Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/uw5uYRfw3pC5nJXxczi3tVvkY7I.roa
File:                     uw5uYRfw3pC5nJXxczi3tVvkY7I.roa (raw, json)
Hash identifier:          noD3uoydquQYeR5oh05bo3dbdjw+XIFKtmuy3W50gWc=
Subject key identifier:   BB:0E:6E:61:17:F0:DE:90:B9:9C:95:F1:73:38:B7:B5:5B:E4:63:B2
Certificate issuer:       /CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
Certificate serial:       019426D9234300B91C82897FCE077782EC09
Authority key identifier: 57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/uw5uYRfw3pC5nJXxczi3tVvkY7I.roa
Signing time:             Thu 02 Jan 2025 11:49:12 +0000
ROA not before:           Thu 02 Jan 2025 11:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198422
IP address blocks:        194.147.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 20:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:23:43:00:b9:1c:82:89:7f:ce:07:77:82:ec:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
        Validity
            Not Before: Jan  2 11:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb0e6e6117f0de90b99c95f17338b7b55be463b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:17:26:c3:ee:ea:73:56:98:ee:1c:62:80:51:
                    ba:22:67:5a:04:8c:fb:b7:e9:b5:d8:75:43:1c:8f:
                    71:7f:6e:8f:d5:db:e9:06:16:93:ea:2d:5a:75:3a:
                    fb:16:cf:8b:35:28:fe:f5:4b:f2:66:11:fe:97:63:
                    de:e2:ce:68:13:4d:d5:1e:e8:03:28:57:38:4e:96:
                    df:63:72:46:c0:4c:d3:5a:a2:74:3e:0b:cb:a4:16:
                    84:44:11:0f:dd:9d:8f:2f:60:66:34:05:d7:c7:99:
                    ad:bd:28:57:ba:9d:e9:08:1f:5d:18:51:3f:e9:39:
                    4a:d3:6c:90:94:92:13:5b:98:c9:f9:1a:21:71:a5:
                    19:85:8d:65:b4:65:61:2d:d3:bd:7f:5f:f3:b5:da:
                    de:53:eb:af:1d:10:7a:30:9d:df:57:9b:f6:d4:d7:
                    d2:8d:1a:df:5f:03:28:6e:ed:c2:04:a7:d0:bd:5a:
                    c2:84:f0:dc:32:2e:1e:1d:2e:c3:09:76:1b:8b:30:
                    b4:c8:ac:c3:77:e1:dc:dc:ce:dd:ea:9c:3d:e2:1f:
                    7a:b9:e0:d8:15:09:f6:05:66:20:7e:80:d3:7e:84:
                    9a:6f:a8:d2:2a:c8:e0:51:c9:56:fc:e2:13:8d:97:
                    ec:62:63:0f:46:11:2f:85:d0:9b:2f:3c:0f:b1:85:
                    8d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:0E:6E:61:17:F0:DE:90:B9:9C:95:F1:73:38:B7:B5:5B:E4:63:B2
            X509v3 Authority Key Identifier:
                keyid:57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/uw5uYRfw3pC5nJXxczi3tVvkY7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:f5:61:2c:42:8e:4c:0a:1c:8f:96:be:36:cc:29:2f:6b:d0:
         59:56:88:43:9c:63:6d:29:6f:f7:33:15:d1:26:64:88:c5:c8:
         46:23:8f:88:08:3d:e4:b7:92:37:0c:17:ac:26:75:54:f3:af:
         ca:ea:b7:23:e9:24:a1:f5:a6:14:ad:5b:0a:7f:47:90:18:34:
         76:31:5e:24:fe:6e:c5:e3:ba:f7:03:67:4e:0e:2b:b9:bb:c2:
         be:35:0b:b6:de:52:95:ef:fe:26:6f:e7:d1:44:85:ca:da:fb:
         41:2d:03:64:32:f3:a8:11:ad:44:36:e0:84:4f:19:1d:cf:e7:
         58:8a:3e:c0:b7:b4:98:29:86:bb:f9:e6:52:75:5b:98:17:98:
         de:30:69:dc:b8:9f:33:0a:d1:f6:ee:f7:1c:a2:fd:52:e3:76:
         b8:5d:13:61:b4:c0:a7:1f:71:9b:00:44:ac:85:2c:57:13:ef:
         53:d1:51:cc:12:c9:cf:70:77:d1:c6:85:86:56:3b:03:de:50:
         b5:eb:41:fe:c1:62:6c:42:a1:4f:88:15:8c:3d:63:fc:6e:42:
         6d:ed:5a:9e:da:5e:c8:bd:da:ac:a5:27:72:fb:09:9d:b5:52:
         0b:34:f8:a0:9e:ae:41:54:1f:db:a4:1b:9b:91:67:a8:e5:0f:
         ce:3c:ea:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2SNDALkcgol/zgd3guwJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OWFkZTlmZWFlZGM0MDZkZjVlMTFiY2VmMDM5M2NkNWU5
ZmQwZGQwHhcNMjUwMTAyMTE0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjBlNmU2MTE3ZjBkZTkwYjk5Yzk1ZjE3MzM4YjdiNTViZTQ2M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxcmw+7qc1aY7hxigFG6ImdaBIz7
t+m12HVDHI9xf26P1dvpBhaT6i1adTr7Fs+LNSj+9UvyZhH+l2Pe4s5oE03VHugD
KFc4TpbfY3JGwEzTWqJ0PgvLpBaERBEP3Z2PL2BmNAXXx5mtvShXup3pCB9dGFE/
6TlK02yQlJITW5jJ+RohcaUZhY1ltGVhLdO9f1/ztdreU+uvHRB6MJ3fV5v21NfS
jRrfXwMobu3CBKfQvVrChPDcMi4eHS7DCXYbizC0yKzDd+Hc3M7d6pw94h96ueDY
FQn2BWYgfoDTfoSab6jSKsjgUclW/OITjZfsYmMPRhEvhdCbLzwPsYWN1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsObmEX8N6QuZyV8XM4t7Vb5GOyMB8GA1UdIwQY
MBaAFFea3p/q7cQG314RvO8Dk81en9DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmIt
MjA4ZWYzMmMwMjAyLzEvdXc1dVlSZnczcEM1bkpYeGN6aTN0VnZrWTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmItMjA4ZWYzMmMwMjAy
LzEvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNLMA0G
CSqGSIb3DQEBCwUAA4IBAQAA9WEsQo5MChyPlr42zCkva9BZVohDnGNtKW/3MxXR
JmSIxchGI4+ICD3kt5I3DBesJnVU86/K6rcj6SSh9aYUrVsKf0eQGDR2MV4k/m7F
47r3A2dODiu5u8K+NQu23lKV7/4mb+fRRIXK2vtBLQNkMvOoEa1ENuCETxkdz+dY
ij7At7SYKYa7+eZSdVuYF5jeMGncuJ8zCtH27vccov1S43a4XRNhtMCnH3GbAESs
hSxXE+9T0VHMEsnPcHfRxoWGVjsD3lC160H+wWJsQqFPiBWMPWP8bkJt7Vqe2l7I
vdqspSdy+wmdtVILNPignq5BVB/bpBubkWeo5Q/OPOqI
-----END CERTIFICATE-----