Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/ICFZx8buV13NvzPbHrZ9ckfacKc.roa
File:                     ICFZx8buV13NvzPbHrZ9ckfacKc.roa (raw, json)
Hash identifier:          K5Z5yLxM8knCLM6EYD6Y20yOvb4Uww7tWqYwqWI0IYU=
Subject key identifier:   20:21:59:C7:C6:EE:57:5D:CD:BF:33:DB:1E:B6:7D:72:47:DA:70:A7
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       018F2093799C5CA3AFBFF5253B834C7AD7E9
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/ICFZx8buV13NvzPbHrZ9ckfacKc.roa
Signing time:             Sat 27 Apr 2024 17:21:26 +0000
ROA not before:           Sat 27 Apr 2024 17:21:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215158
IP address blocks:        2a12:3140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:20:93:79:9c:5c:a3:af:bf:f5:25:3b:83:4c:7a:d7:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Apr 27 17:21:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=202159c7c6ee575dcdbf33db1eb67d7247da70a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:65:f7:ce:06:ad:63:fc:7e:fa:35:05:7c:24:
                    58:22:db:f3:44:b5:18:07:a2:d8:02:92:0a:4d:db:
                    26:de:d5:f8:a5:bd:69:db:97:6a:23:f9:9c:cc:4a:
                    e0:14:17:e9:3b:d4:22:41:75:81:36:d2:3e:8b:fa:
                    de:54:9d:3a:04:a7:4b:0b:87:f4:56:4d:78:72:f9:
                    29:17:28:ed:0a:a8:38:9b:0f:f6:3b:fe:bc:7e:ca:
                    c7:63:b7:cd:be:8d:c7:11:18:cc:b9:8f:10:ae:a3:
                    fc:40:b2:10:d6:0e:cc:af:a2:1c:ba:1d:e7:b7:dd:
                    05:31:82:2a:6c:70:ec:bb:0a:3c:fa:35:c3:3b:d4:
                    a3:ce:be:0f:4a:9c:d3:d8:9f:84:07:44:d6:4f:2c:
                    7c:26:0f:8a:8b:ea:ff:34:10:61:33:86:af:b4:c1:
                    8a:bb:3e:d0:0d:14:fe:95:34:42:3b:d8:5d:dc:01:
                    1a:35:87:c1:67:9e:2b:2f:f3:c5:ee:11:29:f7:67:
                    d1:93:16:bd:18:16:4e:30:9a:d6:ea:eb:78:5e:df:
                    6d:8a:ba:c1:02:a2:04:68:4e:92:9b:1b:50:42:ff:
                    5b:da:17:a6:22:c2:2d:97:71:69:51:be:e4:40:8b:
                    85:68:2e:e7:b4:c5:63:67:fc:61:cf:9d:4b:d9:fd:
                    dc:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:21:59:C7:C6:EE:57:5D:CD:BF:33:DB:1E:B6:7D:72:47:DA:70:A7
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/ICFZx8buV13NvzPbHrZ9ckfacKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3140::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:b2:1e:5f:6d:3b:bd:73:6b:b0:a7:ab:f7:b8:38:a6:41:c3:
         60:bc:4b:54:2d:8a:55:5c:09:34:91:d6:db:a0:cb:f0:7b:51:
         c1:04:99:19:a4:ea:82:ff:3f:10:d8:32:00:17:65:d1:f4:e4:
         fd:07:6f:0b:a9:0b:10:b6:1f:dd:da:a5:6b:96:8d:29:4d:46:
         33:0a:9b:b4:2a:37:0c:ea:91:9b:1e:cc:ca:0a:c0:33:2f:4d:
         ef:aa:bb:58:fe:19:cc:90:57:97:6b:cf:c7:49:dd:bc:1f:04:
         9d:59:a9:10:a6:9c:7d:0b:09:ab:19:48:22:08:5e:97:38:f5:
         2f:5d:1c:82:80:d6:22:bf:8a:c0:65:ad:73:a4:18:9e:e5:c8:
         91:b8:a3:09:f2:dc:bb:c8:d1:36:b5:51:f8:8c:b2:55:9d:45:
         65:56:4b:b3:4b:94:cd:7c:32:4b:75:d7:13:91:34:2b:ce:ac:
         55:fe:ce:e8:75:06:c4:60:81:07:a5:b8:f6:d1:59:16:5e:72:
         5b:f0:f2:25:ee:d3:b9:91:42:21:c4:5a:0b:11:75:4f:7a:c4:
         a1:3c:21:90:cf:3b:5e:fc:45:f0:f9:59:8c:34:93:45:6c:0a:
         aa:98:7a:f5:f1:bc:04:e1:bf:3a:b5:2f:8c:d4:b4:08:84:78:
         7e:98:79:7b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8gk3mcXKOvv/UlO4NMetfpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwNDI3MTcyMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDIxNTljN2M2ZWU1NzVkY2RiZjMzZGIxZWI2N2Q3MjQ3ZGE3MGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mX3zgatY/x++jUFfCRYItvzRLUY
B6LYApIKTdsm3tX4pb1p25dqI/mczErgFBfpO9QiQXWBNtI+i/reVJ06BKdLC4f0
Vk14cvkpFyjtCqg4mw/2O/68fsrHY7fNvo3HERjMuY8QrqP8QLIQ1g7Mr6Icuh3n
t90FMYIqbHDsuwo8+jXDO9Sjzr4PSpzT2J+EB0TWTyx8Jg+Ki+r/NBBhM4avtMGK
uz7QDRT+lTRCO9hd3AEaNYfBZ54rL/PF7hEp92fRkxa9GBZOMJrW6ut4Xt9tirrB
AqIEaE6SmxtQQv9b2hemIsItl3FpUb7kQIuFaC7ntMVjZ/xhz51L2f3cxwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCAhWcfG7lddzb8z2x62fXJH2nCnMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvSUNGWng4YnVWMTNOdnpQYkhyWjlja2ZhY0tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhIxQDAN
BgkqhkiG9w0BAQsFAAOCAQEAlLIeX207vXNrsKer97g4pkHDYLxLVC2KVVwJNJHW
26DL8HtRwQSZGaTqgv8/ENgyABdl0fTk/QdvC6kLELYf3dqla5aNKU1GMwqbtCo3
DOqRmx7MygrAMy9N76q7WP4ZzJBXl2vPx0ndvB8EnVmpEKacfQsJqxlIIghelzj1
L10cgoDWIr+KwGWtc6QYnuXIkbijCfLcu8jRNrVR+IyyVZ1FZVZLs0uUzXwyS3XX
E5E0K86sVf7O6HUGxGCBB6W49tFZFl5yW/DyJe7TuZFCIcRaCxF1T3rEoTwhkM87
XvxF8PlZjDSTRWwKqph69fG8BOG/OrUvjNS0CIR4fph5ew==
-----END CERTIFICATE-----