Route Origin Authorization

$ cd rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/

$ rpki-client -vvf dfqIqrGV-ZlFGzdnbrgwMYMMiQY.roa
File:                     dfqIqrGV-ZlFGzdnbrgwMYMMiQY.roa (download)
Hash identifier:          YlcNOd6iAa1nsCd6+6l5cfDimjcz96yv4wOim7eSx4I=
Subject key identifier:   75:FA:88:AA:B1:95:F9:99:45:1B:37:67:6E:B8:30:31:83:0C:89:06
Certificate issuer:       /CN=36b55fb34d29f962545132a025b52644fdffbf6f
Certificate serial:       02D9FB73
Authority key identifier: 36:B5:5F:B3:4D:29:F9:62:54:51:32:A0:25:B5:26:44:FD:FF:BF:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NrVfs00p-WJUUTKgJbUmRP3_v28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/dfqIqrGV-ZlFGzdnbrgwMYMMiQY.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     20473
IP address blocks:
    1: 185.206.123.0/24 maxlen: 24
    2: 2a10:ca00:4::/48 maxlen: 48
    3: 2a10:ca00:2::/48 maxlen: 48
    4: 2a10:ca00:3::/48 maxlen: 48
    5: 2a10:ca00:1::/48 maxlen: 48

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 47840115 (0x2d9fb73)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36b55fb34d29f962545132a025b52644fdffbf6f
        Validity
            Not Before: Jan  1 04:59:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=75fa88aab195f999451b37676eb83031830c8906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cc:1a:06:c0:1c:79:b5:a3:69:92:ae:d6:61:
                    15:4d:1c:a1:d4:72:da:7e:d0:37:8a:cd:9e:cf:15:
                    56:18:eb:c1:cb:1e:70:86:e8:60:46:1b:7f:8a:38:
                    f7:f4:8d:e5:a2:a2:54:d6:13:db:08:e6:1a:54:90:
                    26:f7:71:d0:d1:41:26:0b:25:d8:fb:eb:d3:01:51:
                    5c:2d:6e:af:21:53:8e:ed:fa:d1:a2:f4:83:dd:b9:
                    a1:d5:4b:e3:8f:0c:52:55:ae:4c:f4:db:a8:0c:5c:
                    f7:68:1f:b8:dd:8b:84:f4:9e:12:20:99:34:15:fa:
                    7a:63:fb:99:e3:21:af:c0:78:37:7b:45:25:5a:93:
                    6f:3c:03:fc:71:b2:5c:17:6d:8b:0a:fe:12:f3:3e:
                    67:c2:ef:4c:b0:35:8c:ae:b3:ac:7a:fe:75:5b:da:
                    d6:3a:38:2d:8b:ab:a5:70:f7:73:3e:3b:8a:77:3f:
                    02:10:42:64:a2:08:1c:b9:43:0c:ae:81:21:b4:ea:
                    73:a7:b3:eb:22:5c:b0:d2:a7:a4:64:0a:f1:14:c6:
                    ee:18:00:93:e4:d4:4d:c2:db:fb:32:a4:eb:17:36:
                    60:dc:81:19:6c:74:bd:f8:de:7d:38:ee:64:ec:5c:
                    ff:64:94:ae:29:cf:66:9d:0d:8b:e5:ce:30:8e:d2:
                    4d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                75:FA:88:AA:B1:95:F9:99:45:1B:37:67:6E:B8:30:31:83:0C:89:06
            X509v3 Authority Key Identifier: 
                keyid:36:B5:5F:B3:4D:29:F9:62:54:51:32:A0:25:B5:26:44:FD:FF:BF:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NrVfs00p-WJUUTKgJbUmRP3_v28.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/dfqIqrGV-ZlFGzdnbrgwMYMMiQY.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/NrVfs00p-WJUUTKgJbUmRP3_v28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.123.0/24
