Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/BgEEdYJJbHgGc924Zm7WEX99FWY.roa
File:                     BgEEdYJJbHgGc924Zm7WEX99FWY.roa (raw, json)
Hash identifier:          SHVXIpPkhSLkYBapIuC2jgu/JHbbH+uIDYhiqs5pUEs=
Subject key identifier:   06:01:04:75:82:49:6C:78:06:73:DD:B8:66:6E:D6:11:7F:7D:15:66
Certificate issuer:       /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial:       018CC500A85505B01B25291E08ACDEA2744D
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/BgEEdYJJbHgGc924Zm7WEX99FWY.roa
Signing time:             Mon 01 Jan 2024 12:30:03 +0000
ROA not before:           Mon 01 Jan 2024 12:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6204
IP address blocks:        103.246.249.0/24 maxlen: 24
                          2a12:3200:f000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a8:55:05:b0:1b:25:29:1e:08:ac:de:a2:74:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
        Validity
            Not Before: Jan  1 12:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0601047582496c780673ddb8666ed6117f7d1566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:21:28:0e:15:39:7c:20:03:7e:7f:d0:b4:28:
                    00:1d:ef:96:50:5a:39:eb:5f:77:98:83:06:47:d4:
                    6b:1a:06:a1:3f:e2:ef:9d:67:c2:d6:81:3f:52:84:
                    55:0c:e0:49:7f:97:b2:48:63:10:c4:08:8b:4c:f6:
                    e2:06:67:7a:d5:3b:ff:36:60:48:e0:2c:96:28:a9:
                    c1:15:4e:55:73:83:c6:30:9a:9b:8c:2f:6f:22:f5:
                    71:a6:6a:4d:1f:40:bd:58:c3:d1:e9:cc:60:ac:84:
                    40:56:1f:9e:e9:a5:68:55:85:60:df:0a:ee:06:1b:
                    90:62:60:3a:cd:f9:bf:ca:9a:c1:b1:e1:d4:db:4a:
                    30:ef:2e:83:6b:34:86:5e:eb:ad:a9:f5:6d:f8:35:
                    f0:c8:67:79:7e:4c:0e:06:9c:65:ac:60:da:26:9d:
                    d5:a9:8f:c5:70:29:c0:9d:1a:66:9e:b4:10:3d:cd:
                    d9:05:bd:61:0a:75:03:f7:f8:8f:01:af:eb:48:d6:
                    73:52:70:d3:01:7f:fa:43:7a:ed:d9:8a:c4:08:ee:
                    b6:46:b2:5d:49:d9:71:22:04:1c:58:a5:b8:1c:c1:
                    1d:60:69:ce:9e:7c:99:94:fd:f9:be:a1:79:d3:a6:
                    a0:88:6c:a7:7b:15:96:66:d6:88:da:f0:08:9e:35:
                    dc:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:01:04:75:82:49:6C:78:06:73:DD:B8:66:6E:D6:11:7F:7D:15:66
            X509v3 Authority Key Identifier:
                keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/BgEEdYJJbHgGc924Zm7WEX99FWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.246.249.0/24
                IPv6:
                  2a12:3200:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         64:15:97:c1:73:35:68:2c:9e:ca:e6:62:32:c4:1d:14:79:c4:
         05:36:d7:1a:8e:3d:62:15:a9:20:41:71:83:f1:54:ae:45:25:
         cd:ec:93:c4:77:6a:e3:f6:bb:72:7c:89:bb:6a:58:96:06:4b:
         52:5f:d4:f9:77:b5:e0:92:2c:ea:e8:59:55:65:ba:6e:cc:5e:
         29:28:9a:e7:78:42:6a:46:de:fd:bf:e3:3b:88:14:f1:86:0c:
         d8:5a:e6:1d:0b:05:d9:7f:bd:63:e5:4d:5e:d9:44:ff:fe:43:
         c5:90:84:84:97:52:bb:93:0c:24:87:05:9a:f6:f8:2f:65:46:
         53:35:92:31:3f:9a:c0:90:f9:94:f2:28:44:f4:b6:96:8d:55:
         6a:e6:8b:14:7b:13:b2:e2:7e:36:69:62:42:00:80:0e:fe:48:
         33:32:80:ec:57:c6:6b:a3:d3:16:31:f7:46:17:ae:42:c5:03:
         21:16:e4:98:4a:3b:eb:71:4d:4b:a6:8f:ba:70:97:65:65:a7:
         cd:8f:f7:74:94:7c:d9:fd:3e:9f:75:49:22:b7:1f:89:5b:0b:
         e4:09:ef:bc:aa:ce:c3:79:0c:5f:64:83:81:5c:67:cd:1b:86:
         39:fd:9d:2d:a4:44:51:da:15:a5:e8:4e:c1:f4:eb:11:9e:81:
         f0:5b:82:d0
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzFAKhVBbAbJSkeCKzeonRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjQwMTAxMTIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjAxMDQ3NTgyNDk2Yzc4MDY3M2RkYjg2NjZlZDYxMTdmN2QxNTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviEoDhU5fCADfn/QtCgAHe+WUFo5
6193mIMGR9RrGgahP+LvnWfC1oE/UoRVDOBJf5eySGMQxAiLTPbiBmd61Tv/NmBI
4CyWKKnBFU5Vc4PGMJqbjC9vIvVxpmpNH0C9WMPR6cxgrIRAVh+e6aVoVYVg3wru
BhuQYmA6zfm/yprBseHU20ow7y6DazSGXuutqfVt+DXwyGd5fkwOBpxlrGDaJp3V
qY/FcCnAnRpmnrQQPc3ZBb1hCnUD9/iPAa/rSNZzUnDTAX/6Q3rt2YrECO62RrJd
SdlxIgQcWKW4HMEdYGnOnnyZlP35vqF506agiGynexWWZtaI2vAInjXcFQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFAYBBHWCSWx4BnPduGZu1hF/fRVmMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvQmdFRWRZSkpiSGdHYzkyNFptN1dFWDk5RldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAZ/b5MA4E
AgACMAgDBgQqEjIA8DANBgkqhkiG9w0BAQsFAAOCAQEAZBWXwXM1aCyeyuZiMsQd
FHnEBTbXGo49YhWpIEFxg/FUrkUlzeyTxHdq4/a7cnyJu2pYlgZLUl/U+Xe14JIs
6uhZVWW6bsxeKSia53hCakbe/b/jO4gU8YYM2FrmHQsF2X+9Y+VNXtlE//5DxZCE
hJdSu5MMJIcFmvb4L2VGUzWSMT+awJD5lPIoRPS2lo1VauaLFHsTsuJ+NmliQgCA
Dv5IMzKA7FfGa6PTFjH3RheuQsUDIRbkmEo763FNS6aPunCXZWWnzY/3dJR82f0+
n3VJIrcfiVsL5AnvvKrOw3kMX2SDgVxnzRuGOf2dLaREUdoVpehOwfTrEZ6B8FuC
0A==
-----END CERTIFICATE-----