Route Origin Authorization

$ cd rpki.ripe.net/repository/DEFAULT/76/97d5c7-935c-41da-9991-cd4b2a1d79aa/1/

$ rpki-client -vvf bcMNTj8pnNX5KJmyJOS10pmBu_Y.roa
File:                     bcMNTj8pnNX5KJmyJOS10pmBu_Y.roa (download)
Hash identifier:          fxvhFlj/RkZ5pdTlc9ImKMQi8NjXvgX0m7oWHCrytSo=
Subject key identifier:   6D:C3:0D:4E:3F:29:9C:D5:F9:28:99:B2:24:E4:B5:D2:99:81:BB:F6
Certificate issuer:       /CN=29a79f3c68bff45d216032f99272908f4eb8ec60
Certificate serial:       A6A420
Authority key identifier: 29:A7:9F:3C:68:BF:F4:5D:21:60:32:F9:92:72:90:8F:4E:B8:EC:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KaefPGi_9F0hYDL5knKQj0647GA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/97d5c7-935c-41da-9991-cd4b2a1d79aa/1/bcMNTj8pnNX5KJmyJOS10pmBu_Y.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 91.246.57.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10920992 (0xa6a420)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a79f3c68bff45d216032f99272908f4eb8ec60
        Validity
            Not Before: Jan  1 06:53:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6dc30d4e3f299cd5f92899b224e4b5d29981bbf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:69:e9:b3:17:52:44:fc:44:27:ff:16:a5:68:
                    31:d8:3e:7a:a9:43:51:b3:71:10:0e:38:ae:21:8f:
                    b8:92:2e:c7:0e:b2:06:f0:6e:a1:05:0e:2c:2f:2e:
                    4e:08:c0:51:d0:2a:cf:af:10:50:9a:26:59:5e:55:
                    d4:52:ac:90:a7:5f:db:db:25:63:ea:e2:59:57:1a:
                    05:d0:4b:6e:13:08:4c:9b:17:fc:a5:2e:5d:ca:6b:
                    35:39:d3:8e:72:4a:38:9f:9d:09:9a:c4:ff:c0:42:
                    e9:9f:d4:69:c6:07:b1:83:4b:67:f8:5f:69:cd:26:
                    ce:79:f0:9a:bf:89:45:4d:6d:e8:16:5d:41:04:fc:
                    67:23:13:cf:7e:60:f4:17:0e:62:9e:37:95:65:7f:
                    8e:7c:a4:a7:6d:ca:e2:b1:6d:5c:b7:2e:c1:7a:85:
                    43:4f:41:4a:b8:61:37:cb:cb:62:7a:5f:e3:d5:d8:
                    89:a7:37:5c:92:fc:5c:8b:c0:4d:d4:bc:c6:01:8e:
                    a6:ad:72:bf:31:d5:8f:b6:88:c1:8f:0f:99:a2:4f:
                    f8:ec:cc:1a:6a:5c:d3:03:78:41:47:b4:c8:42:f5:
                    0f:aa:30:85:d7:00:bd:48:cd:d0:e0:5a:c4:91:d8:
                    64:3d:de:6f:93:da:b6:a3:3f:45:4f:22:38:c2:c1:
                    9e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                6D:C3:0D:4E:3F:29:9C:D5:F9:28:99:B2:24:E4:B5:D2:99:81:BB:F6
            X509v3 Authority Key Identifier: 
                keyid:29:A7:9F:3C:68:BF:F4:5D:21:60:32:F9:92:72:90:8F:4E:B8:EC:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KaefPGi_9F0hYDL5knKQj0647GA.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/97d5c7-935c-41da-9991-cd4b2a1d79aa/1/bcMNTj8pnNX5KJmyJOS10pmBu_Y.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/97d5c7-935c-41da-9991-cd4b2a1d79aa/1/KaefPGi_9F0hYDL5knKQj0647GA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:5a:a8:39:62:3e:36:c4:dc:b0:d7:c6:20:01:87:66:e1:b6:
