Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Q3N6Th57_4FGhZfLSXuin8w2BF8.roa
File:                     Q3N6Th57_4FGhZfLSXuin8w2BF8.roa (raw, json)
Hash identifier:          HrHYLMmA/NQOC3oexRxTNM9HryOKm+Mwpi4CtQg2Trk=
Subject key identifier:   43:73:7A:4E:1E:7B:FF:81:46:85:97:CB:49:7B:A2:9F:CC:36:04:5F
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0194206855980757E87FF2B3A205823FC1F6
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Q3N6Th57_4FGhZfLSXuin8w2BF8.roa
Signing time:             Wed 01 Jan 2025 05:48:16 +0000
ROA not before:           Wed 01 Jan 2025 05:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210352
IP address blocks:        193.233.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:55:98:07:57:e8:7f:f2:b3:a2:05:82:3f:c1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43737a4e1e7bff81468597cb497ba29fcc36045f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:70:8d:17:f9:07:0b:68:56:e8:f3:de:2f:fb:
                    e7:38:a8:fe:eb:c2:63:77:a5:e1:b1:56:7d:a0:df:
                    c0:7f:43:7b:57:bd:5a:11:20:f0:d9:4e:80:7b:0b:
                    fa:85:35:58:e9:38:65:d1:af:09:57:6f:1e:7d:bc:
                    42:b6:4b:5b:cf:93:43:9b:69:30:fb:ee:21:54:9b:
                    8d:87:76:fe:94:18:86:72:3f:84:c3:eb:ee:48:46:
                    23:41:e8:c5:ff:b2:d5:a7:2f:31:35:e8:fc:99:e5:
                    9e:2a:ca:1f:f7:47:93:1b:df:54:2d:fe:12:61:c3:
                    58:2f:4a:d7:fa:72:44:02:10:57:56:84:fe:44:b7:
                    12:bc:b7:52:6e:3e:b7:16:04:4a:62:a9:60:f0:5c:
                    8d:54:25:53:c9:e7:a1:e1:b0:e5:e0:76:91:d7:e7:
                    96:28:c7:2b:32:06:63:b3:6b:57:a2:10:6c:3a:8f:
                    a7:25:5b:b4:a2:43:92:d8:fb:fa:6a:e5:cb:51:5a:
                    0a:fd:5c:26:46:2c:d3:ee:98:46:f2:5e:57:25:55:
                    73:e7:a9:b0:72:67:c5:4e:f2:6f:60:0c:65:95:ae:
                    35:ae:3d:cc:54:8f:0d:15:90:d5:a8:8c:23:7a:b2:
                    ea:7b:a5:f1:78:1d:57:78:96:07:9d:fc:db:69:f1:
                    81:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:73:7A:4E:1E:7B:FF:81:46:85:97:CB:49:7B:A2:9F:CC:36:04:5F
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Q3N6Th57_4FGhZfLSXuin8w2BF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:3b:b6:fc:ae:ae:03:4d:d7:d4:7b:76:d6:db:10:90:7d:0d:
         44:45:ea:9f:46:07:5c:46:24:73:62:c8:ec:06:9b:75:1b:11:
         f5:d5:4a:98:06:1b:14:60:36:bd:84:12:d5:5b:87:54:05:8f:
         f4:a8:0c:80:fe:85:36:24:d3:fb:41:10:92:a0:a3:f2:85:b9:
         12:be:43:91:d7:4b:ef:b9:e2:02:e5:1e:98:21:b8:21:f6:37:
         d2:de:14:09:2b:9a:02:ef:f6:97:77:83:72:43:ec:d9:75:d0:
         b2:34:38:20:2d:e3:60:ab:9e:58:07:8d:fd:eb:d0:1f:62:25:
         cb:26:62:4b:85:9a:6d:f0:d1:d6:fe:d9:45:d7:41:bb:d1:97:
         97:1f:6c:d1:d0:e2:7b:8c:04:f7:15:61:e5:57:1f:b3:0d:cc:
         59:b8:f7:d9:4e:18:de:2b:46:d0:f6:52:2d:5d:17:e3:52:43:
         b2:5a:7b:a2:99:7d:90:3b:a4:0f:c0:a4:10:53:41:b6:c8:a8:
         80:4d:6d:9f:ea:11:4c:a3:bc:1c:3b:45:9b:17:c1:99:db:24:
         83:70:dc:d7:c3:56:82:d9:82:a0:e5:e5:fc:9f:2e:d8:73:23:
         e4:5a:85:11:9e:46:d3:8f:d2:8b:64:48:e2:4a:81:54:63:78:
         3e:28:c5:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFWYB1fof/KzogWCP8H2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzczN2E0ZTFlN2JmZjgxNDY4NTk3Y2I0OTdiYTI5ZmNjMzYwNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXCNF/kHC2hW6PPeL/vnOKj+68Jj
d6XhsVZ9oN/Af0N7V71aESDw2U6Aewv6hTVY6Thl0a8JV28efbxCtktbz5NDm2kw
++4hVJuNh3b+lBiGcj+Ew+vuSEYjQejF/7LVpy8xNej8meWeKsof90eTG99ULf4S
YcNYL0rX+nJEAhBXVoT+RLcSvLdSbj63FgRKYqlg8FyNVCVTyeeh4bDl4HaR1+eW
KMcrMgZjs2tXohBsOo+nJVu0okOS2Pv6auXLUVoK/VwmRizT7phG8l5XJVVz56mw
cmfFTvJvYAxlla41rj3MVI8NFZDVqIwjerLqe6XxeB1XeJYHnfzbafGBwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENzek4ee/+BRoWXy0l7op/MNgRfMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUTNONlRoNTdfNEZHaFpmTFNYdWluOHcyQkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekxMA0G
CSqGSIb3DQEBCwUAA4IBAQCBO7b8rq4DTdfUe3bW2xCQfQ1EReqfRgdcRiRzYsjs
Bpt1GxH11UqYBhsUYDa9hBLVW4dUBY/0qAyA/oU2JNP7QRCSoKPyhbkSvkOR10vv
ueIC5R6YIbgh9jfS3hQJK5oC7/aXd4NyQ+zZddCyNDggLeNgq55YB43969AfYiXL
JmJLhZpt8NHW/tlF10G70ZeXH2zR0OJ7jAT3FWHlVx+zDcxZuPfZThjeK0bQ9lIt
XRfjUkOyWnuimX2QO6QPwKQQU0G2yKiATW2f6hFMo7wcO0WbF8GZ2ySDcNzXw1aC
2YKg5eX8ny7YcyPkWoURnkbTj9KLZEjiSoFUY3g+KMUB
-----END CERTIFICATE-----