Route Origin Authorization

$ cd rpki.ripe.net/repository/DEFAULT/3b/83d49c-1e18-43d3-8e3f-dc7a50e51b39/1/

$ rpki-client -vvf SHALZhDM12kjYLQma-oIJFwB-f8.roa
File:                     SHALZhDM12kjYLQma-oIJFwB-f8.roa (download)
Hash identifier:          gJvKCWmI/QD3PpKwx2P14HDfDhrU3q57GIu1U6ciY+c=
Subject key identifier:   48:70:0B:66:10:CC:D7:69:23:60:B4:26:6B:EA:08:24:5C:01:F9:FF
Certificate issuer:       /CN=7971511116a533bd6aaf4217d4dfc3f3e0cb4978
Certificate serial:       A9E678
Authority key identifier: 79:71:51:11:16:A5:33:BD:6A:AF:42:17:D4:DF:C3:F3:E0:CB:49:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXFRERalM71qr0IX1N_D8-DLSXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/83d49c-1e18-43d3-8e3f-dc7a50e51b39/1/SHALZhDM12kjYLQma-oIJFwB-f8.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 91.247.191.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11134584 (0xa9e678)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7971511116a533bd6aaf4217d4dfc3f3e0cb4978
        Validity
            Not Before: Jan  1 01:56:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=48700b6610ccd7692360b4266bea08245c01f9ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:72:bf:33:88:1a:f4:23:a8:ca:85:2e:9a:64:
                    1d:a1:c7:7e:95:72:f2:d3:d2:6e:80:b3:94:be:c2:
                    b1:ab:27:ad:6e:53:56:fb:39:a0:de:6f:bb:d2:bd:
                    9f:51:d5:bb:d2:e9:85:07:f1:e2:87:ab:58:cf:0e:
                    43:f6:ed:eb:79:23:6b:9a:11:20:fa:13:b9:00:7f:
                    80:ce:f7:31:c8:93:43:ec:ed:71:d3:74:ad:cd:92:
                    de:c1:95:3a:37:8b:5a:bb:05:cc:e7:60:3b:2e:39:
                    bf:91:08:8d:8f:7a:0a:6b:46:01:2d:1b:e8:9b:8d:
                    dc:00:f1:16:b9:a4:9b:36:25:b8:03:00:74:1a:19:
                    ff:19:b5:5b:56:da:61:24:2e:31:8f:a9:b7:cf:c9:
                    e6:54:aa:ca:fd:47:07:4f:4d:36:c7:54:0b:38:bd:
                    6b:e7:97:32:fb:cc:1d:53:ae:1a:30:13:2f:a0:32:
                    3a:60:ab:7d:8d:41:af:f8:98:64:0b:10:da:3f:32:
                    6b:ac:43:79:bb:1e:aa:74:c8:99:6d:45:5b:3e:a1:
                    0f:89:d7:9b:9a:27:5b:27:88:f6:02:1a:11:00:78:
                    e4:ce:8d:d9:86:45:59:93:b0:3d:d6:d4:6c:77:e4:
                    85:5b:39:f1:a2:0b:19:4f:bd:8b:dc:43:98:59:2e:
                    d5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                48:70:0B:66:10:CC:D7:69:23:60:B4:26:6B:EA:08:24:5C:01:F9:FF
            X509v3 Authority Key Identifier: 
                keyid:79:71:51:11:16:A5:33:BD:6A:AF:42:17:D4:DF:C3:F3:E0:CB:49:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXFRERalM71qr0IX1N_D8-DLSXg.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/83d49c-1e18-43d3-8e3f-dc7a50e51b39/1/SHALZhDM12kjYLQma-oIJFwB-f8.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/83d49c-1e18-43d3-8e3f-dc7a50e51b39/1/eXFRERalM71qr0IX1N_D8-DLSXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c3:ad:fc:d3:ff:6f:70:b1:19:c5:62:9c:01:26:94:b0:7c:
