Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/bc178e-9dc0-4688-a2e3-8d9f11f916e9/1/CON1qItWtbrKIYXRdV_TEeDuWKQ.roa
File:                     CON1qItWtbrKIYXRdV_TEeDuWKQ.roa (raw, json)
Hash identifier:          krT8XWx87IlYD5e3RTY90vBER8rVmDuOSR/mGg/Tnd4=
Subject key identifier:   08:E3:75:A8:8B:56:B5:BA:CA:21:85:D1:75:5F:D3:11:E0:EE:58:A4
Certificate issuer:       /CN=ae46644066ceaf39d3afb0fd735b019cec9da364
Certificate serial:       019421B24EBF4D4518760B4B8C179874842A
Authority key identifier: AE:46:64:40:66:CE:AF:39:D3:AF:B0:FD:73:5B:01:9C:EC:9D:A3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rkZkQGbOrznTr7D9c1sBnOydo2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/bc178e-9dc0-4688-a2e3-8d9f11f916e9/1/CON1qItWtbrKIYXRdV_TEeDuWKQ.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        193.246.62.0/23 maxlen: 23
                          193.246.62.0/24 maxlen: 24
                          193.246.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/bc178e-9dc0-4688-a2e3-8d9f11f916e9/1/rkZkQGbOrznTr7D9c1sBnOydo2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/bc178e-9dc0-4688-a2e3-8d9f11f916e9/1/rkZkQGbOrznTr7D9c1sBnOydo2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rkZkQGbOrznTr7D9c1sBnOydo2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4e:bf:4d:45:18:76:0b:4b:8c:17:98:74:84:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae46644066ceaf39d3afb0fd735b019cec9da364
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08e375a88b56b5baca2185d1755fd311e0ee58a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:b3:87:b2:00:00:f8:c0:b5:9d:cc:4d:33:de:
                    3f:8d:9d:2b:70:d2:ea:bd:16:b8:bf:01:85:2a:26:
                    74:c2:b6:49:a3:de:81:ec:d7:f1:d0:aa:6b:f7:ed:
                    6a:1a:b9:07:10:0c:cc:09:4e:4d:3e:85:1c:88:1f:
                    55:4d:4b:7e:25:a7:8b:b0:2b:e4:2f:2f:0f:2e:cb:
                    5f:0b:9c:fa:1e:33:62:e3:b8:49:28:93:2d:98:b5:
                    55:c1:9f:4a:21:a5:83:d8:13:60:06:38:98:19:94:
                    f5:d7:59:ee:e0:ff:85:64:76:e6:f4:68:b4:ad:c6:
                    0a:8a:f6:49:e1:28:6f:b4:1d:39:20:d9:fb:5e:04:
                    5c:4f:ad:84:2e:71:99:8b:35:5a:98:22:c6:03:f7:
                    32:82:92:7a:de:2d:04:2b:d2:5a:92:69:59:00:12:
                    b6:f0:ec:31:62:8c:bb:04:83:04:7c:3b:24:f3:05:
                    34:ac:19:27:73:a3:4e:d6:a7:1f:dd:b6:bb:3c:04:
                    1c:58:97:37:cc:6f:30:05:32:38:ab:ce:98:50:84:
                    da:4f:21:a9:c5:f4:3f:fe:94:05:00:52:95:a2:a9:
                    4e:7b:b7:ae:28:72:48:8f:dc:1b:1c:4a:22:f8:22:
                    67:2d:84:71:59:09:5f:69:45:6f:1d:98:90:6b:d0:
                    c4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E3:75:A8:8B:56:B5:BA:CA:21:85:D1:75:5F:D3:11:E0:EE:58:A4
            X509v3 Authority Key Identifier:
