Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/K7JepbggFw6FHtzzsyCHRx1wgDY.roa
File:                     K7JepbggFw6FHtzzsyCHRx1wgDY.roa (raw, json)
Hash identifier:          RZ93qjNRsZrojjbElXcs0o7jI/WxonLwtO/bnPfJ39Q=
Subject key identifier:   2B:B2:5E:A5:B8:20:17:0E:85:1E:DC:F3:B3:20:87:47:1D:70:80:36
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       01915B81DCED0948D91F6897008D66DBE15D
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/K7JepbggFw6FHtzzsyCHRx1wgDY.roa
Signing time:             Fri 16 Aug 2024 14:05:22 +0000
ROA not before:           Fri 16 Aug 2024 14:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a12:3cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:81:dc:ed:09:48:d9:1f:68:97:00:8d:66:db:e1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Aug 16 14:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bb25ea5b820170e851edcf3b32087471d708036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:de:53:41:1b:2a:67:41:55:37:06:92:4e:b1:
                    4f:6a:79:ad:76:4b:37:e6:1d:14:74:c4:56:e1:c2:
                    c6:8f:00:11:53:0b:2b:b0:a1:7e:9c:ff:53:97:0b:
                    fd:53:b5:50:99:9a:42:00:8c:46:2e:bf:89:82:2d:
                    92:2b:74:3c:c8:bc:f1:34:09:7a:69:11:b8:7a:0d:
                    82:99:14:7b:ac:ec:c6:93:1d:5d:ac:7c:39:5e:39:
                    b4:85:77:c2:54:34:8a:22:33:41:88:6c:cb:b8:6a:
                    b3:79:a4:58:2c:65:de:63:1d:3a:9b:e6:51:92:bd:
                    3a:b7:e9:07:12:e9:91:ef:77:67:e6:0a:46:d7:3e:
                    da:fb:b8:c7:fa:3c:95:4e:42:76:9b:81:7e:33:af:
                    53:8f:40:fb:14:22:7a:71:88:d8:1b:df:8e:76:cd:
                    d2:5b:af:a2:15:07:b3:d6:f5:75:64:dd:22:80:89:
                    9c:c1:66:ce:fb:38:ad:1f:b6:fe:1e:ff:71:11:ad:
                    51:5f:07:99:f0:fb:12:30:16:5c:f2:07:84:8a:cf:
                    c6:59:87:13:5d:4c:20:25:17:a7:ef:25:2c:c3:dd:
                    df:e5:54:95:64:8d:fa:79:06:9c:ac:82:fe:4e:fa:
                    d9:b8:9c:4e:c0:79:91:63:59:98:ab:65:ad:fc:34:
                    d3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B2:5E:A5:B8:20:17:0E:85:1E:DC:F3:B3:20:87:47:1D:70:80:36
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/K7JepbggFw6FHtzzsyCHRx1wgDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:f7:d8:2b:2b:ed:46:3c:d2:4d:a3:83:d6:97:71:87:76:b0:
         a3:10:e3:5b:35:e9:b3:77:f3:5d:f3:9a:e1:24:06:82:ce:b8:
         91:f9:e3:31:e0:ce:53:d8:8d:fb:b1:09:16:5f:d4:6a:f6:ef:
         64:e0:0a:92:c3:5c:ba:a5:bf:ca:79:de:06:90:37:8c:1b:2f:
         24:4d:0d:e3:4b:33:95:42:18:35:8f:e0:2b:70:7f:5b:c6:58:
         69:cf:f4:c3:c6:dd:be:94:6b:2a:78:d7:94:9f:ac:1d:79:46:
         78:59:58:8c:3b:06:f1:6d:69:af:25:5b:12:80:6d:43:c2:d0:
         81:ba:2d:99:5d:21:7e:46:f0:ed:f2:40:79:35:6e:e2:c6:6d:
         1d:6d:5b:01:76:a5:2f:fe:48:13:8f:a3:8c:ee:85:73:56:3d:
         9d:6e:99:7c:05:8a:39:78:64:0d:8d:90:c8:40:2f:20:2e:c6:
         4e:2f:f2:81:ee:35:59:0e:0b:51:a9:a3:2c:19:ba:7f:7a:4e:
         76:a3:a5:b6:5a:5b:27:c3:1c:7c:d4:00:0d:57:34:51:3a:f7:
         1b:a7:e4:f7:a9:78:62:09:06:bb:d6:8a:82:4d:f2:99:c2:9e:
         a5:78:78:2c:44:08:4a:1d:a2:ba:49:03:4c:8a:2a:7b:40:bb:
         43:f1:12:8f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFbgdztCUjZH2iXAI1m2+FdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwODE2MTQwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmIyNWVhNWI4MjAxNzBlODUxZWRjZjNiMzIwODc0NzFkNzA4MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd5TQRsqZ0FVNwaSTrFPanmtdks3
5h0UdMRW4cLGjwARUwsrsKF+nP9Tlwv9U7VQmZpCAIxGLr+Jgi2SK3Q8yLzxNAl6
aRG4eg2CmRR7rOzGkx1drHw5Xjm0hXfCVDSKIjNBiGzLuGqzeaRYLGXeYx06m+ZR
kr06t+kHEumR73dn5gpG1z7a+7jH+jyVTkJ2m4F+M69Tj0D7FCJ6cYjYG9+Ods3S
W6+iFQez1vV1ZN0igImcwWbO+zitH7b+Hv9xEa1RXweZ8PsSMBZc8geEis/GWYcT
XUwgJRen7yUsw93f5VSVZI36eQacrIL+TvrZuJxOwHmRY1mYq2Wt/DTTIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCuyXqW4IBcOhR7c87Mgh0cdcIA2MB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvSzdKZXBiZ2dGdzZGSHR6enN5Q0hSeDF3Z0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhI8wDAN
BgkqhkiG9w0BAQsFAAOCAQEAO/fYKyvtRjzSTaOD1pdxh3awoxDjWzXps3fzXfOa
4SQGgs64kfnjMeDOU9iN+7EJFl/UavbvZOAKksNcuqW/ynneBpA3jBsvJE0N40sz
lUIYNY/gK3B/W8ZYac/0w8bdvpRrKnjXlJ+sHXlGeFlYjDsG8W1pryVbEoBtQ8LQ
gbotmV0hfkbw7fJAeTVu4sZtHW1bAXalL/5IE4+jjO6Fc1Y9nW6ZfAWKOXhkDY2Q
yEAvIC7GTi/yge41WQ4LUamjLBm6f3pOdqOltlpbJ8McfNQADVc0UTr3G6fk96l4
YgkGu9aKgk3ymcKepXh4LEQISh2iukkDTIoqe0C7Q/ESjw==
-----END CERTIFICATE-----