Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/647485-635e-4ac6-b0b9-3351c577b432/1/aedVSgDzPN8NSNc0AWT5LWxB0ME.roa
File:                     aedVSgDzPN8NSNc0AWT5LWxB0ME.roa (raw, json)
Hash identifier:          dpDe6aIbJvexkIC5o0dZBz+eF8xcPh7l66sRiS3ImZY=
Subject key identifier:   69:E7:55:4A:00:F3:3C:DF:0D:48:D7:34:01:64:F9:2D:6C:41:D0:C1
Certificate issuer:       /CN=d954ab94e4595194d2c39b1d3fe6a891f1eb92bc
Certificate serial:       019425FC32B603D0E44E0D9E70D4847A017E
Authority key identifier: D9:54:AB:94:E4:59:51:94:D2:C3:9B:1D:3F:E6:A8:91:F1:EB:92:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2VSrlORZUZTSw5sdP-aokfHrkrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/647485-635e-4ac6-b0b9-3351c577b432/1/aedVSgDzPN8NSNc0AWT5LWxB0ME.roa
Signing time:             Thu 02 Jan 2025 07:47:52 +0000
ROA not before:           Thu 02 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49440
IP address blocks:        2a0b:9700::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/647485-635e-4ac6-b0b9-3351c577b432/1/2VSrlORZUZTSw5sdP-aokfHrkrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/647485-635e-4ac6-b0b9-3351c577b432/1/2VSrlORZUZTSw5sdP-aokfHrkrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2VSrlORZUZTSw5sdP-aokfHrkrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:32:b6:03:d0:e4:4e:0d:9e:70:d4:84:7a:01:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d954ab94e4595194d2c39b1d3fe6a891f1eb92bc
        Validity
            Not Before: Jan  2 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69e7554a00f33cdf0d48d7340164f92d6c41d0c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:34:5d:db:86:eb:dd:db:ad:d1:99:30:60:94:
                    e0:51:e9:89:66:ed:ae:13:b4:5f:0a:29:5d:6f:84:
                    ca:91:6b:02:64:38:ed:27:01:4f:2d:47:29:d7:8b:
                    44:1b:2e:e4:b8:bc:03:38:af:7c:31:22:dc:9c:a3:
                    a2:42:a1:87:05:75:8f:fb:2c:3c:fb:fb:39:34:52:
                    1e:89:7c:74:ee:e3:51:1d:d8:98:7b:6f:55:53:95:
                    9b:bc:4e:17:eb:11:53:04:c4:13:9b:1d:1b:81:89:
                    78:6d:69:03:9d:56:6d:9b:19:fc:55:1e:42:47:99:
                    e6:98:7e:60:45:a1:07:aa:8b:b1:f2:dd:ce:db:2c:
                    56:a0:5d:66:93:ed:da:e2:78:8d:7b:53:c1:df:f4:
                    96:0f:97:40:4e:b5:5f:a4:ec:2d:b8:c8:72:07:04:
                    a4:0f:2b:4d:4f:a5:e0:d7:56:38:2d:7e:9d:80:28:
                    32:92:f3:1e:10:81:f0:ce:2c:ed:cf:e0:00:d3:a2:
                    a5:09:87:91:39:33:4f:c7:03:90:82:9e:8f:2d:22:
                    73:11:7b:9f:b3:90:bf:a6:4c:57:c0:98:14:bb:d1:
                    37:da:5c:60:77:84:a6:4f:f2:97:11:82:b7:a1:d8:
                    b9:33:46:13:c2:d1:e6:0c:1e:be:7b:a7:86:ed:92:
                    56:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:E7:55:4A:00:F3:3C:DF:0D:48:D7:34:01:64:F9:2D:6C:41:D0:C1
            X509v3 Authority Key Identifier:
