Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kwg17OPELesJwX-K2EveP6uRmQI.roa
File:                     kwg17OPELesJwX-K2EveP6uRmQI.roa (raw, json)
Hash identifier:          iT7A/ZHoeCV47NmcLWXGSBtyU9TUOrWcljfTWQ3RON8=
Subject key identifier:   93:08:35:EC:E3:C4:2D:EB:09:C1:7F:8A:D8:4B:DE:3F:AB:91:99:02
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198558749C06AD744E2D2AEE371E70B1875
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kwg17OPELesJwX-K2EveP6uRmQI.roa
Signing time:             Tue 29 Jul 2025 09:33:06 +0000
ROA not before:           Tue 29 Jul 2025 09:33:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399073
IP address blocks:        151.244.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 15:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:87:49:c0:6a:d7:44:e2:d2:ae:e3:71:e7:0b:18:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 29 09:33:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=930835ece3c42deb09c17f8ad84bde3fab919902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e4:5e:d8:dc:82:b1:47:98:0b:fd:a8:5b:2c:
                    f7:d2:8e:13:80:77:5a:ab:25:f1:7b:ee:43:97:90:
                    b3:da:16:3c:ac:ae:25:b1:90:84:b4:ad:88:7a:49:
                    fa:54:6f:37:4b:7c:dc:db:8a:2b:7e:b1:ec:d6:9b:
                    b2:5a:48:30:05:b5:8f:e2:b8:f3:5b:54:34:67:3c:
                    5c:af:fb:af:d6:9e:73:e5:df:37:02:69:df:b3:4e:
                    9c:5c:0c:13:7f:6c:fb:ee:1d:f2:64:6f:cf:bd:14:
                    07:07:2b:bf:dd:bc:e2:21:84:00:c9:ca:04:a7:b8:
                    e7:a3:17:82:b1:61:ab:46:c2:a3:13:71:4c:54:40:
                    44:6d:f2:e1:00:a4:1e:10:29:cc:41:61:b9:6c:e9:
                    39:39:e0:5b:00:13:dc:97:be:11:a0:a4:d4:19:45:
                    d2:f5:15:ab:49:46:6a:e3:c1:24:6c:32:4f:7a:11:
                    d1:62:10:0d:0e:0b:82:52:88:9c:4a:11:07:dd:47:
                    98:33:e3:c0:d3:03:07:3b:5e:40:58:5e:ec:00:e2:
                    bd:7f:d1:91:b3:f8:28:f4:c2:fc:52:ec:51:f3:fe:
                    2b:e2:ee:53:0c:fe:d9:74:ef:6e:57:85:e6:1a:df:
                    11:c2:6f:fd:89:f2:c9:17:41:ca:a8:53:6c:40:ad:
                    66:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:08:35:EC:E3:C4:2D:EB:09:C1:7F:8A:D8:4B:DE:3F:AB:91:99:02
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kwg17OPELesJwX-K2EveP6uRmQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:e2:20:4d:be:7a:88:1c:db:39:7b:29:04:1f:fa:b1:7d:89:
         ef:59:ed:c0:d0:6c:76:8a:42:3a:f4:e1:46:ae:05:7d:ff:64:
         45:30:d2:42:a9:63:b9:c9:dd:52:eb:cd:0a:44:b6:e2:0f:3f:
         fa:ac:d5:87:a6:ea:c9:63:4d:f2:86:8f:a9:a0:2c:ab:a6:c1:
         0a:56:4d:e7:c2:85:00:16:b3:21:51:27:95:14:9b:a6:27:5c:
         e6:23:cc:a4:f4:a1:23:c6:9e:e4:d9:87:5e:de:40:d6:84:46:
         28:9b:b3:28:0d:75:c9:a5:6f:2e:04:06:dc:b4:ae:34:d6:3b:
         02:b2:15:c8:4d:31:71:d5:9b:b7:f3:e6:15:c9:e7:59:4f:66:
         43:69:32:49:4d:dd:9f:1f:6d:28:2d:68:dd:72:7b:a4:d7:1d:
         38:ab:bd:e8:66:fc:99:87:16:c6:df:d1:8e:9c:5e:e0:f3:91:
         7e:3a:1a:6b:ad:a7:91:59:9b:c7:cb:ca:a6:6b:02:dd:38:01:
         1f:0e:7c:83:3b:a7:21:09:a0:d9:b1:e0:60:8b:dc:75:9f:3d:
         1a:88:bb:6f:42:98:cb:b4:15:c5:ac:54:a6:94:b1:00:d7:bc:
         46:23:bd:89:86:28:12:f2:28:8d:c5:9d:c2:40:db:ce:2b:d3:
         3f:2a:ea:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhVh0nAatdE4tKu43HnCxh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzI5MDkzMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA4MzVlY2UzYzQyZGViMDljMTdmOGFkODRiZGUzZmFiOTE5OTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5eRe2NyCsUeYC/2oWyz30o4TgHda
qyXxe+5Dl5Cz2hY8rK4lsZCEtK2Iekn6VG83S3zc24orfrHs1puyWkgwBbWP4rjz
W1Q0Zzxcr/uv1p5z5d83Amnfs06cXAwTf2z77h3yZG/PvRQHByu/3bziIYQAycoE
p7jnoxeCsWGrRsKjE3FMVEBEbfLhAKQeECnMQWG5bOk5OeBbABPcl74RoKTUGUXS
9RWrSUZq48EkbDJPehHRYhANDguCUoicShEH3UeYM+PA0wMHO15AWF7sAOK9f9GR
s/go9ML8UuxR8/4r4u5TDP7ZdO9uV4XmGt8Rwm/9ifLJF0HKqFNsQK1mLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMINezjxC3rCcF/ithL3j+rkZkCMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEva3dnMTdPUEVMZXNKd1gtSzJFdmVQNnVSbVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/Q5MA0G
CSqGSIb3DQEBCwUAA4IBAQCX4iBNvnqIHNs5eykEH/qxfYnvWe3A0Gx2ikI69OFG
rgV9/2RFMNJCqWO5yd1S680KRLbiDz/6rNWHpurJY03yho+poCyrpsEKVk3nwoUA
FrMhUSeVFJumJ1zmI8yk9KEjxp7k2Yde3kDWhEYom7MoDXXJpW8uBAbctK401jsC
shXITTFx1Zu38+YVyedZT2ZDaTJJTd2fH20oLWjdcnuk1x04q73oZvyZhxbG39GO
nF7g85F+OhprraeRWZvHy8qmawLdOAEfDnyDO6chCaDZseBgi9x1nz0aiLtvQpjL
tBXFrFSmlLEA17xGI72JhigS8iiNxZ3CQNvOK9M/Kurp
-----END CERTIFICATE-----