Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/738188-73ae-4918-bfd7-7788aee1215f/1/Upzwlv30c7TC3O9gxJ1kAAgNiDA.roa
File:                     Upzwlv30c7TC3O9gxJ1kAAgNiDA.roa (raw, json)
Hash identifier:          yTJNjXZ4BZhaMYBc9uxx4ckW86PF2pvOMSFidtmg0eA=
Subject key identifier:   52:9C:F0:96:FD:F4:73:B4:C2:DC:EF:60:C4:9D:64:00:08:0D:88:30
Certificate issuer:       /CN=2cd1ff49725f6331e63b8ed76448d725dd7a84de
Certificate serial:       0194206853110546756526051BAEC01F53D5
Authority key identifier: 2C:D1:FF:49:72:5F:63:31:E6:3B:8E:D7:64:48:D7:25:DD:7A:84:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LNH_SXJfYzHmO47XZEjXJd16hN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/738188-73ae-4918-bfd7-7788aee1215f/1/Upzwlv30c7TC3O9gxJ1kAAgNiDA.roa
Signing time:             Wed 01 Jan 2025 05:48:15 +0000
ROA not before:           Wed 01 Jan 2025 05:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57070
IP address blocks:        146.0.16.0/21 maxlen: 24
                          185.200.248.0/22 maxlen: 24
                          2a0a:bac0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/738188-73ae-4918-bfd7-7788aee1215f/1/LNH_SXJfYzHmO47XZEjXJd16hN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/738188-73ae-4918-bfd7-7788aee1215f/1/LNH_SXJfYzHmO47XZEjXJd16hN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LNH_SXJfYzHmO47XZEjXJd16hN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:53:11:05:46:75:65:26:05:1b:ae:c0:1f:53:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cd1ff49725f6331e63b8ed76448d725dd7a84de
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=529cf096fdf473b4c2dcef60c49d6400080d8830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:44:f6:5a:3f:c2:70:01:c5:24:df:da:3f:63:
                    3c:ee:bb:23:75:bc:b1:06:51:b7:7e:d0:6e:27:c0:
                    9e:c6:c1:6b:5e:ce:14:fc:26:1d:fd:77:af:aa:04:
                    2b:14:b7:5f:05:0a:16:4c:68:38:65:3f:c2:cf:bc:
                    2c:51:36:32:2a:be:60:b4:28:46:6e:49:69:4d:5d:
                    87:29:34:e2:3f:05:01:ca:b9:d6:25:39:34:d6:2f:
                    9e:ae:ba:49:9e:cb:19:b4:21:2e:e3:89:39:29:fb:
                    cc:eb:a0:02:95:5d:dc:95:85:c1:75:f5:44:88:f3:
                    28:53:08:40:4d:2b:dc:9c:28:91:b6:fe:12:bf:9c:
                    87:24:6d:7f:16:bb:7f:76:e7:98:f3:77:78:a2:23:
                    8d:9c:71:02:96:8b:b0:3e:31:23:9f:15:a0:2b:21:
                    90:0d:19:17:a4:ce:60:87:7b:ec:05:85:fe:4f:e2:
                    aa:48:e1:3d:4a:7c:fb:2f:27:f9:d8:8c:65:ba:34:
                    e6:4c:57:9b:56:9e:c8:d4:c9:4a:1a:b7:2d:cd:b1:
                    98:04:ae:ab:05:11:c2:a8:a0:31:4a:82:6e:12:28:
                    98:6c:a4:ff:01:d7:2f:82:49:53:ab:bd:ed:e5:69:
                    c2:1b:9e:70:a6:54:13:dc:19:e5:22:3d:43:ec:fd:
                    9c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:9C:F0:96:FD:F4:73:B4:C2:DC:EF:60:C4:9D:64:00:08:0D:88:30
            X509v3 Authority Key Identifier:
