Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/BydSOM_bsNtPC1BJEtIVdhUnwKw.roa
File:                     BydSOM_bsNtPC1BJEtIVdhUnwKw.roa (raw, json)
Hash identifier:          0uPqiAlQx1TLQS0jpVjV9qJktQiKwQO5ROTtgUW4/jA=
Subject key identifier:   07:27:52:38:CF:DB:B0:DB:4F:0B:50:49:12:D2:15:76:15:27:C0:AC
Certificate issuer:       /CN=bee0a94997672a920a290ccbfd049126f7075c99
Certificate serial:       018CC2DAD2FD401A917A57EF6CCFB6AEC948
Authority key identifier: BE:E0:A9:49:97:67:2A:92:0A:29:0C:CB:FD:04:91:26:F7:07:5C:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vuCpSZdnKpIKKQzL_QSRJvcHXJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/BydSOM_bsNtPC1BJEtIVdhUnwKw.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61241
IP address blocks:        45.136.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/vuCpSZdnKpIKKQzL_QSRJvcHXJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/vuCpSZdnKpIKKQzL_QSRJvcHXJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vuCpSZdnKpIKKQzL_QSRJvcHXJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d2:fd:40:1a:91:7a:57:ef:6c:cf:b6:ae:c9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bee0a94997672a920a290ccbfd049126f7075c99
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07275238cfdbb0db4f0b504912d215761527c0ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:59:4c:51:1a:d1:5c:9b:70:3f:bb:4e:dc:3a:
                    b1:9f:e1:a4:4a:6f:bd:6e:09:94:8d:9d:78:f6:c9:
                    9e:30:80:ef:e9:41:fc:96:ec:a9:dc:5b:77:b0:09:
                    24:ab:a4:fc:98:73:c9:a8:35:96:23:4c:34:48:8e:
                    33:3e:d4:9e:56:a7:ee:be:3f:c9:0c:92:3f:bb:80:
                    23:78:81:54:44:59:9a:d4:f9:44:30:75:b9:26:ec:
                    02:54:41:b9:cf:b5:ef:d5:c9:8e:e0:d5:0b:ef:84:
                    77:f0:ac:68:0e:67:0e:96:8e:12:f6:bf:f1:d1:17:
                    f4:c5:10:f5:7e:9c:23:e6:1e:2d:c2:be:0f:6f:82:
                    28:7f:4d:2f:86:63:3f:35:fa:ea:d7:f3:fd:cb:b0:
                    19:60:2d:51:97:cc:2c:b7:95:5b:db:1d:ee:ef:ef:
                    7c:9b:65:c2:97:51:5a:33:aa:e2:c4:e2:49:33:13:
                    be:aa:6b:8f:c6:6c:c4:c9:ac:3a:c2:dc:fe:5f:63:
                    d6:bc:43:c1:2a:b4:0b:32:48:51:65:e1:2d:d5:e2:
                    d1:84:3e:bd:df:26:23:a4:b8:a0:70:d2:c5:c9:e9:
                    45:34:da:6a:c3:9d:de:77:23:43:dc:ec:94:4f:b8:
                    2b:41:a5:eb:8d:d6:16:ee:15:86:a1:14:29:e8:3a:
                    35:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:27:52:38:CF:DB:B0:DB:4F:0B:50:49:12:D2:15:76:15:27:C0:AC
            X509v3 Authority Key Identifier:
