Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/ygGBpwA4ux1u5oL7DbdIyd45qvs.roa
File:                     ygGBpwA4ux1u5oL7DbdIyd45qvs.roa (raw, json)
Hash identifier:          GCb1YpaYFv2sJjClajAwmHExS+7GM4ZYFsR130zfKqY=
Subject key identifier:   CA:01:81:A7:00:38:BB:1D:6E:E6:82:FB:0D:B7:48:C9:DE:39:AA:FB
Certificate issuer:       /CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Certificate serial:       019999B6DF11B67558377A7FAEB8AA166D89
Authority key identifier: EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/ygGBpwA4ux1u5oL7DbdIyd45qvs.roa
Signing time:             Tue 30 Sep 2025 08:22:02 +0000
ROA not before:           Tue 30 Sep 2025 08:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216416
IP address blocks:        185.207.136.0/24 maxlen: 24
                          185.207.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:99:b6:df:11:b6:75:58:37:7a:7f:ae:b8:aa:16:6d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
        Validity
            Not Before: Sep 30 08:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca0181a70038bb1d6ee682fb0db748c9de39aafb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9c:64:cf:5c:97:7c:b8:96:b8:60:1c:fa:9e:
                    25:45:93:05:3c:04:37:dc:ea:0f:4e:00:51:64:a9:
                    08:30:34:c4:e4:26:d9:9f:90:5c:42:2d:b2:0c:45:
                    c8:8b:df:26:9e:40:7d:6a:86:f2:1d:51:c3:82:8e:
                    9a:c3:08:0f:bb:27:fa:b4:8f:88:5d:e8:3a:21:e9:
                    a6:c3:92:87:01:4b:38:01:83:ce:0a:8c:d1:1d:26:
                    61:aa:2c:bf:77:35:03:9c:56:5a:cb:06:09:59:98:
                    74:95:cf:60:96:e4:cb:a7:b3:0b:fa:fe:a4:67:03:
                    69:02:47:73:4c:5f:ac:1e:f5:a7:3c:19:1c:b6:45:
                    40:d7:d6:dc:50:8c:d6:80:de:59:52:56:d2:c3:b5:
                    6c:78:8e:ad:b7:bb:a3:6c:60:ec:2d:b5:ff:5a:11:
                    5a:70:49:4c:56:68:61:1f:8e:49:66:3c:a1:38:24:
                    fd:9b:b5:6e:2c:e6:da:01:58:73:f4:11:b2:29:fd:
                    c4:35:92:63:0c:b4:11:7f:81:ab:4f:d9:c0:f3:c7:
                    e1:ba:dc:10:bc:2a:68:6a:02:99:25:4d:32:b5:a2:
                    da:01:01:6f:36:73:33:a3:c9:89:9f:48:fc:f3:d6:
                    a8:d7:d7:a4:7c:30:9e:1b:d5:75:ae:ec:fa:c7:55:
                    da:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:01:81:A7:00:38:BB:1D:6E:E6:82:FB:0D:B7:48:C9:DE:39:AA:FB
            X509v3 Authority Key Identifier:
                keyid:EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/ygGBpwA4ux1u5oL7DbdIyd45qvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:3c:67:20:52:2a:ce:fd:6b:7b:cb:85:b1:ce:ac:37:32:cb:
         fb:5d:d0:30:18:86:2e:eb:ca:0c:17:29:c5:5f:03:79:49:d4:
         1a:a1:09:09:e7:dd:3c:81:59:3f:b6:fa:2b:0a:a4:04:e8:a2:
         84:10:d5:c1:d4:61:c4:33:48:fb:27:73:6f:0a:3d:e7:e1:59:
         b1:61:27:55:1b:89:52:b3:37:a5:b7:ff:fb:89:5a:42:61:28:
         d9:51:da:40:20:7d:16:7f:0d:dd:96:61:9f:6c:85:5a:49:4d:
         ed:a4:30:41:b5:fd:1e:81:b0:02:bd:13:aa:b2:7a:39:64:80:
         d3:80:a5:06:3e:73:cd:f8:79:41:42:d1:22:4b:b9:95:bc:3a:
         5e:a2:77:6f:bf:08:0d:87:23:c2:e9:72:b3:da:46:de:e1:ba:
         b3:d8:b1:8b:1d:e4:d0:d4:87:fe:6f:fc:a1:49:cd:3f:bd:d1:
         85:1e:8a:ba:10:36:79:ad:8d:ed:c1:e4:f0:2d:d1:96:5f:1b:
         30:95:f3:62:c2:8d:82:c4:17:d5:6e:bf:38:2f:23:cf:32:0f:
         72:ca:e7:e3:b0:b7:7d:60:b3:34:f5:7d:2e:bf:6f:fc:7b:a9:
         6b:73:26:ef:4d:83:20:fc:19:ca:63:d2:e5:2a:36:9a:23:f1:
         71:dd:5d:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmZtt8RtnVYN3p/rriqFm2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTViNjIzNDdhMWI2NGNlYTQ5YTJhYjNhYjQ5ODNjMzQ4
NjFmYjIwHhcNMjUwOTMwMDgyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTAxODFhNzAwMzhiYjFkNmVlNjgyZmIwZGI3NDhjOWRlMzlhYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZxkz1yXfLiWuGAc+p4lRZMFPAQ3
3OoPTgBRZKkIMDTE5CbZn5BcQi2yDEXIi98mnkB9aobyHVHDgo6awwgPuyf6tI+I
Xeg6Iemmw5KHAUs4AYPOCozRHSZhqiy/dzUDnFZaywYJWZh0lc9gluTLp7ML+v6k
ZwNpAkdzTF+sHvWnPBkctkVA19bcUIzWgN5ZUlbSw7VseI6tt7ujbGDsLbX/WhFa
cElMVmhhH45JZjyhOCT9m7VuLObaAVhz9BGyKf3ENZJjDLQRf4GrT9nA88fhutwQ
vCpoagKZJU0ytaLaAQFvNnMzo8mJn0j889ao19ekfDCeG9V1ruz6x1Xa/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoBgacAOLsdbuaC+w23SMneOar7MB8GA1UdIwQY
MBaAFO+ltiNHobZM6kmiqzq0mDw0hh+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQt
MDEzZDJhMTFjMGE1LzEveWdHQnB3QTR1eDF1NW9MN0RiZEl5ZDQ1cXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQtMDEzZDJhMTFjMGE1
LzEvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuc+IMA0G
CSqGSIb3DQEBCwUAA4IBAQBOPGcgUirO/Wt7y4Wxzqw3Msv7XdAwGIYu68oMFynF
XwN5SdQaoQkJ5908gVk/tvorCqQE6KKEENXB1GHEM0j7J3NvCj3n4VmxYSdVG4lS
szelt//7iVpCYSjZUdpAIH0Wfw3dlmGfbIVaSU3tpDBBtf0egbACvROqsno5ZIDT
gKUGPnPN+HlBQtEiS7mVvDpeondvvwgNhyPC6XKz2kbe4bqz2LGLHeTQ1If+b/yh
Sc0/vdGFHoq6EDZ5rY3tweTwLdGWXxswlfNiwo2CxBfVbr84LyPPMg9yyufjsLd9
YLM09X0uv2/8e6lrcybvTYMg/BnKY9LlKjaaI/Fx3V33
-----END CERTIFICATE-----