         7c:7a:45:fd:e7:4b:f4:5c:0b:cd:e9:5b:6a:17:36:67:a5:19:
         c2:66:28:b9:8d:42:6b:62:0d:13:1c:82:aa:f8:58:54:ed:38:
         52:65:c9:af:32:85:29:6d:46:cf:77:92:24:46:77:27:38:ee:
         e6:1c:1f:08:25:1b:ed:07:5d:34:f4:10:85:93:a5:44:43:ec:
         bc:00:1d:26:e6:c4:21:b4:fd:db:e0:6f:5c:9c:80:f3:55:f2:
         ca:25:f4:00:2d:ac:c8:38:90:27:27:a9:40:81:88:14:a6:ec:
         65:e1:cf:e8:7f:4d:9a:31:da:5b:c5:86:4c:d3:27:97:63:c0:
         bd:50:83:80:38:31:3e:37:0f:2e:da:23:77:d4:84:c3:81:1a:
         2b:f4:25:11:8f:b8:94:b7:ae:7d:e1:62:db:35:74:78:5f:cd:
         c9:de:98:fe:c6:16:f1:6e:72:7a:e0:69:0b:8a:dd:94:ef:f9:
         34:51:7f:27:d4:cf:aa:fc:40:c3:b1:02:90:61:bb:f3:f5:e9:
         cb:f0:e4:d9:3b:6d:d8:7e:cc:bf:ab:4d:99:71:ef:09:94:af:
         c8:c1:91:8c:2c:d7:e7:e5:9d:71:31:ec:fc:6d:6f:26:6b:d8:
         99:1d:cd:f1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAKakIDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
OWE3OWYzYzY4YmZmNDVkMjE2MDMyZjk5MjcyOTA4ZjRlYjhlYzYwMB4XDTIyMDEw
MTA2NTM1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmRjMzBkNGUzZjI5
OWNkNWY5Mjg5OWIyMjRlNGI1ZDI5OTgxYmJmNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJFp6bMXUkT8RCf/FqVoMdg+eqlDUbNxEA44riGPuJIuxw6y
BvBuoQUOLC8uTgjAUdAqz68QUJomWV5V1FKskKdf29slY+riWVcaBdBLbhMITJsX
/KUuXcprNTnTjnJKOJ+dCZrE/8BC6Z/UacYHsYNLZ/hfac0mznnwmr+JRU1t6BZd
QQT8ZyMTz35g9BcOYp43lWV/jnykp23K4rFtXLcuwXqFQ09BSrhhN8vLYnpf49XY
iac3XJL8XIvATdS8xgGOpq1yvzHVj7aIwY8PmaJP+OzMGmpc0wN4QUe0yEL1D6ow
hdcAvUjN0OBaxJHYZD3eb5PatqM/RU8iOMLBnp8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRtww1OPymc1fkombIk5LXSmYG79jAfBgNVHSMEGDAWgBQpp588aL/0XSFg
MvmScpCPTrjsYDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0thZWZQR2lfOUYwaFlETDVrbktRajA2NDdHQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzYvOTdkNWM3LTkzNWMtNDFkYS05OTkxLWNkNGIyYTFkNzlhYS8x
L2JjTU5Uajhwbk5YNUtKbXlKT1MxMHBtQnVfWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYv
OTdkNWM3LTkzNWMtNDFkYS05OTkxLWNkNGIyYTFkNzlhYS8xL0thZWZQR2lfOUYw
aFlETDVrbktRajA2NDdHQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFv2OTANBgkqhkiG9w0BAQsFAAOC
AQEAaVqoOWI+NsTcsNfGIAGHZuG2fHpF/edL9FwLzelbahc2Z6UZwmYouY1Ca2IN
ExyCqvhYVO04UmXJrzKFKW1Gz3eSJEZ3Jzju5hwfCCUb7QddNPQQhZOlREPsvAAd
JubEIbT92+BvXJyA81XyyiX0AC2syDiQJyepQIGIFKbsZeHP6H9NmjHaW8WGTNMn
l2PAvVCDgDgxPjcPLtojd9SEw4EaK/QlEY+4lLeufeFi2zV0eF/Nyd6Y/sYW8W5y
euBpC4rdlO/5NFF/J9TPqvxAw7ECkGG78/Xpy/Dk2Ttt2H7Mv6tNmXHvCZSvyMGR
jCzX5+WdcTHs/G1vJmvYmR3N8Q==
-----END CERTIFICATE-----
Generated at Fri Dec 2 13:00:27 2022 by rpki-client.