                keyid:BE:E0:A9:49:97:67:2A:92:0A:29:0C:CB:FD:04:91:26:F7:07:5C:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vuCpSZdnKpIKKQzL_QSRJvcHXJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/BydSOM_bsNtPC1BJEtIVdhUnwKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/vuCpSZdnKpIKKQzL_QSRJvcHXJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:a2:eb:a2:3d:59:a2:54:2c:7f:18:5f:eb:e5:b6:ad:17:49:
         7f:15:1e:be:fa:d0:6b:3b:53:5a:b1:1c:4d:d3:55:91:91:fd:
         d8:4c:7b:a2:c0:29:c1:04:30:18:f2:e8:c9:26:a5:4d:96:8e:
         ab:8c:7f:fe:58:c2:02:9e:c2:08:4d:1d:ea:4a:ac:e4:13:a7:
         aa:86:8b:66:96:94:b8:92:0d:0e:4a:6c:0a:9d:88:4d:c7:eb:
         33:20:e4:3b:7d:05:1b:f1:cc:e6:5a:56:85:6e:57:2f:bc:a1:
         f7:21:34:23:a3:b2:90:a8:0d:08:56:18:b3:6b:97:84:ce:b9:
         76:77:83:a8:a9:ab:f9:07:63:83:b0:ab:94:f1:76:be:bc:62:
         85:36:3c:25:cb:b4:f9:cf:a0:a8:d3:4e:f2:00:92:a6:9c:75:
         6c:92:11:24:e8:33:6d:64:62:d7:47:50:67:d0:57:c9:7c:17:
         f8:b6:d9:2f:22:4c:cd:5f:73:fa:b1:ed:79:5b:48:9e:80:20:
         c4:5e:73:76:9c:2d:59:dc:29:b6:5b:3d:ae:2e:b4:2a:db:87:
         31:b0:ca:76:25:e1:6d:3b:d9:e4:c6:c8:b3:c4:f4:76:fa:7b:
         53:94:7b:0c:f4:52:0b:e5:31:0a:45:5c:fe:c6:2d:8a:38:46:
         0c:42:1c:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tL9QBqRelfvbM+2rslIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZTBhOTQ5OTc2NzJhOTIwYTI5MGNjYmZkMDQ5MTI2Zjcw
NzVjOTkwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzI3NTIzOGNmZGJiMGRiNGYwYjUwNDkxMmQyMTU3NjE1MjdjMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01lMURrRXJtwP7tO3Dqxn+GkSm+9
bgmUjZ149smeMIDv6UH8luyp3Ft3sAkkq6T8mHPJqDWWI0w0SI4zPtSeVqfuvj/J
DJI/u4AjeIFURFma1PlEMHW5JuwCVEG5z7Xv1cmO4NUL74R38KxoDmcOlo4S9r/x
0Rf0xRD1fpwj5h4twr4Pb4Iof00vhmM/Nfrq1/P9y7AZYC1Rl8wst5Vb2x3u7+98
m2XCl1FaM6rixOJJMxO+qmuPxmzEyaw6wtz+X2PWvEPBKrQLMkhRZeEt1eLRhD69
3yYjpLigcNLFyelFNNpqw53edyND3OyUT7grQaXrjdYW7hWGoRQp6Do16QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcnUjjP27DbTwtQSRLSFXYVJ8CsMB8GA1UdIwQY
MBaAFL7gqUmXZyqSCikMy/0EkSb3B1yZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnVDcFNaZG5LcElLS1F6TF9RU1JKdmNIWEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jM2UzMjktMTVlZi00MjNhLWJiMTIt
M2E2MDYzY2ZlYTk1LzEvQnlkU09NX2JzTnRQQzFCSkV0SVZkaFVud0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jM2UzMjktMTVlZi00MjNhLWJiMTItM2E2MDYzY2ZlYTk1
LzEvdnVDcFNaZG5LcElLS1F6TF9RU1JKdmNIWEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYiEMA0G
CSqGSIb3DQEBCwUAA4IBAQCaouuiPVmiVCx/GF/r5batF0l/FR6++tBrO1NasRxN
01WRkf3YTHuiwCnBBDAY8ujJJqVNlo6rjH/+WMICnsIITR3qSqzkE6eqhotmlpS4
kg0OSmwKnYhNx+szIOQ7fQUb8czmWlaFblcvvKH3ITQjo7KQqA0IVhiza5eEzrl2
d4Ooqav5B2ODsKuU8Xa+vGKFNjwly7T5z6Co007yAJKmnHVskhEk6DNtZGLXR1Bn
0FfJfBf4ttkvIkzNX3P6se15W0iegCDEXnN2nC1Z3Cm2Wz2uLrQq24cxsMp2JeFt
O9nkxsizxPR2+ntTlHsM9FIL5TEKRVz+xi2KOEYMQhxr
-----END CERTIFICATE-----