Route Origin Authorization

$ cd rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/

$ rpki-client -vvf nAyZzBB_MnMLQSHrtSKRUn4Oq2k.roa
File:                     nAyZzBB_MnMLQSHrtSKRUn4Oq2k.roa (download)
Hash identifier:          EkMf8p6rsa1UP0zimXdAV8Qtrm4rTu98CyD4B4aPsU8=
Subject key identifier:   9C:0C:99:CC:10:7F:32:73:0B:41:21:EB:B5:22:91:52:7E:0E:AB:69
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0182817E7A76B8FF6D8F22D70F4E79C16446
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/nAyZzBB_MnMLQSHrtSKRUn4Oq2k.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 2a09:ff00:102::/48 maxlen: 48
    2: 2a0d:ecc0::/29 maxlen: 32

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:81:7e:7a:76:b8:ff:6d:8f:22:d7:0f:4e:79:c1:64:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Aug  9 07:25:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9c0c99cc107f32730b4121ebb52291527e0eab69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ce:66:d0:b1:46:7b:5d:3a:6a:6f:c3:1d:50:
                    1d:9f:81:89:60:a4:92:85:01:61:c1:78:5e:65:e5:
                    a4:66:b6:80:8d:60:62:ca:1c:b0:ab:9f:dd:68:58:
                    02:ed:b2:3b:de:bf:f6:ec:0f:9c:89:9d:d1:b0:df:
                    1a:93:42:83:cd:6a:f4:68:1d:c1:0c:a4:15:62:96:
                    8c:0c:f2:a9:7b:c0:87:ba:5e:1e:84:3d:c6:ec:47:
                    8b:4b:df:af:9d:9c:f6:c1:fc:a3:55:30:4f:f6:31:
                    4e:f7:03:17:4e:f4:07:f1:08:5e:72:11:2b:51:f7:
                    54:a7:25:f5:5b:68:eb:d6:51:9b:4e:15:68:a3:ce:
                    d3:a9:8a:b8:03:b4:58:29:2d:49:c2:be:46:f4:90:
                    df:b7:07:6c:7c:dc:31:ac:44:15:46:06:9c:97:e2:
                    50:99:1e:7d:07:03:ac:de:bc:a9:3d:8e:5d:10:04:
                    f5:d0:4b:43:b4:bf:a1:3b:2a:c2:87:09:1e:82:3a:
                    3e:9b:01:d1:cc:f6:bc:25:11:87:e7:12:1f:38:ae:
                    4b:c7:7b:86:ab:cc:a4:8b:51:42:7a:48:f5:41:ed:
                    76:4d:43:26:7b:ba:e0:50:50:cd:ce:06:b4:69:45:
                    f4:5b:c4:58:e5:dc:9d:16:f3:60:db:5b:4d:56:75:
                    f9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                9C:0C:99:CC:10:7F:32:73:0B:41:21:EB:B5:22:91:52:7E:0E:AB:69
            X509v3 Authority Key Identifier: 
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/nAyZzBB_MnMLQSHrtSKRUn4Oq2k.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:ff00:102::/48
                  2a0d:ecc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:23:45:c3:2d:c6:99:82:f0:45:5d:b0:dc:4f:a5:43:fc:d8:
         21:44:85:d1:25:47:4d:27:52:e2:b4:79:6b:cc:87:e5:f7:b5:
         00:db:ab:e4:21:2b:67:89:63:0c:b1:41:5b:9b:05:be:08:98:
         7d:5c:19:a1:cd:6b:9f:d0:b7:80:e5:58:e7:40:0c:c1:98:3f:
         84:26:4d:05:1e:13:9c:ed:d5:e5:19:80:d2:4f:d3:a2:32:6d:
         c3:16:89:a4:39:4f:74:c2:1b:61:b7:6a:81:30:94:ee:c9:b5:
         db:11:45:da:26:ea:88:74:fe:4f:9f:a5:dc:46:23:e8:a2:58:
         bd:79:96:34:f6:ef:fd:60:64:8a:66:b7:a6:f0:d3:e5:c3:00:
         08:cc:e2:73:6e:2c:d4:6b:73:3b:41:9c:0f:40:ea:78:67:68:
         3c:47:24:a4:0e:7a:ab:d8:98:6c:3f:39:28:ec:c0:c1:34:b7:
         23:34:79:10:a8:04:0e:47:fa:37:d8:32:82:ce:01:c5:ca:60:
         b0:d1:93:a2:83:91:a0:07:b3:75:92:99:34:ee:e9:a8:b3:2f:
         e5:8a:4e:d6:62:70:b6:d7:43:2b:7b:93:9f:3c:5d:03:44:ae:
         1b:d9:a1:11:e4:ae:87:86:11:83:54:96:89:3f:92:1a:56:4b:
         6f:11:4f:85
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYKBfnp2uP9tjyLXD055wWRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjIwODA5MDcyNTI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzBjOTljYzEwN2YzMjczMGI0MTIxZWJiNTIyOTE1MjdlMGVhYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1c5m0LFGe106am/DHVAdn4GJYKSS
hQFhwXheZeWkZraAjWBiyhywq5/daFgC7bI73r/27A+ciZ3RsN8ak0KDzWr0aB3B
DKQVYpaMDPKpe8CHul4ehD3G7EeLS9+vnZz2wfyjVTBP9jFO9wMXTvQH8QhechEr
UfdUpyX1W2jr1lGbThVoo87TqYq4A7RYKS1Jwr5G9JDftwdsfNwxrEQVRgacl+JQ
mR59BwOs3rypPY5dEAT10EtDtL+hOyrChwkegjo+mwHRzPa8JRGH5xIfOK5Lx3uG
q8yki1FCekj1Qe12TUMme7rgUFDNzga0aUX0W8RY5dydFvNg21tNVnX5KQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFJwMmcwQfzJzC0Eh67UikVJ+DqtpMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvbkF5WnpCQl9Nbk1MUVNIcnRTS1JVbjRPcTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAKgn/AAEC
AwUDKg3swDANBgkqhkiG9w0BAQsFAAOCAQEAGiNFwy3GmYLwRV2w3E+lQ/zYIUSF
0SVHTSdS4rR5a8yH5fe1ANur5CErZ4ljDLFBW5sFvgiYfVwZoc1rn9C3gOVY50AM
wZg/hCZNBR4TnO3V5RmA0k/TojJtwxaJpDlPdMIbYbdqgTCU7sm12xFF2ibqiHT+
T5+l3EYj6KJYvXmWNPbv/WBkima3pvDT5cMACMzic24s1GtzO0GcD0DqeGdoPEck
pA56q9iYbD85KOzAwTS3IzR5EKgEDkf6N9gygs4BxcpgsNGTooORoAezdZKZNO7p
qLMv5YpO1mJwttdDK3uTnzxdA0SuG9mhEeSuh4YRg1SWiT+SGlZLbxFPhQ==
-----END CERTIFICATE-----
Generated at Fri Dec 2 13:03:56 2022 by rpki-client.