         38:fe:48:cd:a8:e1:38:78:8e:dd:29:49:80:ca:c9:8f:12:98:
         7a:3a:06:2d:86:fd:ba:d7:cf:5c:16:44:93:bc:d8:e9:71:23:
         ce:c3:29:6c:e4:0a:2a:80:eb:aa:3b:90:40:04:0a:a4:30:69:
         b2:8c:c0:f1:0d:25:24:e7:0e:f8:66:51:2f:36:18:02:61:7d:
         2d:fa:f3:be:36:b7:20:86:2c:d3:3d:c0:6e:4b:d3:96:86:0a:
         a0:95:84:8f:48:27:65:29:90:bb:74:d2:dd:87:a0:0b:d2:f7:
         0d:df:95:a7:d8:9f:97:f3:45:de:62:f8:c4:47:39:1d:ac:5b:
         0e:b7:17:8e:47:99:c2:88:aa:31:57:1e:93:e6:08:c6:24:e3:
         01:69:85:1c:3f:16:f7:84:ea:c5:be:8e:8b:9b:7a:5c:53:10:
         f1:47:3e:33:be:0d:e6:56:6c:88:8d:b0:16:fc:3e:3c:78:b8:
         28:b0:0a:00:7a:f7:22:01:c6:91:a6:1f:3e:70:76:18:99:18:
         d8:82:09:bd:41:e7:a0:4c:1c:24:9e:da:fb:e9:a7:61:d9:38:
         65:f8:b3:f1:54:49:a0:7b:5b:48:39:3c:c4:eb:db:04:2a:07:
         71:a1:76:32
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAKnmeDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
OTcxNTExMTE2YTUzM2JkNmFhZjQyMTdkNGRmYzNmM2UwY2I0OTc4MB4XDTIyMDEw
MTAxNTYxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDg3MDBiNjYxMGNj
ZDc2OTIzNjBiNDI2NmJlYTA4MjQ1YzAxZjlmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJVyvzOIGvQjqMqFLppkHaHHfpVy8tPSboCzlL7CsasnrW5T
Vvs5oN5vu9K9n1HVu9LphQfx4oerWM8OQ/bt63kja5oRIPoTuQB/gM73MciTQ+zt
cdN0rc2S3sGVOjeLWrsFzOdgOy45v5EIjY96CmtGAS0b6JuN3ADxFrmkmzYluAMA
dBoZ/xm1W1baYSQuMY+pt8/J5lSqyv1HB09NNsdUCzi9a+eXMvvMHVOuGjATL6Ay
OmCrfY1Br/iYZAsQ2j8ya6xDebseqnTImW1FWz6hD4nXm5onWyeI9gIaEQB45M6N
2YZFWZOwPdbUbHfkhVs58aILGU+9i9xDmFku1RcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRIcAtmEMzXaSNgtCZr6ggkXAH5/zAfBgNVHSMEGDAWgBR5cVERFqUzvWqv
QhfU38Pz4MtJeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2VYRlJFUmFsTTcxcXIwSVgxTl9EOC1ETFNYZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2IvODNkNDljLTFlMTgtNDNkMy04ZTNmLWRjN2E1MGU1MWIzOS8x
L1NIQUxaaERNMTJrallMUW1hLW9JSkZ3Qi1mOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Iv
ODNkNDljLTFlMTgtNDNkMy04ZTNmLWRjN2E1MGU1MWIzOS8xL2VYRlJFUmFsTTcx
cXIwSVgxTl9EOC1ETFNYZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFv3vzANBgkqhkiG9w0BAQsFAAOC
AQEAMsOt/NP/b3CxGcVinAEmlLB8OP5IzajhOHiO3SlJgMrJjxKYejoGLYb9utfP
XBZEk7zY6XEjzsMpbOQKKoDrqjuQQAQKpDBpsozA8Q0lJOcO+GZRLzYYAmF9Lfrz
vja3IIYs0z3AbkvTloYKoJWEj0gnZSmQu3TS3YegC9L3Dd+Vp9ifl/NF3mL4xEc5
HaxbDrcXjkeZwoiqMVcek+YIxiTjAWmFHD8W94Tqxb6Oi5t6XFMQ8Uc+M74N5lZs
iI2wFvw+PHi4KLAKAHr3IgHGkaYfPnB2GJkY2IIJvUHnoEwcJJ7a++mnYdk4Zfiz
8VRJoHtbSDk8xOvbBCoHcaF2Mg==
-----END CERTIFICATE-----
Generated at Fri Dec 2 12:24:40 2022 by rpki-client.