Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/uZ27zPwLhjE5BWZLO3NLV12cWgw.roa
File:                     uZ27zPwLhjE5BWZLO3NLV12cWgw.roa (raw, json)
Hash identifier:          Ul7GEuNF1Gk3L7uLhyReiPLSt6uO+BwK3j2zbKIAP00=
Subject key identifier:   B9:9D:BB:CC:FC:0B:86:31:39:05:66:4B:3B:73:4B:57:5D:9C:5A:0C
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019779F12B5518424D41D910D2B113551161
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/uZ27zPwLhjE5BWZLO3NLV12cWgw.roa
Signing time:             Mon 16 Jun 2025 18:12:17 +0000
ROA not before:           Mon 16 Jun 2025 18:12:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213775
IP address blocks:        5.57.36.0/24 maxlen: 24
                          37.32.46.0/24 maxlen: 24
                          178.239.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:f1:2b:55:18:42:4d:41:d9:10:d2:b1:13:55:11:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jun 16 18:12:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b99dbbccfc0b86313905664b3b734b575d9c5a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fa:89:67:d1:8c:bd:c2:dd:d4:48:cc:bc:dc:
                    53:61:ad:ee:42:e4:80:86:c1:a2:39:32:95:ab:25:
                    68:02:e2:f1:f7:25:6e:c7:01:4b:75:79:0a:2c:30:
                    69:dd:d8:03:2d:ca:21:85:31:d0:28:88:77:d3:43:
                    6b:e9:94:31:64:1a:35:28:57:19:69:19:f4:5b:59:
                    e7:26:93:da:01:79:62:b3:11:b3:fc:9e:b4:3c:93:
                    22:c8:58:0c:7c:d2:53:5e:a7:ba:2e:d7:e7:2f:a8:
                    ad:f1:8d:26:2d:b9:a9:e3:78:66:f0:c3:f5:72:db:
                    b0:17:31:3b:1f:52:63:a7:5c:10:08:fc:df:d1:d3:
                    32:f0:ba:9d:38:12:50:e0:31:5d:17:e7:2c:b4:9a:
                    3a:3e:41:d6:40:e7:a2:fa:11:3d:69:64:8f:34:7f:
                    cf:73:ea:b9:d9:64:6e:c2:39:16:5e:9b:da:c3:c4:
                    20:19:53:3c:d5:84:62:d6:f7:d2:b9:68:6d:10:48:
                    41:86:fe:84:74:9a:a2:48:e8:e5:01:a2:3a:33:a2:
                    9b:25:39:e1:8a:32:6c:17:ee:38:30:d9:cb:2f:56:
                    25:9d:43:05:42:d6:24:31:a8:d1:c5:0e:77:35:a3:
                    86:14:32:62:f7:9e:c6:b6:4e:b5:eb:36:45:09:6b:
                    c4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:9D:BB:CC:FC:0B:86:31:39:05:66:4B:3B:73:4B:57:5D:9C:5A:0C
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/uZ27zPwLhjE5BWZLO3NLV12cWgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.36.0/24
                  37.32.46.0/24
                  178.239.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:d4:09:cb:89:40:8e:e9:54:0d:3f:a7:09:ef:c5:a1:05:da:
         fc:2e:fd:60:6b:10:fd:5a:d2:c2:05:08:9f:6e:0a:f0:64:16:
         45:18:84:3b:d1:dd:a8:2b:eb:52:19:af:29:f7:32:f4:f2:38:
         ce:4c:66:cd:7a:2b:1b:d3:58:c0:4f:d7:18:a6:a5:76:11:c7:
         3f:fd:38:ed:25:8f:d4:a1:f8:58:e9:07:cf:bb:dc:65:25:22:
         48:36:c7:13:28:c4:f9:6c:f9:b7:a0:8e:37:0f:a9:4a:33:84:
         4a:d1:48:53:d8:b3:0a:03:0e:04:80:73:f2:8c:09:39:06:e8:
         cc:d7:11:58:1c:7d:84:cc:11:7c:7b:09:10:0a:80:bf:b2:a3:
         13:59:35:2b:46:57:50:5e:7c:4b:71:5b:c2:3f:7c:a6:94:0d:
         59:46:b3:c5:ab:cf:92:ab:13:55:fd:e5:87:09:34:b2:83:49:
         f0:7f:b9:ac:58:fd:79:ae:b3:b3:72:ca:b3:c1:83:3f:e4:bc:
         5b:94:4b:e2:f8:d1:16:09:f4:4d:a1:fe:e5:57:35:29:ef:16:
         df:2b:fc:8b:d1:44:d7:ac:c9:ba:e4:e6:cc:40:1c:f8:3f:43:
         ea:4d:2f:0c:ef:0e:63:fb:5c:0d:05:d8:7f:ad:eb:ea:00:2c:
         f0:6b:60:f4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZd58StVGEJNQdkQ0rETVRFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNjE2MTgxMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTlkYmJjY2ZjMGI4NjMxMzkwNTY2NGIzYjczNGI1NzVkOWM1YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/qJZ9GMvcLd1EjMvNxTYa3uQuSA
hsGiOTKVqyVoAuLx9yVuxwFLdXkKLDBp3dgDLcohhTHQKIh300Nr6ZQxZBo1KFcZ
aRn0W1nnJpPaAXlisxGz/J60PJMiyFgMfNJTXqe6LtfnL6it8Y0mLbmp43hm8MP1
ctuwFzE7H1Jjp1wQCPzf0dMy8LqdOBJQ4DFdF+cstJo6PkHWQOei+hE9aWSPNH/P
c+q52WRuwjkWXpvaw8QgGVM81YRi1vfSuWhtEEhBhv6EdJqiSOjlAaI6M6KbJTnh
ijJsF+44MNnLL1YlnUMFQtYkMajRxQ53NaOGFDJi957Gtk616zZFCWvEjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLmdu8z8C4YxOQVmSztzS1ddnFoMMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvdVoyN3pQd0xoakU1QldaTE8zTkxWMTJjV2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABTkkAwQA
JSAuAwQAsu+aMA0GCSqGSIb3DQEBCwUAA4IBAQAg1AnLiUCO6VQNP6cJ78WhBdr8
Lv1gaxD9WtLCBQifbgrwZBZFGIQ70d2oK+tSGa8p9zL08jjOTGbNeisb01jAT9cY
pqV2Ecc//TjtJY/UofhY6QfPu9xlJSJINscTKMT5bPm3oI43D6lKM4RK0UhT2LMK
Aw4EgHPyjAk5BujM1xFYHH2EzBF8ewkQCoC/sqMTWTUrRldQXnxLcVvCP3ymlA1Z
RrPFq8+SqxNV/eWHCTSyg0nwf7msWP15rrOzcsqzwYM/5LxblEvi+NEWCfRNof7l
VzUp7xbfK/yL0UTXrMm65ObMQBz4P0PqTS8M7w5j+1wNBdh/revqACzwa2D0
-----END CERTIFICATE-----