Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/beLU6O7BsGUWEOf1L9TW85P9vjE.roa
File:                     beLU6O7BsGUWEOf1L9TW85P9vjE.roa (raw, json)
Hash identifier:          A33ykKDAYeCmBdPUarqEtEhvDkzh/gQ5li2sl7LcgP0=
Subject key identifier:   6D:E2:D4:E8:EE:C1:B0:65:16:10:E7:F5:2F:D4:D6:F3:93:FD:BE:31
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019272C0D2B26B5DBD5A39E3D80095A12DA9
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/beLU6O7BsGUWEOf1L9TW85P9vjE.roa
Signing time:             Wed 09 Oct 2024 19:28:12 +0000
ROA not before:           Wed 09 Oct 2024 19:28:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.9.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:72:c0:d2:b2:6b:5d:bd:5a:39:e3:d8:00:95:a1:2d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct  9 19:28:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6de2d4e8eec1b0651610e7f52fd4d6f393fdbe31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fe:87:84:ee:5e:cc:9d:aa:3a:a6:94:ad:4c:
                    15:7f:f5:87:dd:a1:5b:57:08:dc:23:16:7a:9b:49:
                    85:e7:ea:51:07:d8:5b:7a:b9:a5:e3:71:de:4d:c5:
                    ea:da:17:ea:6c:2c:54:af:5b:8a:14:d7:bb:9c:38:
                    e8:d1:9a:32:e7:da:f6:44:16:f1:b9:44:d0:a5:85:
                    fb:79:f2:6e:ac:c1:9f:61:41:18:fc:50:a6:13:a4:
                    15:02:a9:0e:1c:d1:1c:e1:39:4d:f7:25:72:d3:3c:
                    89:30:2b:a3:f1:1e:fe:d4:2a:e5:82:12:c8:de:30:
                    27:83:34:4e:b7:de:8a:fb:c7:3c:02:5b:9a:10:d5:
                    16:99:d5:e6:23:4d:ec:17:b4:a7:05:2c:ad:88:37:
                    59:ca:06:3d:3e:42:7e:98:5b:14:75:37:b4:e6:29:
                    39:9f:96:30:1f:2f:e3:72:ae:3b:b8:b4:86:60:35:
                    28:6c:12:1d:45:c2:70:08:aa:59:48:9f:22:b3:1e:
                    ee:1d:8b:12:5b:16:b9:ba:be:ba:22:94:20:7e:1f:
                    09:b1:32:45:9e:f2:fd:99:02:ac:02:9b:00:99:54:
                    2c:cd:00:13:1c:db:35:fc:c7:e1:61:fd:b3:54:0e:
                    9e:39:e3:0d:e0:c2:38:48:06:36:43:1c:1f:6e:25:
                    64:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E2:D4:E8:EE:C1:B0:65:16:10:E7:F5:2F:D4:D6:F3:93:FD:BE:31
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/beLU6O7BsGUWEOf1L9TW85P9vjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:ff:84:0a:d0:2d:07:fb:86:7c:2e:de:7f:2b:60:4f:e4:06:
         e3:23:72:ed:57:e7:39:22:64:c9:7d:42:23:91:60:7e:ff:be:
         26:d6:fe:89:d8:a6:22:eb:55:a5:c3:a5:d2:88:58:53:52:5c:
         49:65:2a:83:16:54:8a:63:c0:bf:1c:57:2d:ae:fc:23:64:63:
         40:ee:10:2e:e9:f1:dd:30:4a:02:85:0c:5f:ea:5f:3b:4b:84:
         0b:1f:c4:62:3f:01:57:ee:aa:5a:f6:98:a5:83:fa:e1:ce:9e:
         dd:6c:2c:67:f3:2d:b3:3e:5a:10:5d:85:ee:f0:90:41:f9:92:
         cc:9c:e1:70:98:b7:f1:4f:87:e1:ce:d3:e2:c0:fe:33:de:4f:
         c1:3b:1c:af:ff:2d:41:ce:75:e0:0a:b8:56:88:96:1c:43:95:
         df:1d:32:65:86:f3:e0:86:61:31:f5:bf:96:1c:95:fc:7c:46:
         54:7d:8e:78:1e:f7:7a:4c:14:07:60:0e:9d:54:a6:50:e4:77:
         c2:db:dc:d1:37:2a:fe:53:75:81:f9:04:65:6d:c8:fd:b5:8a:
         6e:40:a1:33:15:95:98:ef:76:a2:8c:8a:d9:7c:95:04:60:01:
         bc:b6:9f:6e:f1:d4:63:2d:68:b3:a6:6f:ca:c7:17:2a:72:5e:
         08:15:be:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJywNKya129Wjnj2ACVoS2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMDA5MTkyODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGUyZDRlOGVlYzFiMDY1MTYxMGU3ZjUyZmQ0ZDZmMzkzZmRiZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwv6HhO5ezJ2qOqaUrUwVf/WH3aFb
VwjcIxZ6m0mF5+pRB9hberml43HeTcXq2hfqbCxUr1uKFNe7nDjo0Zoy59r2RBbx
uUTQpYX7efJurMGfYUEY/FCmE6QVAqkOHNEc4TlN9yVy0zyJMCuj8R7+1CrlghLI
3jAngzROt96K+8c8AluaENUWmdXmI03sF7SnBSytiDdZygY9PkJ+mFsUdTe05ik5
n5YwHy/jcq47uLSGYDUobBIdRcJwCKpZSJ8isx7uHYsSWxa5ur66IpQgfh8JsTJF
nvL9mQKsApsAmVQszQATHNs1/MfhYf2zVA6eOeMN4MI4SAY2QxwfbiVkAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3i1OjuwbBlFhDn9S/U1vOT/b4xMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvYmVMVTZPN0JzR1VXRU9mMUw5VFc4NVA5dmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQl4MA0G
CSqGSIb3DQEBCwUAA4IBAQAh/4QK0C0H+4Z8Lt5/K2BP5AbjI3LtV+c5ImTJfUIj
kWB+/74m1v6J2KYi61Wlw6XSiFhTUlxJZSqDFlSKY8C/HFctrvwjZGNA7hAu6fHd
MEoChQxf6l87S4QLH8RiPwFX7qpa9pilg/rhzp7dbCxn8y2zPloQXYXu8JBB+ZLM
nOFwmLfxT4fhztPiwP4z3k/BOxyv/y1BznXgCrhWiJYcQ5XfHTJlhvPghmEx9b+W
HJX8fEZUfY54Hvd6TBQHYA6dVKZQ5HfC29zRNyr+U3WB+QRlbcj9tYpuQKEzFZWY
73aijIrZfJUEYAG8tp9u8dRjLWizpm/Kxxcqcl4IFb5H
-----END CERTIFICATE-----