Route Origin Authorization

$ cd rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/

$ rpki-client -vvf jwK40KIn00c3TbbgcbksaBXnBl8.roa
File:                     jwK40KIn00c3TbbgcbksaBXnBl8.roa (download)
Hash identifier:          HDEW2r/vi4lVlhW2tBfr93W3QW4TivL3WTIIT4x+sFM=
Subject key identifier:   8F:02:B8:D0:A2:27:D3:47:37:4D:B6:E0:71:B9:2C:68:15:E7:06:5F
Certificate issuer:       /CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
Certificate serial:       0182C20F4143786A8D406BE9F534AEC4B8A6
Authority key identifier: 62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/jwK40KIn00c3TbbgcbksaBXnBl8.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 2a09:9f41::/32 maxlen: 32
    2: 2a0f:304::/32 maxlen: 32

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c2:0f:41:43:78:6a:8d:40:6b:e9:f5:34:ae:c4:b8:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
        Validity
            Not Before: Aug 21 20:19:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8f02b8d0a227d347374db6e071b92c6815e7065f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:18:0c:08:8f:f9:9b:a9:7e:94:9e:c4:3b:71:
                    33:07:55:9c:9f:39:44:54:59:d3:86:29:c8:19:0d:
                    2d:71:83:bd:e6:06:dd:51:06:15:0b:92:26:0b:6e:
                    eb:79:aa:77:3d:11:5c:d0:b1:88:02:62:ad:03:fe:
                    da:41:0e:71:2b:7a:0e:5a:65:84:3a:6d:6e:09:35:
                    de:31:2e:a7:16:48:3d:3e:18:25:5a:80:e6:dd:26:
                    0e:82:86:27:ef:1a:bc:31:33:4f:8c:6e:14:ee:7d:
                    65:22:fe:c8:a8:6e:a2:35:ec:0a:44:dd:bd:3a:07:
                    47:52:a4:e8:d6:b0:16:7d:cf:cc:bc:a2:bf:2c:18:
                    1e:95:45:73:1d:93:b5:12:54:15:42:0b:2d:05:d0:
                    3b:4b:0c:69:89:c2:a6:b8:ac:62:23:bf:28:fa:f9:
                    52:da:e4:31:ca:dd:40:b0:e2:06:ff:1a:09:95:af:
                    18:5a:fb:43:74:be:f8:58:2e:37:91:dc:d1:b0:34:
                    6a:21:26:71:84:4a:d3:f8:86:ca:0c:87:4d:12:6b:
                    2c:2c:7a:c3:bf:01:b1:b9:b1:0f:0a:db:92:15:c8:
                    cf:aa:5d:15:b7:e0:8f:16:bb:ce:8a:92:ed:b3:04:
                    bc:8d:f9:85:7a:b6:08:2e:c2:05:f2:de:2c:0f:1c:
                    5c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                8F:02:B8:D0:A2:27:D3:47:37:4D:B6:E0:71:B9:2C:68:15:E7:06:5F
            X509v3 Authority Key Identifier: 
                keyid:62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/jwK40KIn00c3TbbgcbksaBXnBl8.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:9f41::/32
                  2a0f:304::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:19:1f:9d:47:60:9d:e5:c3:f6:49:5d:a0:bc:c6:ba:6f:a4:
