Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/cWH5PPaYfZWUJba_G0n_uzh_rsc.roa
File:                     cWH5PPaYfZWUJba_G0n_uzh_rsc.roa (raw, json)
Hash identifier:          C8oVSKijBzzlBacVotbOoAmP0eM+u3jK9TaM8PG08eI=
Subject key identifier:   71:61:F9:3C:F6:98:7D:95:94:25:B6:BF:1B:49:FF:BB:38:7F:AE:C7
Certificate issuer:       /CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
Certificate serial:       019423D6C6A5BD166DD291E72B11630827FF
Authority key identifier: 03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/cWH5PPaYfZWUJba_G0n_uzh_rsc.roa
Signing time:             Wed 01 Jan 2025 21:47:45 +0000
ROA not before:           Wed 01 Jan 2025 21:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214470
IP address blocks:        45.148.73.0/24 maxlen: 24
                          2a0f:8c00::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c6:a5:bd:16:6d:d2:91:e7:2b:11:63:08:27:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
        Validity
            Not Before: Jan  1 21:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7161f93cf6987d959425b6bf1b49ffbb387faec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6d:0c:53:25:fe:17:d7:70:ea:bb:50:e4:d8:
                    0a:7a:8e:db:89:d6:f5:0d:84:0b:f7:c8:13:43:b5:
                    e0:76:3a:fe:76:f6:97:83:21:d8:8c:28:ba:b9:3a:
                    5d:da:56:01:3c:91:39:12:48:55:46:24:94:aa:c7:
                    8a:5d:a5:e5:95:d6:49:a7:e0:f8:d2:43:82:a4:dc:
                    aa:33:e4:70:4c:df:b3:4c:78:a8:81:5f:b6:1c:3c:
                    07:ab:2f:3e:d3:bb:5b:37:80:68:bb:c4:f8:63:16:
                    3b:d1:b5:56:3a:28:09:21:10:fa:71:b5:fe:a1:b0:
                    2c:47:da:cb:5a:c9:a7:4c:c9:ea:48:a1:33:d9:1f:
                    3a:97:e4:c9:4a:81:07:bd:3a:ae:77:db:40:43:51:
                    1b:7b:5f:fe:3f:af:ec:0a:db:6e:b2:1a:cd:f3:a8:
                    da:f5:5c:ae:fe:14:aa:ef:96:9a:53:99:ce:a2:4f:
                    7f:1b:c9:92:0d:c3:ab:b4:b3:e2:c5:e3:57:fd:76:
                    05:72:4b:ba:9b:77:c7:d3:6d:5f:56:46:a2:29:35:
                    07:5c:1b:b9:6e:15:f6:ba:01:25:f5:5f:bf:9c:4e:
                    29:f6:3d:28:5d:62:77:6c:6d:d4:4f:cf:0d:6f:16:
                    aa:80:be:e2:cd:e9:61:bc:ea:7a:e8:a8:db:a0:b0:
                    a4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:61:F9:3C:F6:98:7D:95:94:25:B6:BF:1B:49:FF:BB:38:7F:AE:C7
            X509v3 Authority Key Identifier:
                keyid:03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/cWH5PPaYfZWUJba_G0n_uzh_rsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.73.0/24
                IPv6:
                  2a0f:8c00::/33

    Signature Algorithm: sha256WithRSAEncryption
         0b:bb:e8:3d:18:f4:f6:27:f6:98:03:a7:91:09:e1:88:a8:43:
         d6:7e:b9:10:0d:71:d7:5f:2e:10:e7:9f:98:1e:03:f5:74:7a:
         d2:23:f7:bb:3c:c3:44:30:74:96:38:31:be:0f:e5:6b:26:2f:
         2f:ec:c6:db:0a:74:8b:96:7e:76:91:b7:76:62:f4:f1:26:d4:
         d2:ae:55:7e:ff:a7:cf:c8:0d:76:ec:e4:86:9c:4e:25:fc:a4:
         0d:8e:6b:86:8e:66:b4:e8:76:ce:25:2d:14:54:9d:84:dd:89:
         51:43:7a:1b:bf:f6:15:39:31:d4:85:fc:6e:7e:5d:34:9b:2b:
         ef:2f:66:9e:1d:c9:4c:98:3e:90:12:06:33:75:93:ac:9c:9a:
         78:3e:0f:92:e1:d8:00:59:22:67:10:ad:50:f8:7f:9f:19:67:
         d6:79:3f:47:df:da:fd:a4:af:0a:66:fb:fb:df:9e:12:82:08:
         6a:08:ca:18:3c:ac:df:3e:b6:2a:f9:11:1e:a6:d1:9e:ea:3a:
         12:52:9f:d7:f0:f5:a0:05:e3:43:89:b1:31:b9:3e:7f:36:d1:
         9f:cd:4e:c9:ba:d5:e2:32:a6:03:b3:d0:c9:52:a7:5c:0f:ae:
         a1:5e:21:62:21:6b:6b:27:96:5f:84:72:31:4b:73:f2:18:02:
         3f:f5:a6:84
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQj1salvRZt0pHnKxFjCCf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzY2JkYjA1OTVmYzQ4OTAyOTM4YTc4ZjQyYzFlYWYwYTE1
OWJmNDYwHhcNMjUwMTAxMjE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTYxZjkzY2Y2OTg3ZDk1OTQyNWI2YmYxYjQ5ZmZiYjM4N2ZhZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA020MUyX+F9dw6rtQ5NgKeo7bidb1
DYQL98gTQ7Xgdjr+dvaXgyHYjCi6uTpd2lYBPJE5EkhVRiSUqseKXaXlldZJp+D4
0kOCpNyqM+RwTN+zTHiogV+2HDwHqy8+07tbN4Bou8T4YxY70bVWOigJIRD6cbX+
obAsR9rLWsmnTMnqSKEz2R86l+TJSoEHvTqud9tAQ1Ebe1/+P6/sCttushrN86ja
9Vyu/hSq75aaU5nOok9/G8mSDcOrtLPixeNX/XYFcku6m3fH021fVkaiKTUHXBu5
bhX2ugEl9V+/nE4p9j0oXWJ3bG3UT88NbxaqgL7izelhvOp66KjboLCkGQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFHFh+Tz2mH2VlCW2vxtJ/7s4f67HMB8GA1UdIwQY
MBaAFAPL2wWV/EiQKTinj0LB6vChWb9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYt
ZjY2MTM4MDY2MzU4LzEvY1dINVBQYVlmWldVSmJhX0cwbl91emhfcnNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYtZjY2MTM4MDY2MzU4
LzEvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALZRJMA4E
AgACMAgDBgcqD4wAADANBgkqhkiG9w0BAQsFAAOCAQEAC7voPRj09if2mAOnkQnh
iKhD1n65EA1x118uEOefmB4D9XR60iP3uzzDRDB0ljgxvg/layYvL+zG2wp0i5Z+
dpG3dmL08SbU0q5Vfv+nz8gNduzkhpxOJfykDY5rho5mtOh2ziUtFFSdhN2JUUN6
G7/2FTkx1IX8bn5dNJsr7y9mnh3JTJg+kBIGM3WTrJyaeD4PkuHYAFkiZxCtUPh/
nxln1nk/R9/a/aSvCmb7+9+eEoIIagjKGDys3z62KvkRHqbRnuo6ElKf1/D1oAXj
Q4mxMbk+fzbRn81OybrV4jKmA7PQyVKnXA+uoV4hYiFrayeWX4RyMUtz8hgCP/Wm
hA==
-----END CERTIFICATE-----