                keyid:AE:46:64:40:66:CE:AF:39:D3:AF:B0:FD:73:5B:01:9C:EC:9D:A3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rkZkQGbOrznTr7D9c1sBnOydo2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/bc178e-9dc0-4688-a2e3-8d9f11f916e9/1/CON1qItWtbrKIYXRdV_TEeDuWKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/bc178e-9dc0-4688-a2e3-8d9f11f916e9/1/rkZkQGbOrznTr7D9c1sBnOydo2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:43:c2:f5:71:b2:ac:e2:0a:5e:ab:d0:f3:67:e3:54:df:ca:
         c4:19:e6:75:f8:38:29:b7:04:5f:92:ca:96:c9:63:2b:fb:2b:
         cc:44:fd:33:20:d8:d7:1f:d1:aa:1e:9a:e2:7b:2d:41:39:56:
         3b:4a:e2:c6:f6:07:3a:ba:38:d6:0d:48:1a:56:dd:b1:7a:06:
         8b:ba:6e:f6:4d:da:23:75:4d:6a:18:60:b5:7a:ad:70:24:07:
         a7:2d:6f:c6:76:f5:cf:6d:cc:66:c2:2a:fe:5d:bd:b2:3b:c3:
         4d:82:f7:3d:38:d1:64:25:77:b3:51:aa:73:85:3e:36:8a:0e:
         94:5b:f4:a2:77:48:b6:d4:35:57:40:02:86:26:12:89:a1:55:
         f4:f3:67:84:b7:2d:ed:dd:00:96:6a:aa:03:79:e8:ca:8a:9f:
         ad:0a:e9:2a:b0:cc:cb:3b:7a:75:b8:10:ab:af:3e:c3:ec:ed:
         15:e9:a9:17:e3:09:5b:ae:22:86:b0:a5:a3:3e:ca:6d:31:49:
         c3:de:fd:4c:25:36:22:3e:32:be:65:34:47:eb:75:e3:5b:b2:
         27:94:10:05:31:19:9b:a7:6f:62:75:3f:2b:51:4f:23:6e:92:
         79:92:47:44:42:2b:9a:57:9a:27:65:97:76:dd:3d:9d:58:08:
         e8:e6:8a:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsk6/TUUYdgtLjBeYdIQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNDY2NDQwNjZjZWFmMzlkM2FmYjBmZDczNWIwMTljZWM5
ZGEzNjQwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGUzNzVhODhiNTZiNWJhY2EyMTg1ZDE3NTVmZDMxMWUwZWU1OGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bOHsgAA+MC1ncxNM94/jZ0rcNLq
vRa4vwGFKiZ0wrZJo96B7Nfx0Kpr9+1qGrkHEAzMCU5NPoUciB9VTUt+JaeLsCvk
Ly8PLstfC5z6HjNi47hJKJMtmLVVwZ9KIaWD2BNgBjiYGZT111nu4P+FZHbm9Gi0
rcYKivZJ4ShvtB05INn7XgRcT62ELnGZizVamCLGA/cygpJ63i0EK9JakmlZABK2
8OwxYoy7BIMEfDsk8wU0rBknc6NO1qcf3ba7PAQcWJc3zG8wBTI4q86YUITaTyGp
xfQ//pQFAFKVoqlOe7euKHJIj9wbHEoi+CJnLYRxWQlfaUVvHZiQa9DEHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjjdaiLVrW6yiGF0XVf0xHg7likMB8GA1UdIwQY
MBaAFK5GZEBmzq8506+w/XNbAZzsnaNkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmtaa1FHYk9yem5UcjdEOWMxc0JuT3lkbzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iYzE3OGUtOWRjMC00Njg4LWEyZTMt
OGQ5ZjExZjkxNmU5LzEvQ09OMXFJdFd0YnJLSVlYUmRWX1RFZUR1V0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iYzE3OGUtOWRjMC00Njg4LWEyZTMtOGQ5ZjExZjkxNmU5
LzEvcmtaa1FHYk9yem5UcjdEOWMxc0JuT3lkbzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwfY+MA0G
CSqGSIb3DQEBCwUAA4IBAQBwQ8L1cbKs4gpeq9DzZ+NU38rEGeZ1+DgptwRfksqW
yWMr+yvMRP0zINjXH9GqHpriey1BOVY7SuLG9gc6ujjWDUgaVt2xegaLum72Tdoj
dU1qGGC1eq1wJAenLW/GdvXPbcxmwir+Xb2yO8NNgvc9ONFkJXezUapzhT42ig6U
W/Sid0i21DVXQAKGJhKJoVX082eEty3t3QCWaqoDeejKip+tCukqsMzLO3p1uBCr
rz7D7O0V6akX4wlbriKGsKWjPsptMUnD3v1MJTYiPjK+ZTRH63XjW7InlBAFMRmb
p29idT8rUU8jbpJ5kkdEQiuaV5onZZd23T2dWAjo5opY
-----END CERTIFICATE-----