                keyid:2C:D1:FF:49:72:5F:63:31:E6:3B:8E:D7:64:48:D7:25:DD:7A:84:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LNH_SXJfYzHmO47XZEjXJd16hN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/738188-73ae-4918-bfd7-7788aee1215f/1/Upzwlv30c7TC3O9gxJ1kAAgNiDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/738188-73ae-4918-bfd7-7788aee1215f/1/LNH_SXJfYzHmO47XZEjXJd16hN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.0.16.0/21
                  185.200.248.0/22
                IPv6:
                  2a0a:bac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:6c:a1:4d:4a:64:93:c5:73:bb:68:03:ee:5f:fa:f9:35:3a:
         ca:ab:0d:f8:6a:f4:53:76:e2:0d:ce:b2:b6:96:74:df:e5:f5:
         45:fe:ee:8e:d5:e8:2d:06:ea:d4:d0:4a:c0:42:1f:d8:e2:59:
         36:3d:88:6d:bb:7a:7b:34:c7:07:08:5f:54:31:7f:cd:56:9b:
         ef:1d:60:cc:39:6f:be:c8:08:14:2c:2e:c2:69:46:36:df:ee:
         43:1a:26:e4:d1:22:b4:14:0e:51:27:65:3d:a3:51:3b:18:14:
         03:c4:94:34:86:97:52:77:67:b8:bd:6c:54:cb:62:9f:ea:42:
         5d:53:73:2a:16:2c:52:a5:95:e7:21:f8:b7:ea:0c:ec:76:49:
         72:ad:aa:53:af:8f:81:27:a6:95:62:a5:a4:4a:48:c0:0c:b8:
         51:63:68:28:ff:7e:1d:20:2f:94:03:2c:84:44:11:7b:ed:0f:
         b8:fa:db:1e:f7:ee:b9:fb:d0:bf:d8:5c:03:42:de:cb:93:c0:
         8b:93:e1:f2:a2:cd:84:c0:be:72:69:d3:90:9d:1f:15:6b:50:
         d2:db:70:58:d6:e9:3e:86:4b:3a:0d:6f:b2:7b:7c:50:e6:12:
         21:87:5d:56:66:69:ce:05:ac:c2:86:34:e6:1a:66:83:49:32:
         38:49:e7:4d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQgaFMRBUZ1ZSYFG67AH1PVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZDFmZjQ5NzI1ZjYzMzFlNjNiOGVkNzY0NDhkNzI1ZGQ3
YTg0ZGUwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjljZjA5NmZkZjQ3M2I0YzJkY2VmNjBjNDlkNjQwMDA4MGQ4ODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArET2Wj/CcAHFJN/aP2M87rsjdbyx
BlG3ftBuJ8CexsFrXs4U/CYd/XevqgQrFLdfBQoWTGg4ZT/Cz7wsUTYyKr5gtChG
bklpTV2HKTTiPwUByrnWJTk01i+errpJnssZtCEu44k5KfvM66AClV3clYXBdfVE
iPMoUwhATSvcnCiRtv4Sv5yHJG1/Frt/dueY83d4oiONnHEClouwPjEjnxWgKyGQ
DRkXpM5gh3vsBYX+T+KqSOE9Snz7Lyf52IxlujTmTFebVp7I1MlKGrctzbGYBK6r
BRHCqKAxSoJuEiiYbKT/AdcvgklTq73t5WnCG55wplQT3BnlIj1D7P2cgwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFKc8Jb99HO0wtzvYMSdZAAIDYgwMB8GA1UdIwQY
MBaAFCzR/0lyX2Mx5juO12RI1yXdeoTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE5IX1NYSmZZekhtTzQ3WFpFalhKZDE2aE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83MzgxODgtNzNhZS00OTE4LWJmZDct
Nzc4OGFlZTEyMTVmLzEvVXB6d2x2MzBjN1RDM085Z3hKMWtBQWdOaURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83MzgxODgtNzNhZS00OTE4LWJmZDctNzc4OGFlZTEyMTVm
LzEvTE5IX1NYSmZZekhtTzQ3WFpFalhKZDE2aE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDkgAQAwQC
ucj4MA0EAgACMAcDBQMqCrrAMA0GCSqGSIb3DQEBCwUAA4IBAQApbKFNSmSTxXO7
aAPuX/r5NTrKqw34avRTduINzrK2lnTf5fVF/u6O1egtBurU0ErAQh/Y4lk2PYht
u3p7NMcHCF9UMX/NVpvvHWDMOW++yAgULC7CaUY23+5DGibk0SK0FA5RJ2U9o1E7
GBQDxJQ0hpdSd2e4vWxUy2Kf6kJdU3MqFixSpZXnIfi36gzsdklyrapTr4+BJ6aV
YqWkSkjADLhRY2go/34dIC+UAyyERBF77Q+4+tse9+65+9C/2FwDQt7Lk8CLk+Hy
os2EwL5yadOQnR8Va1DS23BY1uk+hks6DW+ye3xQ5hIhh11WZmnOBazChjTmGmaD
STI4SedN
-----END CERTIFICATE-----