Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/RCLWHB3K2jrnS5cfkQyMRCn-BRY.roa
File:                     RCLWHB3K2jrnS5cfkQyMRCn-BRY.roa (raw, json)
Hash identifier:          2blG1nSMQFW+1sESrsZHuIvJjpH0ZpOyCYyfKQara8g=
Subject key identifier:   44:22:D6:1C:1D:CA:DA:3A:E7:4B:97:1F:91:0C:8C:44:29:FE:05:16
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       01980CC97F8DC04D5F010527EEED2C8A2B75
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/RCLWHB3K2jrnS5cfkQyMRCn-BRY.roa
Signing time:             Tue 15 Jul 2025 06:33:08 +0000
ROA not before:           Tue 15 Jul 2025 06:33:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215148
IP address blocks:        62.212.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0c:c9:7f:8d:c0:4d:5f:01:05:27:ee:ed:2c:8a:2b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jul 15 06:33:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4422d61c1dcada3ae74b971f910c8c4429fe0516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c8:9b:20:72:b5:64:44:42:01:aa:e7:6a:d7:
                    e0:4e:9f:bd:da:16:6b:17:35:db:93:99:b6:61:63:
                    90:b8:85:90:11:a3:6a:01:9f:c1:7f:8d:1b:ac:20:
                    47:11:ce:53:50:1b:89:f5:e6:79:f2:cf:23:f3:73:
                    e7:b0:82:a9:aa:0e:68:db:bf:64:c3:79:95:a7:09:
                    9a:2f:23:55:20:94:70:60:81:35:39:3d:e2:be:e8:
                    88:e7:b8:13:5d:80:cd:e8:a1:0e:3d:38:bf:df:c6:
                    01:5b:a0:b9:64:7d:92:fb:c8:5b:71:98:95:b2:b7:
                    4e:90:f0:ab:15:d6:68:28:13:18:bc:2f:28:6e:5c:
                    3a:3b:9a:11:fb:6d:02:39:d5:11:69:59:0d:f2:a5:
                    24:80:fb:d9:9c:b0:aa:04:77:00:97:9a:23:c0:b2:
                    75:69:ea:45:21:60:62:fb:2f:5d:eb:21:e3:ae:b8:
                    ee:b6:dd:42:e2:a3:33:ea:42:98:d7:4a:61:e9:f6:
                    9a:3b:db:43:ff:bb:2d:69:d3:d1:d8:4c:17:9f:a2:
                    45:13:3f:18:84:3d:e9:e7:bc:9f:28:78:9d:f6:8f:
                    05:a7:22:ec:d0:ea:82:ee:6a:b5:d4:49:24:71:14:
                    eb:aa:cb:34:69:30:2a:0e:91:7a:d0:f9:4e:50:06:
                    c6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:22:D6:1C:1D:CA:DA:3A:E7:4B:97:1F:91:0C:8C:44:29:FE:05:16
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/RCLWHB3K2jrnS5cfkQyMRCn-BRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.212.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:b8:c2:b5:21:39:9c:51:64:78:7f:e9:3f:41:39:93:c6:61:
         74:3f:68:43:cb:69:ae:84:5e:f7:f8:94:d1:9d:15:a2:59:6c:
         2c:29:11:53:22:74:64:44:87:28:5e:d1:19:00:8a:77:c9:26:
         51:ff:2e:1b:de:34:13:c0:a7:08:80:96:60:eb:8e:45:e2:4b:
         56:fa:76:1b:6e:bf:cf:fd:ea:24:78:30:e6:66:62:d4:84:fa:
         ee:39:4e:a4:9a:a9:be:6d:a9:67:b4:17:35:e7:f6:57:71:19:
         86:72:c3:7c:2f:cb:1e:a8:f7:ae:79:7e:97:ba:c6:30:9b:97:
         d2:af:79:52:8c:c1:55:18:4c:51:d8:97:7b:98:77:52:61:dd:
         ba:e8:fe:82:b3:29:ad:a7:3a:e4:b5:21:6e:05:5f:14:d1:b6:
         bd:b1:96:df:9f:4f:c8:e4:0e:12:06:b0:b9:ba:ae:69:15:1e:
         56:27:8e:65:34:4b:db:5b:c9:02:88:4d:37:42:dc:7b:ac:0f:
         f4:a1:fe:8a:f0:c9:8b:31:da:64:a3:7c:d9:79:57:98:04:79:
         dc:35:81:58:7c:a7:cb:50:63:27:5d:59:80:f0:89:9f:9c:23:
         22:51:24:be:aa:4d:2b:f9:35:6d:6d:6a:41:2f:41:61:67:38:
         7c:f1:83:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgMyX+NwE1fAQUn7u0siit1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjUwNzE1MDYzMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDIyZDYxYzFkY2FkYTNhZTc0Yjk3MWY5MTBjOGM0NDI5ZmUwNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsibIHK1ZERCAarnatfgTp+92hZr
FzXbk5m2YWOQuIWQEaNqAZ/Bf40brCBHEc5TUBuJ9eZ58s8j83PnsIKpqg5o279k
w3mVpwmaLyNVIJRwYIE1OT3ivuiI57gTXYDN6KEOPTi/38YBW6C5ZH2S+8hbcZiV
srdOkPCrFdZoKBMYvC8oblw6O5oR+20COdURaVkN8qUkgPvZnLCqBHcAl5ojwLJ1
aepFIWBi+y9d6yHjrrjutt1C4qMz6kKY10ph6faaO9tD/7stadPR2EwXn6JFEz8Y
hD3p57yfKHid9o8FpyLs0OqC7mq11EkkcRTrqss0aTAqDpF60PlOUAbG1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQi1hwdyto650uXH5EMjEQp/gUWMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvUkNMV0hCM0syanJuUzVjZmtReU1SQ24tQlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPtTgMA0G
CSqGSIb3DQEBCwUAA4IBAQBRuMK1ITmcUWR4f+k/QTmTxmF0P2hDy2muhF73+JTR
nRWiWWwsKRFTInRkRIcoXtEZAIp3ySZR/y4b3jQTwKcIgJZg645F4ktW+nYbbr/P
/eokeDDmZmLUhPruOU6kmqm+balntBc15/ZXcRmGcsN8L8seqPeueX6XusYwm5fS
r3lSjMFVGExR2Jd7mHdSYd266P6CsymtpzrktSFuBV8U0ba9sZbfn0/I5A4SBrC5
uq5pFR5WJ45lNEvbW8kCiE03Qtx7rA/0of6K8MmLMdpko3zZeVeYBHncNYFYfKfL
UGMnXVmA8ImfnCMiUSS+qk0r+TVtbWpBL0FhZzh88YOK
-----END CERTIFICATE-----