                keyid:D9:54:AB:94:E4:59:51:94:D2:C3:9B:1D:3F:E6:A8:91:F1:EB:92:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2VSrlORZUZTSw5sdP-aokfHrkrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/647485-635e-4ac6-b0b9-3351c577b432/1/aedVSgDzPN8NSNc0AWT5LWxB0ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/647485-635e-4ac6-b0b9-3351c577b432/1/2VSrlORZUZTSw5sdP-aokfHrkrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:9700::/32

    Signature Algorithm: sha256WithRSAEncryption
         c9:77:98:47:53:64:80:1e:72:4b:d2:71:37:a1:eb:d0:f2:70:
         81:4f:9f:96:5b:53:4b:3d:16:18:1f:df:f9:16:f9:be:79:d0:
         c4:0d:bc:64:4e:bc:88:51:4f:a0:d1:b4:33:b2:c1:b6:24:cf:
         8a:67:58:79:db:d7:34:32:33:de:df:1b:b3:28:19:98:2a:90:
         77:ad:16:ba:44:65:3f:11:24:04:86:34:6d:1e:fe:33:58:69:
         c5:79:90:42:d8:db:2d:8c:15:85:a3:33:95:b1:e2:b7:5a:03:
         d9:de:15:c2:ef:0e:58:19:a1:bb:e7:39:60:96:b5:bf:ce:6b:
         70:d6:29:dc:be:83:98:49:f9:63:86:12:2c:43:24:e8:70:0b:
         73:02:d5:cb:bb:0c:0e:ed:ae:fc:5b:66:16:8e:5b:0d:dd:1d:
         d8:fa:0f:50:53:1c:55:fb:16:39:62:9d:a7:a9:cb:95:f8:bb:
         53:c4:2d:46:61:3f:59:9b:98:96:da:f2:31:3f:d2:bc:7d:6a:
         89:aa:fb:43:b4:41:be:32:cb:bf:e7:bb:79:c3:fb:c0:3f:9f:
         42:66:49:d5:cc:7d:5a:8c:81:c4:f6:a7:c7:0e:ba:ea:ed:6e:
         cc:ef:5a:99:a6:c0:d9:b5:1e:4b:39:a9:fc:b5:c2:ca:c6:6f:
         72:cf:c0:f0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/DK2A9DkTg2ecNSEegF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NTRhYjk0ZTQ1OTUxOTRkMmMzOWIxZDNmZTZhODkxZjFl
YjkyYmMwHhcNMjUwMTAyMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWU3NTU0YTAwZjMzY2RmMGQ0OGQ3MzQwMTY0ZjkyZDZjNDFkMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojRd24br3dut0ZkwYJTgUemJZu2u
E7RfCildb4TKkWsCZDjtJwFPLUcp14tEGy7kuLwDOK98MSLcnKOiQqGHBXWP+yw8
+/s5NFIeiXx07uNRHdiYe29VU5WbvE4X6xFTBMQTmx0bgYl4bWkDnVZtmxn8VR5C
R5nmmH5gRaEHqoux8t3O2yxWoF1mk+3a4niNe1PB3/SWD5dATrVfpOwtuMhyBwSk
DytNT6Xg11Y4LX6dgCgykvMeEIHwziztz+AA06KlCYeROTNPxwOQgp6PLSJzEXuf
s5C/pkxXwJgUu9E32lxgd4SmT/KXEYK3odi5M0YTwtHmDB6+e6eG7ZJWMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGnnVUoA8zzfDUjXNAFk+S1sQdDBMB8GA1UdIwQY
MBaAFNlUq5TkWVGU0sObHT/mqJHx65K8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlZTcmxPUlpVWlRTdzVzZFAtYW9rZkhya3J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82NDc0ODUtNjM1ZS00YWM2LWIwYjkt
MzM1MWM1NzdiNDMyLzEvYWVkVlNnRHpQTjhOU05jMEFXVDVMV3hCME1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82NDc0ODUtNjM1ZS00YWM2LWIwYjktMzM1MWM1NzdiNDMy
LzEvMlZTcmxPUlpVWlRTdzVzZFAtYW9rZkhya3J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKguXADAN
BgkqhkiG9w0BAQsFAAOCAQEAyXeYR1NkgB5yS9JxN6Hr0PJwgU+flltTSz0WGB/f
+Rb5vnnQxA28ZE68iFFPoNG0M7LBtiTPimdYedvXNDIz3t8bsygZmCqQd60WukRl
PxEkBIY0bR7+M1hpxXmQQtjbLYwVhaMzlbHit1oD2d4Vwu8OWBmhu+c5YJa1v85r
cNYp3L6DmEn5Y4YSLEMk6HALcwLVy7sMDu2u/FtmFo5bDd0d2PoPUFMcVfsWOWKd
p6nLlfi7U8QtRmE/WZuYltryMT/SvH1qiar7Q7RBvjLLv+e7ecP7wD+fQmZJ1cx9
WoyBxPanxw666u1uzO9amabA2bUeSzmp/LXCysZvcs/A8A==
-----END CERTIFICATE-----