Route Origin Authorization

$ cd rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/

$ rpki-client -vvf DKrK8TWEgXAljE_gGM7toivwmUo.roa
File:                     DKrK8TWEgXAljE_gGM7toivwmUo.roa (download)
Hash identifier:          UbuNQQMLraTxndfEPdRjMZrveLPNHTGlGCEzs4xxoPs=
Subject key identifier:   0C:AA:CA:F1:35:84:81:70:25:8C:4F:E0:18:CE:ED:A2:2B:F0:99:4A
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       08626CDE
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/DKrK8TWEgXAljE_gGM7toivwmUo.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 192.144.52.0/22 maxlen: 24
    2: 193.187.168.0/22 maxlen: 24
    3: 193.9.36.0/22 maxlen: 24
    4: 185.161.252.0/22 maxlen: 24
    5: 193.9.40.0/22 maxlen: 24
    6: 185.220.28.0/22 maxlen: 24
    7: 45.83.112.0/22 maxlen: 24
    8: 194.39.68.0/22 maxlen: 24
    9: 185.181.56.0/22 maxlen: 24
   10: 80.254.236.0/22 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 140668126 (0x8626cde)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Jul  1 06:57:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0caacaf135848170258c4fe018ceeda22bf0994a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:eb:95:3c:46:e4:29:ad:b0:e8:5e:49:00:3d:
                    5b:3b:77:54:d1:fb:ed:93:2d:45:aa:c3:02:d3:f5:
                    63:42:7f:87:02:3d:6c:fd:98:26:d5:38:7c:40:71:
                    5a:84:53:46:c3:d1:38:6c:01:9b:9d:c3:b1:d8:82:
                    dc:4e:14:f3:d0:23:2c:ae:7c:ac:4e:3c:7e:ae:29:
                    d8:e3:f0:08:ca:eb:61:a5:76:7b:d1:28:19:8d:07:
                    3f:70:e7:65:84:b0:84:ba:42:c8:31:c6:3e:14:92:
                    1b:13:7e:d3:44:ef:08:49:4d:46:9d:5e:b2:23:45:
                    10:ed:5f:54:21:84:08:b8:ed:3c:f3:83:24:15:ed:
                    0d:e7:d7:eb:fb:70:d7:6d:96:f6:8c:78:39:9b:20:
                    48:a0:94:02:ab:71:1a:49:42:0b:1e:74:e3:8c:4a:
                    ba:d4:5e:d5:08:c0:05:94:76:70:9d:d2:27:19:0c:
                    f3:da:e5:74:2f:0a:ef:c2:a1:27:4d:18:0f:d5:af:
                    29:5a:d7:c8:ab:31:33:46:b1:88:fe:6a:68:6e:a0:
                    ae:d0:c7:88:38:9a:26:fd:81:bf:08:92:c7:43:62:
                    4f:d2:f1:20:e1:96:9a:8f:58:c2:27:90:a8:da:08:
                    c3:f3:5c:d7:db:01:16:b4:fc:9b:99:e4:b8:ac:b6:
                    92:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                0C:AA:CA:F1:35:84:81:70:25:8C:4F:E0:18:CE:ED:A2:2B:F0:99:4A
            X509v3 Authority Key Identifier: 
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/DKrK8TWEgXAljE_gGM7toivwmUo.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.112.0/22
                  80.254.236.0/22
                  185.161.252.0/22
                  185.181.56.0/22
                  185.220.28.0/22
                  192.144.52.0/22
                  193.9.36.0-193.9.43.255
