Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/uzh-RU7Z4h-2WrdUA820pBvjrBM.roa
File:                     uzh-RU7Z4h-2WrdUA820pBvjrBM.roa (raw, json)
Hash identifier:          EXApgQvfnUBsMJ4HsnWTWlNKlnZGpwXJT4/OYJawtls=
Subject key identifier:   BB:38:7E:45:4E:D9:E2:1F:B6:5A:B7:54:03:CD:B4:A4:1B:E3:AC:13
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0193F9E25240C3807B5D26A3DF259A563287
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/uzh-RU7Z4h-2WrdUA820pBvjrBM.roa
Signing time:             Tue 24 Dec 2024 18:16:19 +0000
ROA not before:           Tue 24 Dec 2024 18:16:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:50::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:530::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0c:b641:820::/44 maxlen: 48
                          2a0f:8400::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f9:e2:52:40:c3:80:7b:5d:26:a3:df:25:9a:56:32:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Dec 24 18:16:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb387e454ed9e21fb65ab75403cdb4a41be3ac13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d3:a2:e3:ce:6f:63:2b:65:e2:da:da:c8:d0:
                    82:8b:c8:23:12:35:2c:9e:57:35:fa:42:7f:8c:53:
                    4c:6b:23:3f:92:83:7f:69:59:5d:34:da:97:35:0d:
                    1d:b5:9a:9d:99:84:6f:b9:d9:df:2c:e2:6a:dc:c8:
                    19:cf:a0:eb:b8:63:b2:b6:7a:fd:5a:67:1a:ae:99:
                    d4:de:5f:de:7f:a2:e8:29:ab:a9:37:b4:84:e5:27:
                    f9:ab:21:71:bf:3d:ae:d9:66:78:19:9c:43:86:b9:
                    60:81:f3:ad:b8:8a:c9:7e:ec:ed:be:a4:0c:45:b2:
                    bd:5d:88:47:60:d7:ff:19:53:b8:d0:5b:1b:d8:af:
                    b2:22:41:92:73:5a:73:43:ae:65:1b:4e:c7:aa:b0:
                    7e:cf:50:46:3c:bf:73:0f:29:6b:e2:84:f6:a0:3e:
                    67:4e:c9:10:ee:6b:df:f7:78:1d:38:99:e0:fe:86:
                    2c:25:57:e4:39:24:50:ff:e0:63:f2:fb:bb:49:fd:
                    36:46:ff:2a:75:01:b1:1f:4a:30:f4:e8:a3:5a:2a:
                    da:3e:53:5e:1a:03:37:04:91:ac:fd:00:6e:bd:b6:
                    1f:bf:0e:2c:ca:cd:7b:01:1b:ff:e6:28:20:8b:be:
                    6f:5f:9d:7b:77:0e:20:a2:08:f9:3f:be:70:9f:d8:
                    ac:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:38:7E:45:4E:D9:E2:1F:B6:5A:B7:54:03:CD:B4:A4:1B:E3:AC:13
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/uzh-RU7Z4h-2WrdUA820pBvjrBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:50::-2a0c:b641:6f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:530::-2a0c:b641:54f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:70f::/48
                  2a0c:b641:820::/44
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:64:a5:63:b5:99:30:e2:6c:5a:d1:b6:9b:cc:5e:14:fa:1a:
         c1:4a:5e:a1:00:79:40:6d:73:78:45:6f:f6:c0:17:f6:4b:a6:
         a6:ad:cd:3e:13:c2:cc:6a:d7:54:c5:b1:55:e4:4e:3a:b3:b7:
         4a:bc:87:2a:25:77:43:df:a8:7c:40:07:fc:e4:b3:c6:87:bb:
         de:37:43:2f:89:e7:f1:1a:ca:eb:42:49:45:52:0a:20:d5:6b:
         01:85:0c:9b:c3:d7:ba:cb:44:92:bf:7f:d2:75:0b:ed:67:aa:
         14:5a:25:6a:3e:3c:96:7c:04:f4:eb:2b:2e:33:ac:5a:32:62:
         89:38:6a:a4:6a:71:d2:86:25:a8:a6:40:c7:6a:32:c2:04:6e:
         40:de:48:7e:72:6e:51:c7:f7:83:a9:ed:c0:e4:03:4c:fc:a9:
         12:1e:13:c8:39:d0:af:10:8b:6b:a8:87:a3:cc:90:05:01:a4:
         47:0d:a3:57:fa:b4:70:ac:92:06:83:fa:7c:48:a8:a1:21:bb:
         16:4e:9f:b8:b1:03:1b:b8:ca:16:90:e2:8b:a8:05:37:fa:01:
         55:e0:ea:92:66:ff:f7:8c:98:2e:99:98:64:5c:e7:64:af:1f:
         49:c8:d8:e5:6f:85:87:19:29:66:f2:a7:8e:55:f7:5b:3e:b0:
         ac:e6:ab:55
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAZP54lJAw4B7XSaj3yWaVjKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQxMjI0MTgxNjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM4N2U0NTRlZDllMjFmYjY1YWI3NTQwM2NkYjRhNDFiZTNhYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptOi485vYytl4trayNCCi8gjEjUs
nlc1+kJ/jFNMayM/koN/aVldNNqXNQ0dtZqdmYRvudnfLOJq3MgZz6DruGOytnr9
WmcarpnU3l/ef6LoKaupN7SE5Sf5qyFxvz2u2WZ4GZxDhrlggfOtuIrJfuztvqQM
RbK9XYhHYNf/GVO40Fsb2K+yIkGSc1pzQ65lG07HqrB+z1BGPL9zDylr4oT2oD5n
TskQ7mvf93gdOJng/oYsJVfkOSRQ/+Bj8vu7Sf02Rv8qdQGxH0ow9OijWiraPlNe
GgM3BJGs/QBuvbYfvw4sys17ARv/5iggi75vX517dw4gogj5P75wn9iswQIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFLs4fkVO2eIftlq3VAPNtKQb46wTMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdXpoLVJVN1o0aC0yV3JkVUE4MjBwQnZqckJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwGAQCAAEwEgMEAC2aYQME
AD4DMgMEAcIcYjBZBAIAAjBTMBADBQYqDLZAAwcFKgy2QQAAMBIDBwQqDLZBAFAD
BwQqDLZBAGAwEgMHBCoMtkEFMAMHBCoMtkEFQAMHACoMtkEHDwMHBCoMtkEIIAMF
ACoPhAAwDQYJKoZIhvcNAQELBQADggEBAFBkpWO1mTDibFrRtpvMXhT6GsFKXqEA
eUBtc3hFb/bAF/ZLpqatzT4Twsxq11TFsVXkTjqzt0q8hyold0PfqHxAB/zks8aH
u943Qy+J5/EayutCSUVSCiDVawGFDJvD17rLRJK/f9J1C+1nqhRaJWo+PJZ8BPTr
Ky4zrFoyYok4aqRqcdKGJaimQMdqMsIEbkDeSH5yblHH94Op7cDkA0z8qRIeE8g5
0K8Qi2uoh6PMkAUBpEcNo1f6tHCskgaD+nxIqKEhuxZOn7ixAxu4yhaQ4ouoBTf6
AVXg6pJm//eMmC6ZmGRc52SvH0nI2OVvhYcZKWbyp45V91s+sKzmq1U=
-----END CERTIFICATE-----