         88:37:96:ac:c7:fc:8c:99:24:c1:3b:7f:1c:17:c0:30:6a:b4:
         79:04:fa:ff:6c:fc:58:08:09:1e:35:d1:60:a3:37:a8:07:e7:
         f6:26:84:07:de:3a:86:28:c1:ca:b6:d6:77:72:38:4b:0a:c9:
         38:be:af:1e:c7:4a:2a:92:5c:f3:9e:65:92:3e:97:89:f9:0f:
         ff:5d:ca:8d:02:b4:f0:50:de:e7:17:2c:93:b7:5d:3f:92:44:
         01:43:cc:6f:a8:52:ef:32:4f:8b:cd:7a:18:cd:6e:90:0f:9f:
         94:e0:51:06:e2:79:74:c6:cf:ae:b4:d4:65:36:52:4e:08:a1:
         52:af:4c:96:27:02:d4:bc:d7:1b:f6:9e:bf:01:7a:0e:15:2a:
         2b:5a:89:4f:43:d0:cc:1b:07:db:46:04:79:60:c8:a6:ac:93:
         f1:5c:60:73:bd:1c:df:72:88:24:80:24:9e:34:2a:81:ec:1f:
         72:62:9c:50:87:19:5a:b1:9e:bf:1b:ad:06:2e:a9:83:06:b3:
         0e:c9:31:dd:fb:89:40:3e:a3:4b:d2:2e:3d:9e:0d:4f:16:43:
         76:13:ff:54:8a:53:a3:4a:e3:03:12:5f:e5:79:96:7c:9c:de:
         eb:9f:99:3f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYLCD0FDeGqNQGvp9TSuxLimMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYmVjYzRiYThhNGQ1MjQ5OGEwZDI5ODNhNjhiNjEzODNh
YTdmZDcwHhcNMjIwODIxMjAxOTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjAyYjhkMGEyMjdkMzQ3Mzc0ZGI2ZTA3MWI5MmM2ODE1ZTcwNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hgMCI/5m6l+lJ7EO3EzB1WcnzlE
VFnThinIGQ0tcYO95gbdUQYVC5ImC27reap3PRFc0LGIAmKtA/7aQQ5xK3oOWmWE
Om1uCTXeMS6nFkg9PhglWoDm3SYOgoYn7xq8MTNPjG4U7n1lIv7IqG6iNewKRN29
OgdHUqTo1rAWfc/MvKK/LBgelUVzHZO1ElQVQgstBdA7SwxpicKmuKxiI78o+vlS
2uQxyt1AsOIG/xoJla8YWvtDdL74WC43kdzRsDRqISZxhErT+IbKDIdNEmssLHrD
vwGxubEPCtuSFcjPql0Vt+CPFrvOipLtswS8jfmFerYILsIF8t4sDxxcVwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI8CuNCiJ9NHN0224HG5LGgV5wZfMB8GA1UdIwQY
MBaAFGK+zEuopNUkmKDSmDpothODqn/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXI3TVM2aWsxU1NZb05LWU9taTJFNE9xZjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85YzQ5M2ItNDE3Yi00YWY2LTlmNDMt
MmZmMTRjMjE4NzE5LzEvandLNDBLSW4wMGMzVGJiZ2Nia3NhQlhuQmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85YzQ5M2ItNDE3Yi00YWY2LTlmNDMtMmZmMTRjMjE4NzE5
LzEvWXI3TVM2aWsxU1NZb05LWU9taTJFNE9xZjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgmfQQMF
ACoPAwQwDQYJKoZIhvcNAQELBQADggEBAFEZH51HYJ3lw/ZJXaC8xrpvpIg3lqzH
/IyZJME7fxwXwDBqtHkE+v9s/FgICR410WCjN6gH5/YmhAfeOoYowcq21ndyOEsK
yTi+rx7HSiqSXPOeZZI+l4n5D/9dyo0CtPBQ3ucXLJO3XT+SRAFDzG+oUu8yT4vN
ehjNbpAPn5TgUQbieXTGz6601GU2Uk4IoVKvTJYnAtS81xv2nr8Beg4VKitaiU9D
0MwbB9tGBHlgyKask/FcYHO9HN9yiCSAJJ40KoHsH3JinFCHGVqxnr8brQYuqYMG
sw7JMd37iUA+o0vSLj2eDU8WQ3YT/1SKU6NK4wMSX+V5lnyc3uufmT8=
-----END CERTIFICATE-----
Generated at Fri Dec 2 11:51:15 2022 by rpki-client.