                  193.187.168.0/22
                  194.39.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:34:c3:b5:63:b3:ad:ca:ba:0c:9b:1c:7a:31:25:95:59:31:
         65:d3:04:41:90:2f:e3:ec:82:ff:c2:81:ef:f0:bc:85:03:26:
         f9:54:2e:b6:ba:91:44:a1:fc:36:6d:f1:5c:f7:0f:dd:ce:8b:
         e0:7d:92:c3:2d:30:30:7c:6d:56:39:a2:d5:db:31:d2:bf:8f:
         d6:f9:94:af:0a:bc:09:7e:ee:b0:71:7e:d6:c9:a6:7d:75:33:
         28:dd:51:b9:b9:59:b4:10:f8:73:62:3f:4d:11:82:be:95:b3:
         13:53:ff:7e:bd:71:f5:83:71:03:51:37:77:bc:86:5d:56:54:
         db:7c:4d:8e:3f:80:b0:c2:8c:23:ee:0e:3b:9c:28:4f:b3:02:
         e2:40:67:a6:13:0d:e8:bc:e3:2b:b4:f7:ed:e7:23:65:53:a5:
         3a:13:cc:a0:27:44:58:17:3e:e7:d8:be:af:42:fb:ef:56:43:
         32:3a:f5:83:2f:70:28:ca:e4:a3:fc:a0:bc:6f:5c:f6:4a:2f:
         1f:dd:2d:c5:f1:9f:9c:62:43:41:f2:01:3d:82:d9:4f:c3:1b:
         67:77:fc:18:79:ae:61:16:f7:76:69:4f:c0:d5:f1:16:3c:a4:
         ad:63:c3:24:94:1d:3a:7a:f5:11:fe:d6:33:ad:fd:41:9c:3a:
         f7:88:2a:2f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIECGJs3jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MjZjNjYwYjMwZjU2OTJiMmIxNmUyODliMjQ5MDFjNTE4ZmRhNTIwMB4XDTIyMDcw
MTA2NTcwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGNhYWNhZjEzNTg0
ODE3MDI1OGM0ZmUwMThjZWVkYTIyYmYwOTk0YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALTrlTxG5CmtsOheSQA9Wzt3VNH77ZMtRarDAtP1Y0J/hwI9
bP2YJtU4fEBxWoRTRsPROGwBm53DsdiC3E4U89AjLK58rE48fq4p2OPwCMrrYaV2
e9EoGY0HP3DnZYSwhLpCyDHGPhSSGxN+00TvCElNRp1esiNFEO1fVCGECLjtPPOD
JBXtDefX6/tw122W9ox4OZsgSKCUAqtxGklCCx5044xKutRe1QjABZR2cJ3SJxkM
89rldC8K78KhJ00YD9WvKVrXyKsxM0axiP5qaG6grtDHiDiaJv2BvwiSx0NiT9Lx
IOGWmo9YwieQqNoIw/Nc19sBFrT8m5nkuKy2khMCAwEAAaOCAkEwggI9MB0GA1Ud
DgQWBBQMqsrxNYSBcCWMT+AYzu2iK/CZSjAfBgNVHSMEGDAWgBQSbGYLMPVpKysW
4omySQHFGP2lIDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VteG1DekQxYVNzckZ1S0pza2tCeFJqOXBTQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGYvZGI3ODdmLWMyN2EtNGYyMy05OWIyLTQzOGFjYjcyZmM1Yi8x
L0RLcks4VFdFZ1hBbGpFX2dHTTd0b2l2d21Vby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYv
ZGI3ODdmLWMyN2EtNGYyMy05OWIyLTQzOGFjYjcyZmM1Yi8xL0VteG1DekQxYVNz
ckZ1S0pza2tCeFJqOXBTQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBX
BggrBgEFBQcBBwEB/wRIMEYwRAQCAAEwPgMEAi1TcAMEAlD+7AMEArmh/AMEArm1
OAMEArncHAMEAsCQNDAMAwQCwQkkAwQCwQkoAwQCwbuoAwQCwidEMA0GCSqGSIb3
DQEBCwUAA4IBAQAbNMO1Y7OtyroMmxx6MSWVWTFl0wRBkC/j7IL/woHv8LyFAyb5
VC62upFEofw2bfFc9w/dzovgfZLDLTAwfG1WOaLV2zHSv4/W+ZSvCrwJfu6wcX7W
yaZ9dTMo3VG5uVm0EPhzYj9NEYK+lbMTU/9+vXH1g3EDUTd3vIZdVlTbfE2OP4Cw
wowj7g47nChPswLiQGemEw3ovOMrtPft5yNlU6U6E8ygJ0RYFz7n2L6vQvvvVkMy
OvWDL3AoyuSj/KC8b1z2Si8f3S3F8Z+cYkNB8gE9gtlPwxtnd/wYea5hFvd2aU/A
1fEWPKStY8MklB06evUR/tYzrf1BnDr3iCov
-----END CERTIFICATE-----
Generated at Fri Dec 2 13:35:39 2022 by rpki-client.