Sat 07 Jun 2025 05:03:17 +0000
ROA not before:           Sat 07 Jun 2025 05:03:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197450
IP address blocks:        185.224.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/ZM-6GE_5RCqP51F7UDqeAX-p8ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/ZM-6GE_5RCqP51F7UDqeAX-p8ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZM-6GE_5RCqP51F7UDqeAX-p8ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:48:c5:96:13:98:32:83:81:bd:d0:32:af:b6:45:79:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64cfba184ff9442a8fe7517b503a9e017fa9f2cb
        Validity
            Not Before: Jun  7 05:03:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a26a203bee7786fe299eac38350c0f2e11c19461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:65:67:8a:87:21:16:42:7a:e7:f7:06:68:31:
                    5f:f1:6d:de:f1:ba:1c:e9:10:57:00:dc:aa:34:af:
                    3b:23:84:71:1b:fd:24:1a:41:eb:b6:ef:54:fd:a0:
                    79:0b:fa:01:1f:a3:1f:d6:d3:1d:bb:92:af:f1:2b:
                    a3:07:42:1e:de:05:df:9a:3a:c4:5e:af:5e:3d:6f:
                    65:62:88:df:ab:0d:ef:76:2f:0d:73:9a:b6:12:7a:
                    37:32:18:30:88:b4:72:74:4c:61:66:91:d5:99:e5:
                    94:c5:01:0d:97:79:31:94:60:b5:75:7e:46:80:4c:
                    3e:d4:f9:47:0c:d6:5b:dc:6a:b7:d3:d3:18:8e:d7:
                    8b:73:64:67:ea:e6:0a:48:51:2e:55:e6:a4:38:e9:
                    21:58:ed:f3:3d:63:67:62:9b:ec:82:a0:0f:6c:01:
                    b6:2f:42:d0:09:56:05:2e:0f:0b:6e:8c:fc:e3:6f:
                    c6:e9:14:9d:ec:b3:2c:2c:9b:33:7b:d0:ad:92:bb:
                    a7:89:2c:7e:2c:e1:15:f4:46:b7:cd:91:04:1d:f5:
                    03:9c:61:49:a4:8e:65:44:9b:fe:5b:20:51:4d:3d:
                    ce:9c:3f:83:36:a7:59:af:1f:47:5e:01:5a:c7:51:
                    a0:cf:04:7e:09:93:09:9d:a2:6b:e7:e0:58:aa:04:
                    8d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:6A:20:3B:EE:77:86:FE:29:9E:AC:38:35:0C:0F:2E:11:C1:94:61
            X509v3 Authority Key Identifier:
                keyid:64:CF:BA:18:4F:F9:44:2A:8F:E7:51:7B:50:3A:9E:01:7F:A9:F2:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZM-6GE_5RCqP51F7UDqeAX-p8ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/omogO-53hv4pnqw4NQwPLhHBlGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/ZM-6GE_5RCqP51F7UDqeAX-p8ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:f6:fd:c6:03:42:67:1b:f3:c8:75:c1:b1:45:d3:5e:1f:23:
         98:19:25:00:27:68:f8:51:74:9f:63:6f:1e:d5:9b:2b:14:80:
         59:1c:de:ef:f1:aa:16:bd:e1:ba:8b:a5:78:94:e9:e9:10:f8:
         79:c5:61:39:41:8c:e4:74:f1:0c:6e:ed:ed:fe:4e:ab:16:21:
         d2:47:b7:6e:c1:72:19:f3:5f:2d:1a:9f:6a:ac:81:8c:09:cf:
         62:1a:36:6b:53:89:d8:ce:bd:ab:69:0b:37:fb:b1:c4:ff:ca:
         30:86:40:9e:d0:6a:79:fc:7a:97:47:22:13:f0:26:80:39:6c:
         e4:48:94:5b:1f:d5:bc:5d:5f:e2:c4:1a:43:21:5e:05:6a:0f:
         ac:0f:06:09:63:53:77:62:57:74:6c:da:b7:fe:90:d2:c0:d2:
         ff:71:07:c7:4f:0f:a8:a8:99:92:09:00:9b:11:db:f6:a2:1e:
         9e:2f:a6:b2:eb:88:da:12:d4:6a:6e:33:a6:d5:eb:c6:55:56:
         4b:74:98:b1:e1:0e:0f:76:d9:95:08:b6:08:bf:97:c8:81:e5:
         38:76:45:35:d1:27:5d:ae:29:e1:46:bf:5b:3f:39:4e:53:c1:
         20:9b:56:7c:bc:53:6e:c0:10:42:eb:f6:83:85:55:e2:1f:1c:
         d6:4c:f7:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdIxZYTmDKDgb3QMq+2RXl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0Y2ZiYTE4NGZmOTQ0MmE4ZmU3NTE3YjUwM2E5ZTAxN2Zh
OWYyY2IwHhcNMjUwNjA3MDUwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjZhMjAzYmVlNzc4NmZlMjk5ZWFjMzgzNTBjMGYyZTExYzE5NDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGVniochFkJ65/cGaDFf8W3e8boc
6RBXANyqNK87I4RxG/0kGkHrtu9U/aB5C/oBH6Mf1tMdu5Kv8SujB0Ie3gXfmjrE
Xq9ePW9lYojfqw3vdi8Nc5q2Eno3MhgwiLRydExhZpHVmeWUxQENl3kxlGC1dX5G
gEw+1PlHDNZb3Gq309MYjteLc2Rn6uYKSFEuVeakOOkhWO3zPWNnYpvsgqAPbAG2
L0LQCVYFLg8Lboz842/G6RSd7LMsLJsze9CtkruniSx+LOEV9Ea3zZEEHfUDnGFJ
pI5lRJv+WyBRTT3OnD+DNqdZrx9HXgFax1GgzwR+CZMJnaJr5+BYqgSNWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJqIDvud4b+KZ6sODUMDy4RwZRhMB8GA1UdIwQY
MBaAFGTPuhhP+UQqj+dRe1A6ngF/qfLLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk0tNkdFXzVSQ3FQNTFGN1VEcWVBWC1wOHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8yNTNmMmMtNGVkOS00ZjFmLWE5NmYt
ZGVmZjcxMTI0MjMzLzEvb21vZ08tNTNodjRwbnF3NE5Rd1BMaEhCbEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8yNTNmMmMtNGVkOS00ZjFmLWE5NmYtZGVmZjcxMTI0MjMz
LzEvWk0tNkdFXzVSQ3FQNTFGN1VEcWVBWC1wOHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueABMA0G
CSqGSIb3DQEBCwUAA4IBAQA89v3GA0JnG/PIdcGxRdNeHyOYGSUAJ2j4UXSfY28e
1ZsrFIBZHN7v8aoWveG6i6V4lOnpEPh5xWE5QYzkdPEMbu3t/k6rFiHSR7duwXIZ
818tGp9qrIGMCc9iGjZrU4nYzr2raQs3+7HE/8owhkCe0Gp5/HqXRyIT8CaAOWzk
SJRbH9W8XV/ixBpDIV4Fag+sDwYJY1N3Yld0bNq3/pDSwNL/cQfHTw+oqJmSCQCb
Edv2oh6eL6ay64jaEtRqbjOm1evGVVZLdJix4Q4PdtmVCLYIv5fIgeU4dkU10Sdd
rinhRr9bPzlOU8Egm1Z8vFNuwBBC6/aDhVXiHxzWTPfm
-----END CERTIFICATE-----