Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uzm5_KiJiSRMbTTdloBvlYvxGzc.roa
File:                     uzm5_KiJiSRMbTTdloBvlYvxGzc.roa (raw, json)
Hash identifier:          pw1Is1bmo4G6UF/DalMln/p/koBEHZP2sf0lk9PGSlc=
Subject key identifier:   BB:39:B9:FC:A8:89:89:24:4C:6D:34:DD:96:80:6F:95:8B:F1:1B:37
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425223E81B19667CF148509996ECC45D7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uzm5_KiJiSRMbTTdloBvlYvxGzc.roa
Signing time:             Thu 02 Jan 2025 03:49:48 +0000
ROA not before:           Thu 02 Jan 2025 03:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210354
IP address blocks:        2a0e:97c0:690::/44 maxlen: 48
                          2a0e:97c0:690::/48 maxlen: 48
                          2a0e:97c0:691::/48 maxlen: 48
                          2a0e:97c0:692::/48 maxlen: 48
                          2a0e:97c0:693::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:3e:81:b1:96:67:cf:14:85:09:99:6e:cc:45:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb39b9fca88989244c6d34dd96806f958bf11b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5d:1c:54:15:d1:ac:5f:69:97:1c:04:d5:12:
                    40:16:0c:df:a9:84:e6:e8:86:ed:93:93:84:bf:1c:
                    2e:1d:fc:76:94:c5:20:99:80:d2:63:db:3d:9d:d8:
                    5b:fa:69:24:39:c5:eb:b0:1f:41:80:f4:5e:1f:1e:
                    59:dc:2c:f7:e0:91:15:24:ad:7d:78:2d:35:03:b0:
                    8b:22:2c:57:ea:19:e4:93:4e:86:02:64:05:59:89:
                    ec:75:75:9a:c7:ae:bc:cc:d0:7f:9a:81:65:db:6e:
                    e1:b3:d6:2a:fc:29:79:e3:71:7a:ce:9e:05:e9:6b:
                    17:e0:41:bb:29:8a:ff:7f:74:29:5d:7a:f5:a2:ec:
                    2e:d1:34:ad:a0:c6:e2:a2:9c:61:7d:fd:ee:73:03:
                    89:f0:e8:65:9c:6a:c7:38:9c:89:f3:3a:d2:72:a8:
                    d4:6f:8e:f5:83:10:73:4f:bf:d0:39:24:0a:ed:05:
                    e7:51:82:8a:77:f6:a6:29:d4:48:0c:e5:bb:36:ba:
                    82:f8:77:9a:00:37:b7:0f:d5:a0:55:47:68:91:da:
                    87:eb:47:ab:25:8a:ab:08:38:25:c1:5c:0a:40:31:
                    6c:b2:ec:97:30:35:61:08:b9:80:88:08:b6:40:03:
                    83:cf:e7:a1:01:6e:ec:b0:9a:b9:6b:93:fd:d2:38:
                    93:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:39:B9:FC:A8:89:89:24:4C:6D:34:DD:96:80:6F:95:8B:F1:1B:37
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uzm5_KiJiSRMbTTdloBvlYvxGzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:690::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:a8:0c:af:3d:07:b8:90:4d:93:54:3d:e2:4c:ad:1c:c3:88:
         27:55:de:87:f7:98:08:c3:9e:7c:f5:02:30:24:ef:ed:3a:ad:
         8b:d7:d2:83:8e:7e:5f:d8:5d:d8:ac:23:16:17:76:3b:e8:5b:
         5f:0d:06:3e:72:d3:b6:ba:64:ef:55:6d:37:35:a5:4b:f4:9a:
         a8:aa:92:3e:38:9f:87:17:08:20:e4:21:3a:75:40:12:91:1c:
         e7:39:ce:7a:e0:01:bb:23:71:3f:e1:f2:97:15:c2:69:03:12:
         5d:1c:28:91:b3:0f:13:49:d2:1d:09:e3:ce:b0:a8:dc:d2:90:
         c6:b4:84:7b:fb:3d:3b:60:5a:83:b5:d1:2f:55:4f:e0:32:e4:
         c5:47:dc:01:7e:69:19:ee:f0:03:3d:ea:4e:43:05:7c:c5:dc:
         09:dc:d6:a0:e7:07:c9:b2:27:92:91:d6:1a:5e:a8:23:30:1b:
         e1:58:f9:00:6b:d5:a2:aa:17:4a:81:6e:42:44:57:06:51:e5:
         cf:f5:80:93:85:16:a8:cf:51:13:6f:0c:97:01:27:47:30:9a:
         05:43:72:ff:8f:4c:d0:d9:49:98:29:99:4e:d6:83:a9:48:d1:
         79:c0:66:68:4e:58:02:e7:2f:5d:bb:5e:4b:1d:69:30:09:06:
         cf:7c:10:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIj6BsZZnzxSFCZluzEXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM5YjlmY2E4ODk4OTI0NGM2ZDM0ZGQ5NjgwNmY5NThiZjExYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzV0cVBXRrF9plxwE1RJAFgzfqYTm
6Ibtk5OEvxwuHfx2lMUgmYDSY9s9ndhb+mkkOcXrsB9BgPReHx5Z3Cz34JEVJK19
eC01A7CLIixX6hnkk06GAmQFWYnsdXWax668zNB/moFl227hs9Yq/Cl543F6zp4F
6WsX4EG7KYr/f3QpXXr1ouwu0TStoMbiopxhff3ucwOJ8OhlnGrHOJyJ8zrScqjU
b471gxBzT7/QOSQK7QXnUYKKd/amKdRIDOW7NrqC+HeaADe3D9WgVUdokdqH60er
JYqrCDglwVwKQDFssuyXMDVhCLmAiAi2QAODz+ehAW7ssJq5a5P90jiTewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLs5ufyoiYkkTG003ZaAb5WL8Rs3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdXptNV9LaUppU1JNYlRUZGxvQnZsWXZ4R3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAaQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBdqAyvPQe4kE2TVD3iTK0cw4gnVd6H95gIw558
9QIwJO/tOq2L19KDjn5f2F3YrCMWF3Y76FtfDQY+ctO2umTvVW03NaVL9JqoqpI+
OJ+HFwgg5CE6dUASkRznOc564AG7I3E/4fKXFcJpAxJdHCiRsw8TSdIdCePOsKjc
0pDGtIR7+z07YFqDtdEvVU/gMuTFR9wBfmkZ7vADPepOQwV8xdwJ3Nag5wfJsieS
kdYaXqgjMBvhWPkAa9WiqhdKgW5CRFcGUeXP9YCThRaoz1ETbwyXASdHMJoFQ3L/
j0zQ2UmYKZlO1oOpSNF5wGZoTlgC5y9du15LHWkwCQbPfBBn
-----END CERTIFICATE-----