Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/2Ir_OkUQT4RE0RBm1ebB0XQDk5I.roa
File:                     2Ir_OkUQT4RE0RBm1ebB0XQDk5I.roa (download)
Hash identifier:          rJk8aZVsed/uJr0hCCin3uyE1WKuoqk9clUmvz6r++8=
Subject key identifier:   D8:8A:FF:3A:45:10:4F:84:44:D1:10:66:D5:E6:C1:D1:74:03:93:92
Certificate issuer:       /CN=0232a4bfb7796405a556b759f1d193e4c4d37129
Certificate serial:       11DB2E1E
Authority key identifier: 02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/2Ir_OkUQT4RE0RBm1ebB0XQDk5I.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     20473
IP address blocks:
    1: 217.163.11.0/24 maxlen: 24
    2: 217.163.10.0/24 maxlen: 24
    3: 217.163.23.0/24 maxlen: 24
    4: 217.163.24.0/22 maxlen: 24
    5: 217.163.30.0/24 maxlen: 24
    6: 217.163.28.0/23 maxlen: 24
    7: 217.163.31.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 299576862 (0x11db2e1e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0232a4bfb7796405a556b759f1d193e4c4d37129
        Validity
            Not Before: Jan  1 09:59:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d88aff3a45104f8444d11066d5e6c1d174039392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e2:4f:58:b3:83:5f:a2:0e:21:51:d3:6b:04:
                    11:85:60:37:2c:aa:73:b6:71:ab:e2:c8:90:9b:99:
                    09:db:0b:e7:08:c9:30:fc:b9:9b:e4:c3:57:19:d5:
                    87:46:ed:f6:e9:fa:40:be:15:9a:1e:0b:67:21:30:
                    85:bd:d9:e2:1a:e9:3c:60:15:c2:a4:fe:b2:0c:ff:
                    c8:2c:1b:b2:7a:49:02:f9:f5:ea:49:08:a8:27:d8:
                    15:8b:94:e8:a2:c6:ef:c8:cd:ac:53:e3:cb:4c:fe:
                    c2:8a:01:2e:b3:9a:52:5a:bb:2e:98:a8:9b:77:07:
                    6e:4f:6e:7a:1b:2f:71:6c:37:84:29:86:34:a9:73:
                    8a:98:65:a6:2a:94:c9:8f:f6:fe:e5:0e:3f:af:ef:
                    f4:8c:70:2a:ae:7a:d5:6c:89:a6:1d:e0:39:19:69:
                    88:f7:16:20:8b:9d:43:bc:74:09:6e:16:57:d6:a9:
                    77:e9:d2:7f:a6:35:78:af:71:5a:28:50:96:17:c7:
                    23:8a:28:94:f0:49:bf:fa:02:77:cd:91:6d:ee:c4:
                    17:bb:96:e2:97:dc:82:f6:f6:68:ec:17:6f:ca:83:
                    a7:b3:c3:6c:63:39:a9:b8:11:37:93:5f:83:db:f3:
                    67:5a:bb:c9:18:d6:7b:f5:11:17:63:49:e1:8a:9f:
                    12:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D8:8A:FF:3A:45:10:4F:84:44:D1:10:66:D5:E6:C1:D1:74:03:93:92
            X509v3 Authority Key Identifier: 
                keyid:02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/2Ir_OkUQT4RE0RBm1ebB0XQDk5I.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.163.10.0/23
                  217.163.23.0-217.163.31.255

