Route Origin Authorization

$ cd rpki.ripe.net/repository/DEFAULT/38/563b00-4c84-465a-b6f7-e29a252460cd/1/

$ rpki-client -vvf oLjbBWGtnEwYG4By5pX5yvuaMCM.roa
File:                     oLjbBWGtnEwYG4By5pX5yvuaMCM.roa (download)
Hash identifier:          7cFYmfzbMcR/QalRiGqgsncU1lblfWTHTgszS6XeD2A=
Subject key identifier:   A0:B8:DB:05:61:AD:9C:4C:18:1B:80:72:E6:95:F9:CA:FB:9A:30:23
Certificate issuer:       /CN=c63976b4b9b2ac900b24ff41e64e455e0f1ce725
Certificate serial:       9ED9A1
Authority key identifier: C6:39:76:B4:B9:B2:AC:90:0B:24:FF:41:E6:4E:45:5E:0F:1C:E7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xjl2tLmyrJALJP9B5k5FXg8c5yU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/563b00-4c84-465a-b6f7-e29a252460cd/1/oLjbBWGtnEwYG4By5pX5yvuaMCM.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 109.107.151.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10410401 (0x9ed9a1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c63976b4b9b2ac900b24ff41e64e455e0f1ce725
        Validity
            Not Before: Jan  1 01:59:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a0b8db0561ad9c4c181b8072e695f9cafb9a3023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:0a:24:a3:1a:e7:60:38:20:27:19:be:52:10:
                    94:df:ab:0a:ab:4c:d2:54:3e:ee:3c:47:f5:2a:7a:
                    5f:18:c3:14:9b:80:29:8e:a1:c1:c1:36:fa:6c:20:
                    cc:da:32:72:02:c0:ce:54:59:f4:7a:68:c9:e7:14:
                    a9:56:65:2a:54:98:01:57:6e:ee:fb:dc:0b:aa:b3:
                    e9:f6:43:9a:d2:71:16:a8:5d:b3:2a:7d:eb:b4:d6:
                    6e:10:1d:8e:54:2e:1b:64:a2:ca:31:89:8d:29:d3:
                    8e:a8:ae:79:3e:c5:e5:08:78:8f:49:1c:79:52:d5:
                    b9:e6:52:a1:be:eb:0d:79:57:03:dc:86:9b:c5:1b:
                    1e:dc:ea:ac:00:55:cc:8b:8c:6b:46:0d:f4:84:75:
                    29:ab:59:1d:01:9b:52:7d:69:78:32:80:fb:74:59:
                    29:a4:d1:fd:80:61:0f:91:91:d2:e8:a0:7c:00:89:
                    60:f1:4f:e2:e2:c5:49:47:90:e3:e8:1c:bf:7d:e3:
                    16:50:fa:bc:49:2f:5c:71:ec:f5:12:db:95:8e:23:
                    f8:b7:a4:a1:27:88:f2:87:ea:72:cb:99:16:9f:c3:
                    16:98:32:c0:08:06:28:0e:57:cf:07:c1:a4:08:be:
                    20:4f:2c:de:79:21:ee:a5:e4:e4:8f:2f:af:7e:1e:
                    6a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                A0:B8:DB:05:61:AD:9C:4C:18:1B:80:72:E6:95:F9:CA:FB:9A:30:23
            X509v3 Authority Key Identifier: 
                keyid:C6:39:76:B4:B9:B2:AC:90:0B:24:FF:41:E6:4E:45:5E:0F:1C:E7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xjl2tLmyrJALJP9B5k5FXg8c5yU.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/563b00-4c84-465a-b6f7-e29a252460cd/1/oLjbBWGtnEwYG4By5pX5yvuaMCM.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/563b00-4c84-465a-b6f7-e29a252460cd/1/xjl2tLmyrJALJP9B5k5FXg8c5yU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a6:a2:9a:ec:dd:0c:6b:d6:92:fa:dc:c8:61:fd:5c:cf:82:
