Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/RKDStsYO0dPNpQAh64OaOHuMUk0.roa
File:                     RKDStsYO0dPNpQAh64OaOHuMUk0.roa (raw, json)
Hash identifier:          bAKbAqW5GtO2toPHvU7PJ3UF3UCDLRq467rjIGGnaZw=
Subject key identifier:   44:A0:D2:B6:C6:0E:D1:D3:CD:A5:00:21:EB:83:9A:38:7B:8C:52:4D
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019426D9D639C18F679CD07F0ADEF51C1757
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/RKDStsYO0dPNpQAh64OaOHuMUk0.roa
Signing time:             Thu 02 Jan 2025 11:49:57 +0000
ROA not before:           Thu 02 Jan 2025 11:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29049
IP address blocks:        62.212.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d6:39:c1:8f:67:9c:d0:7f:0a:de:f5:1c:17:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jan  2 11:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44a0d2b6c60ed1d3cda50021eb839a387b8c524d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:80:de:69:bc:b0:89:f6:4a:d2:fe:b9:7d:df:
                    c8:9a:b2:06:4a:bd:5c:43:ab:f6:07:1f:68:a9:0e:
                    16:ad:1b:ae:e3:0c:6e:3f:19:98:4b:01:17:2c:32:
                    ce:b2:60:dd:c6:df:e1:b3:8a:b4:f7:40:c2:88:6a:
                    93:07:fa:8c:dd:68:90:95:32:7e:f2:b4:58:b2:1c:
                    5a:c2:25:d9:9e:aa:b5:c4:ad:d7:7d:68:1e:59:75:
                    82:57:f8:4e:a3:10:96:8f:11:0a:39:03:cb:0c:cb:
                    8f:21:34:98:22:4c:40:6d:7e:ad:c2:6d:53:eb:d1:
                    65:d5:57:13:d0:57:5b:a5:aa:9b:48:14:cf:93:df:
                    0d:92:14:29:91:b3:8f:05:19:c6:0e:bd:45:21:cf:
                    96:0d:fb:31:e9:04:f3:96:d8:d4:b2:8e:db:f5:42:
                    af:ae:ff:67:d0:35:a9:a9:69:52:e8:2d:82:67:3f:
                    4c:98:be:ad:69:1d:40:96:87:a5:33:5d:98:0b:df:
                    f7:40:77:69:1b:2b:e3:fe:37:b7:24:d3:7c:76:7d:
                    a0:ae:01:2b:17:23:10:62:0e:ac:df:7f:fd:08:96:
                    a0:9c:6a:ae:59:24:e3:b8:1e:da:b0:1b:e1:3c:16:
                    b1:a4:63:c3:82:4c:7d:92:f2:a4:8e:24:bc:f1:30:
                    44:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A0:D2:B6:C6:0E:D1:D3:CD:A5:00:21:EB:83:9A:38:7B:8C:52:4D
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/RKDStsYO0dPNpQAh64OaOHuMUk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.212.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f4:8c:24:94:bb:83:2e:00:10:f0:c0:79:ad:39:83:4e:84:
         f9:f3:2d:a7:76:f7:58:d8:21:60:5d:3c:7e:c4:ed:11:40:c5:
         83:97:e2:09:84:5c:96:10:45:7d:10:cc:b0:82:70:e2:6b:8d:
         aa:d3:8e:86:c8:c4:b5:e3:c6:a1:61:22:93:fd:2a:86:4f:4b:
         bb:da:9a:91:21:4f:f8:61:2b:b2:0e:65:d5:8e:24:5c:b6:fa:
         0d:7c:32:0b:93:70:02:4d:0a:01:2d:bf:9b:25:a8:30:41:97:
         23:f5:73:03:80:66:77:de:98:0c:c7:8c:73:a6:10:fb:71:37:
         b4:83:52:d2:13:82:fe:b9:a6:bc:20:cf:71:a1:09:7d:8f:67:
         ee:f2:9e:4c:74:fe:45:bb:d3:4d:08:5d:eb:f8:50:9d:6b:d1:
         f1:4c:59:24:76:7f:30:74:7b:a6:63:77:18:2a:99:8b:41:d4:
         04:e2:be:bf:a0:cf:30:d6:5c:14:84:ab:3a:a6:54:b2:5e:03:
         db:2f:fc:fb:a5:51:0e:b7:5c:f1:57:c8:5f:e9:6d:54:ee:37:
         e8:2c:8d:3a:f3:54:dd:7a:93:d5:86:b4:42:60:84:54:0c:80:
         44:8d:ff:65:09:e1:83:b4:31:c1:1b:17:1a:04:5f:81:73:a7:
         a7:c8:5b:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2dY5wY9nnNB/Ct71HBdXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjUwMTAyMTE0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGEwZDJiNmM2MGVkMWQzY2RhNTAwMjFlYjgzOWEzODdiOGM1MjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIDeabywifZK0v65fd/ImrIGSr1c
Q6v2Bx9oqQ4WrRuu4wxuPxmYSwEXLDLOsmDdxt/hs4q090DCiGqTB/qM3WiQlTJ+
8rRYshxawiXZnqq1xK3XfWgeWXWCV/hOoxCWjxEKOQPLDMuPITSYIkxAbX6twm1T
69Fl1VcT0FdbpaqbSBTPk98NkhQpkbOPBRnGDr1FIc+WDfsx6QTzltjUso7b9UKv
rv9n0DWpqWlS6C2CZz9MmL6taR1AloelM12YC9/3QHdpGyvj/je3JNN8dn2grgEr
FyMQYg6s33/9CJagnGquWSTjuB7asBvhPBaxpGPDgkx9kvKkjiS88TBEtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESg0rbGDtHTzaUAIeuDmjh7jFJNMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvUktEU3RzWU8wZFBOcFFBaDY0T2FPSHVNVWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPtTgMA0G
CSqGSIb3DQEBCwUAA4IBAQBi9IwklLuDLgAQ8MB5rTmDToT58y2ndvdY2CFgXTx+
xO0RQMWDl+IJhFyWEEV9EMywgnDia42q046GyMS148ahYSKT/SqGT0u72pqRIU/4
YSuyDmXVjiRctvoNfDILk3ACTQoBLb+bJagwQZcj9XMDgGZ33pgMx4xzphD7cTe0
g1LSE4L+uaa8IM9xoQl9j2fu8p5MdP5Fu9NNCF3r+FCda9HxTFkkdn8wdHumY3cY
KpmLQdQE4r6/oM8w1lwUhKs6plSyXgPbL/z7pVEOt1zxV8hf6W1U7jfoLI0681Td
epPVhrRCYIRUDIBEjf9lCeGDtDHBGxcaBF+Bc6enyFtT
-----END CERTIFICATE-----