    Signature Algorithm: sha256WithRSAEncryption
         79:78:33:19:d2:f0:1c:98:b0:52:5c:3c:c7:c2:1a:8c:0e:fc:
         5e:7e:06:1a:ed:4a:ce:10:cc:d0:49:d1:3b:cf:7f:83:28:55:
         6f:01:7e:be:4f:d3:62:e2:e8:03:62:8b:10:36:0c:b1:f6:15:
         e2:bb:b3:c1:b3:8a:ed:12:b0:b5:e5:fa:52:43:32:c9:1c:dd:
         ea:74:20:a6:4b:94:3e:f5:16:a7:c4:4d:e4:0e:71:46:e3:4c:
         ec:09:7b:0e:58:60:27:55:2a:26:e1:86:47:05:cf:1c:78:4b:
         31:bd:c0:06:83:32:b0:04:55:04:1e:31:55:b2:41:0d:dc:55:
         0e:7f:b4:a4:43:1a:33:7f:16:46:3b:8e:83:77:0c:c1:42:0a:
         b3:03:3a:6a:72:f8:c7:4d:74:17:a8:80:e0:24:d1:68:88:d6:
         d4:63:bc:e1:b7:48:c5:47:18:42:7a:db:87:11:89:88:73:4c:
         d9:c9:e6:f4:e2:4c:c0:51:d1:b2:c7:1a:b3:ce:73:90:0b:a3:
         4d:cb:ba:33:93:aa:d7:ed:6f:fb:94:eb:c3:59:6d:2d:b3:b9:
         94:43:65:7a:4d:20:5f:c3:00:20:86:4c:b4:9c:13:a6:5e:1d:
         ff:55:b1:e7:5f:78:3a:b8:19:dd:a8:2a:55:81:41:f7:10:72:
         52:e3:f9:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIEEdsuHjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MjMyYTRiZmI3Nzk2NDA1YTU1NmI3NTlmMWQxOTNlNGM0ZDM3MTI5MB4XDTIyMDEw
MTA5NTkxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDg4YWZmM2E0NTEw
NGY4NDQ0ZDExMDY2ZDVlNmMxZDE3NDAzOTM5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMXiT1izg1+iDiFR02sEEYVgNyyqc7Zxq+LIkJuZCdsL5wjJ
MPy5m+TDVxnVh0bt9un6QL4Vmh4LZyEwhb3Z4hrpPGAVwqT+sgz/yCwbsnpJAvn1
6kkIqCfYFYuU6KLG78jNrFPjy0z+wooBLrOaUlq7Lpiom3cHbk9uehsvcWw3hCmG
NKlziphlpiqUyY/2/uUOP6/v9IxwKq561WyJph3gORlpiPcWIIudQ7x0CW4WV9ap
d+nSf6Y1eK9xWihQlhfHI4oolPBJv/oCd82Rbe7EF7uW4pfcgvb2aOwXb8qDp7PD
bGM5qbgRN5Nfg9vzZ1q7yRjWe/URF2NJ4YqfErECAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBTYiv86RRBPhETREGbV5sHRdAOTkjAfBgNVHSMEGDAWgBQCMqS/t3lkBaVW
t1nx0ZPkxNNxKTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FqS2t2N2Q1WkFXbFZyZFo4ZEdUNU1UVGNTay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODEvYTdjZTdhLTg0NDMtNDZlYi04Y2JhLTNiYjRkNjIwMDUxOC8x
LzJJcl9Pa1VRVDRSRTBSQm0xZWJCMFhRRGs1SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEv
YTdjZTdhLTg0NDMtNDZlYi04Y2JhLTNiYjRkNjIwMDUxOC8xL0FqS2t2N2Q1WkFX
bFZyZFo4ZEdUNU1UVGNTay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEAdmjCjAMAwQA2aMXAwQF2aMAMA0G
CSqGSIb3DQEBCwUAA4IBAQB5eDMZ0vAcmLBSXDzHwhqMDvxefgYa7UrOEMzQSdE7
z3+DKFVvAX6+T9Ni4ugDYosQNgyx9hXiu7PBs4rtErC15fpSQzLJHN3qdCCmS5Q+
9RanxE3kDnFG40zsCXsOWGAnVSom4YZHBc8ceEsxvcAGgzKwBFUEHjFVskEN3FUO
f7SkQxozfxZGO46DdwzBQgqzAzpqcvjHTXQXqIDgJNFoiNbUY7zht0jFRxhCetuH
EYmIc0zZyeb04kzAUdGyxxqzznOQC6NNy7ozk6rX7W/7lOvDWW0ts7mUQ2V6TSBf
wwAghky0nBOmXh3/VbHnX3g6uBndqCpVgUH3EHJS4/mq
-----END CERTIFICATE-----
Generated at Fri Dec 9 02:18:44 2022 by rpki-client.