         7d:50:bb:3e:64:9b:68:af:67:f2:bd:f2:71:af:3f:20:00:f7:
         61:78:a5:bb:e3:75:a2:42:b0:9d:8b:dd:af:ae:42:56:9b:9b:
         0c:ec:e0:50:fc:35:be:e0:6d:e1:8e:fb:a8:04:08:34:75:b5:
         d7:ca:cc:8c:94:81:24:4b:82:17:9b:78:1a:72:fe:04:91:7e:
         73:eb:25:1d:2e:6e:bd:13:cd:98:45:54:8a:b4:dd:dd:53:92:
         e4:d4:6f:d5:27:e2:b9:6c:c2:68:88:9d:c1:6d:85:46:17:d3:
         cc:7b:79:8b:30:d9:ad:29:e1:8e:b1:14:c3:ec:1c:1f:92:92:
         b5:55:4c:2e:c3:5e:2c:a7:16:d8:d7:e4:cf:af:70:4a:16:48:
         bd:12:d0:37:28:67:83:e4:19:fa:a1:29:5a:b4:56:83:7c:2e:
         22:0b:cb:06:8f:d5:83:5e:c2:5c:2d:ff:56:35:ae:dd:1a:77:
         07:0b:bc:4d:ab:f5:59:b5:d7:86:47:c0:05:a7:56:e8:25:e2:
         cd:9e:93:e0:5e:79:d0:3b:cb:b2:fe:e1:a0:b2:b5:fe:c9:9e:
         e2:3a:94:8a:d8:53:1d:d4:d4:f8:72:03:41:5c:c0:0d:6a:6f:
         09:c3:35:b1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAJ7ZoTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NjM5NzZiNGI5YjJhYzkwMGIyNGZmNDFlNjRlNDU1ZTBmMWNlNzI1MB4XDTIyMDEw
MTAxNTkyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTBiOGRiMDU2MWFk
OWM0YzE4MWI4MDcyZTY5NWY5Y2FmYjlhMzAyMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANYKJKMa52A4ICcZvlIQlN+rCqtM0lQ+7jxH9Sp6XxjDFJuA
KY6hwcE2+mwgzNoycgLAzlRZ9HpoyecUqVZlKlSYAVdu7vvcC6qz6fZDmtJxFqhd
syp967TWbhAdjlQuG2SiyjGJjSnTjqiueT7F5Qh4j0kceVLVueZSob7rDXlXA9yG
m8UbHtzqrABVzIuMa0YN9IR1KatZHQGbUn1peDKA+3RZKaTR/YBhD5GR0uigfACJ
YPFP4uLFSUeQ4+gcv33jFlD6vEkvXHHs9RLblY4j+LekoSeI8ofqcsuZFp/DFpgy
wAgGKA5XzwfBpAi+IE8s3nkh7qXk5I8vr34earkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSguNsFYa2cTBgbgHLmlfnK+5owIzAfBgNVHSMEGDAWgBTGOXa0ubKskAsk
/0HmTkVeDxznJTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hqbDJ0TG15ckpBTEpQOUI1azVGWGc4YzV5VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzgvNTYzYjAwLTRjODQtNDY1YS1iNmY3LWUyOWEyNTI0NjBjZC8x
L29MamJCV0d0bkV3WUc0Qnk1cFg1eXZ1YU1DTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgv
NTYzYjAwLTRjODQtNDY1YS1iNmY3LWUyOWEyNTI0NjBjZC8xL3hqbDJ0TG15ckpB
TEpQOUI1azVGWGc4YzV5VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1rlzANBgkqhkiG9w0BAQsFAAOC
AQEAaaaimuzdDGvWkvrcyGH9XM+CfVC7PmSbaK9n8r3yca8/IAD3YXilu+N1okKw
nYvdr65CVpubDOzgUPw1vuBt4Y77qAQINHW118rMjJSBJEuCF5t4GnL+BJF+c+sl
HS5uvRPNmEVUirTd3VOS5NRv1SfiuWzCaIidwW2FRhfTzHt5izDZrSnhjrEUw+wc
H5KStVVMLsNeLKcW2Nfkz69wShZIvRLQNyhng+QZ+qEpWrRWg3wuIgvLBo/Vg17C
XC3/VjWu3Rp3Bwu8Tav1WbXXhkfABadW6CXizZ6T4F550DvLsv7hoLK1/sme4jqU
ithTHdTU+HIDQVzADWpvCcM1sQ==
-----END CERTIFICATE-----
Generated at Fri Dec 2 13:34:06 2022 by rpki-client.