Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/p-aeeSEszU3aapQ0yEslN0bhQQ8.roa
File:                     p-aeeSEszU3aapQ0yEslN0bhQQ8.roa (raw, json)
Hash identifier:          Mh/Q23651bJq9potJm5ecJKYPprCxzH57rPx/Ooy5iY=
Subject key identifier:   A7:E6:9E:79:21:2C:CD:4D:DA:6A:94:34:C8:4B:25:37:46:E1:41:0F
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019426D94D698016B5A0E98410A85FE9F533
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/p-aeeSEszU3aapQ0yEslN0bhQQ8.roa
Signing time:             Thu 02 Jan 2025 11:49:22 +0000
ROA not before:           Thu 02 Jan 2025 11:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48625
IP address blocks:        2001:7f8:82::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:4d:69:80:16:b5:a0:e9:84:10:a8:5f:e9:f5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 11:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7e69e79212ccd4dda6a9434c84b253746e1410f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b2:47:3c:7c:ea:02:4f:6c:bb:67:7e:d1:bb:
                    64:b6:91:39:0b:6d:12:ea:7e:76:ed:de:0b:8d:30:
                    8e:a2:b1:a6:bc:9a:ca:46:ad:dd:49:ca:ed:60:48:
                    5b:6e:2e:62:26:80:35:2b:56:03:79:4f:bd:fa:5b:
                    ab:95:81:50:47:ed:a7:70:b5:2b:b3:1a:5a:1a:d0:
                    b4:7a:d6:4e:63:8f:a5:e1:ca:df:d3:62:e8:c4:13:
                    12:bf:e3:a0:cd:7e:84:ca:84:54:43:ff:7a:4a:29:
                    43:6e:dc:27:fc:a7:c3:5a:20:fc:3c:2e:24:e4:01:
                    d3:7c:17:94:a2:db:a3:88:4e:44:50:9b:19:4c:3f:
                    ab:0e:53:0f:7e:f2:e7:42:84:e5:49:2e:96:ad:23:
                    12:ec:81:7a:ef:f9:f3:63:c7:cd:cb:69:08:37:18:
                    25:2a:66:b1:7c:a4:29:8a:88:9a:15:10:47:2a:db:
                    b1:fd:42:27:07:ca:4c:98:c7:13:01:de:35:27:1f:
                    86:04:e3:0f:32:d0:08:4b:e7:f2:d3:7d:85:6a:d2:
                    f5:e2:92:94:1d:b2:51:1c:b5:16:df:dd:94:3e:33:
                    70:47:3a:8a:a4:96:92:68:0e:fd:16:48:b4:e2:31:
                    1c:3c:7d:99:1c:53:fe:da:20:83:27:75:80:28:5f:
                    e1:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E6:9E:79:21:2C:CD:4D:DA:6A:94:34:C8:4B:25:37:46:E1:41:0F
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/p-aeeSEszU3aapQ0yEslN0bhQQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:82::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:cf:b5:fc:49:33:56:a2:4b:f5:5c:cb:cf:7d:b0:2e:f4:e8:
         70:ea:26:dc:0e:4b:73:8d:20:67:97:ae:c1:45:86:07:8c:9a:
         7a:52:ab:36:45:78:72:43:75:75:d1:4c:b2:9c:9e:65:36:24:
         c9:6d:8b:65:dd:8d:4d:b6:13:28:70:d2:32:38:f9:e0:77:b1:
         f2:20:16:16:22:71:27:43:56:9a:71:31:f0:71:c5:25:fe:71:
         f6:9b:12:b4:c8:6a:5d:1a:b4:b5:07:db:8a:92:85:da:bc:0e:
         68:30:d2:0e:4d:1b:4e:02:58:1f:55:49:77:76:55:f3:ea:66:
         69:40:30:58:dd:b0:ff:98:04:a0:01:18:1b:23:5f:5e:73:b3:
         d5:5d:ae:b1:09:b6:b5:0b:e2:85:44:91:b0:04:36:64:10:0a:
         38:d4:fd:1a:3d:d3:3f:57:be:2d:2d:f0:db:69:7f:12:a2:57:
         ba:92:e6:7b:24:ac:87:72:20:9d:38:14:6b:bf:7e:c8:db:fe:
         70:af:61:7f:ad:bd:93:53:6c:21:03:30:a7:45:72:64:f3:5e:
         af:c8:32:8d:e2:ab:8b:a6:18:b1:2a:6d:8e:a3:62:4e:3f:95:
         a2:37:52:1e:df:9d:01:7a:4b:1b:ac:70:1a:c0:d3:63:31:21:
         93:68:15:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2U1pgBa1oOmEEKhf6fUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwMTAyMTE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2U2OWU3OTIxMmNjZDRkZGE2YTk0MzRjODRiMjUzNzQ2ZTE0MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bJHPHzqAk9su2d+0btktpE5C20S
6n527d4LjTCOorGmvJrKRq3dScrtYEhbbi5iJoA1K1YDeU+9+lurlYFQR+2ncLUr
sxpaGtC0etZOY4+l4crf02LoxBMSv+OgzX6EyoRUQ/96SilDbtwn/KfDWiD8PC4k
5AHTfBeUotujiE5EUJsZTD+rDlMPfvLnQoTlSS6WrSMS7IF67/nzY8fNy2kINxgl
KmaxfKQpioiaFRBHKtux/UInB8pMmMcTAd41Jx+GBOMPMtAIS+fy032FatL14pKU
HbJRHLUW392UPjNwRzqKpJaSaA79Fki04jEcPH2ZHFP+2iCDJ3WAKF/hQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKfmnnkhLM1N2mqUNMhLJTdG4UEPMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvcC1hZWVTRXN6VTNhYXBRMHlFc2xOMGJoUVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+ACC
MA0GCSqGSIb3DQEBCwUAA4IBAQA2z7X8STNWokv1XMvPfbAu9Ohw6ibcDktzjSBn
l67BRYYHjJp6Uqs2RXhyQ3V10UyynJ5lNiTJbYtl3Y1NthMocNIyOPngd7HyIBYW
InEnQ1aacTHwccUl/nH2mxK0yGpdGrS1B9uKkoXavA5oMNIOTRtOAlgfVUl3dlXz
6mZpQDBY3bD/mASgARgbI19ec7PVXa6xCba1C+KFRJGwBDZkEAo41P0aPdM/V74t
LfDbaX8Sole6kuZ7JKyHciCdOBRrv37I2/5wr2F/rb2TU2whAzCnRXJk816vyDKN
4quLphixKm2Oo2JOP5WiN1Ie350BeksbrHAawNNjMSGTaBU8
-----END CERTIFICATE-----