                IPv6:
                  2a10:ca00:1::-2a10:ca00:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         05:1f:b4:3f:ed:2f:9a:20:da:79:a3:aa:4e:fc:51:b8:cf:59:
         e4:a3:6e:ed:1c:db:66:60:f2:99:e9:96:b8:69:1e:ba:27:89:
         38:15:87:71:82:3b:89:bc:c6:fb:f4:39:5e:2f:0c:68:4b:e6:
         45:8c:9f:f7:e6:98:36:80:2f:74:80:ca:56:cc:17:99:46:dc:
         f0:6f:1b:4e:e5:13:d8:7c:22:60:f1:a9:1a:e6:48:5f:29:66:
         e7:c3:c0:3f:dc:1c:f3:2c:0c:be:c9:c2:1c:3a:14:b1:27:47:
         3c:f9:79:7b:b3:1e:55:6a:1f:1d:89:fb:80:1d:79:42:b3:b6:
         60:41:e2:ae:a4:52:10:0b:4d:ac:28:92:3a:5a:54:a7:de:5d:
         66:11:79:bc:fa:d8:1a:5e:b4:64:fd:38:81:9f:5e:f5:7d:5c:
         98:fa:f7:46:5b:b9:a9:be:6f:d4:42:e5:47:33:13:88:2c:0d:
         cb:cd:6d:49:32:bc:ec:bd:a1:5d:77:21:73:80:70:4f:4d:af:
         d4:17:9a:e0:19:c5:5c:e3:db:f3:19:d5:97:80:c7:f8:1b:f1:
         37:2e:0d:cf:0b:49:96:63:25:33:d0:24:48:32:58:85:26:d7:
         0a:1e:82:a5:86:5a:ab:21:86:3a:01:4c:98:e4:b3:9f:a6:24:
         c4:f2:6f:ab
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEAtn7czANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmI1NWZiMzRkMjlmOTYyNTQ1MTMyYTAyNWI1MjY0NGZkZmZiZjZmMB4XDTIyMDEw
MTA0NTkxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzVmYTg4YWFiMTk1
Zjk5OTQ1MWIzNzY3NmViODMwMzE4MzBjODkwNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMLMGgbAHHm1o2mSrtZhFU0codRy2n7QN4rNns8VVhjrwcse
cIboYEYbf4o49/SN5aKiVNYT2wjmGlSQJvdx0NFBJgsl2Pvr0wFRXC1uryFTju36
0aL0g925odVL448MUlWuTPTbqAxc92gfuN2LhPSeEiCZNBX6emP7meMhr8B4N3tF
JVqTbzwD/HGyXBdtiwr+EvM+Z8LvTLA1jK6zrHr+dVva1jo4LYurpXD3cz47inc/
AhBCZKIIHLlDDK6BIbTqc6ez6yJcsNKnpGQK8RTG7hgAk+TUTcLb+zKk6xc2YNyB
GWx0vfjefTjuZOxc/2SUrinPZp0Ni+XOMI7STWECAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBR1+oiqsZX5mUUbN2duuDAxgwyJBjAfBgNVHSMEGDAWgBQ2tV+zTSn5YlRR
MqAltSZE/f+/bzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05yVmZzMDBwLVdKVVVUS2dKYlVtUlAzX3YyOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWMvMmJmMDBiLWJmYmMtNGY2Yi1hMTNlLWYxMGY3M2E5ZWNiMy8x
L2RmcUlxckdWLVpsRkd6ZG5icmd3TVlNTWlRWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWMv
MmJmMDBiLWJmYmMtNGY2Yi1hMTNlLWYxMGY3M2E5ZWNiMy8xL05yVmZzMDBwLVdK
VVVUS2dKYlVtUlAzX3YyOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowDAQCAAEwBgMEALnOezAaBAIAAjAUMBIDBwAqEMoA
AAEDBwAqEMoAAAQwDQYJKoZIhvcNAQELBQADggEBAAUftD/tL5og2nmjqk78UbjP
WeSjbu0c22Zg8pnplrhpHroniTgVh3GCO4m8xvv0OV4vDGhL5kWMn/fmmDaAL3SA
ylbMF5lG3PBvG07lE9h8ImDxqRrmSF8pZufDwD/cHPMsDL7Jwhw6FLEnRzz5eXuz
HlVqHx2J+4AdeUKztmBB4q6kUhALTawokjpaVKfeXWYRebz62BpetGT9OIGfXvV9
XJj690Zbuam+b9RC5UczE4gsDcvNbUkyvOy9oV13IXOAcE9Nr9QXmuAZxVzj2/MZ
1ZeAx/gb8TcuDc8LSZZjJTPQJEgyWIUm1woegqWGWqshhjoBTJjks5+mJMTyb6s=
-----END CERTIFICATE-----
Generated at Sat Dec 3 18:40:32 2022 by rpki-client.