Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DW7CSJlgI_MiG-YHSnLFaxpOcWA.roa
File:                     DW7CSJlgI_MiG-YHSnLFaxpOcWA.roa (raw, json)
Hash identifier:          DX5H3+sK3u9EaKwyEYTlNYOXPc4rQy4cRND2EKXmeWs=
Subject key identifier:   0D:6E:C2:48:99:60:23:F3:22:1B:E6:07:4A:72:C5:6B:1A:4E:71:60
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D1FB81D595C611D2E7149803907EACCCC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DW7CSJlgI_MiG-YHSnLFaxpOcWA.roa
Signing time:             Tue 24 Mar 2026 12:00:52 +0000
ROA not before:           Tue 24 Mar 2026 12:00:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        151.247.13.0/24 maxlen: 24
                          151.247.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:b8:1d:59:5c:61:1d:2e:71:49:80:39:07:ea:cc:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 24 12:00:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d6ec248996023f3221be6074a72c56b1a4e7160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1b:3c:14:94:f1:71:ed:e0:bb:56:34:8a:37:
                    0e:f8:77:da:30:fa:21:a0:eb:c6:22:82:6f:21:c2:
                    c4:32:ad:99:3a:c0:ac:45:dd:06:d8:24:e9:72:a0:
                    3d:af:d0:0a:17:8a:b2:45:0b:db:9c:11:1a:d8:78:
                    1a:6a:9a:8d:92:1c:93:c1:34:9f:f6:aa:6f:a7:ff:
                    76:3b:bd:ba:3d:95:c0:63:a4:af:36:2a:bf:7c:3c:
                    97:d6:8d:2e:78:ca:a0:a8:f2:9f:bd:d5:d9:98:ac:
                    d6:db:3f:71:59:d2:9b:5d:5a:32:0f:a6:fc:44:b1:
                    92:b3:be:61:81:8a:62:f3:5d:56:3e:23:1e:4c:be:
                    00:f8:ee:a9:dc:d2:e9:b3:30:54:92:fb:20:13:62:
                    5c:18:21:11:7c:16:b1:aa:da:a7:4d:78:e6:e6:67:
                    12:c5:5d:36:7c:20:9a:ff:45:50:1c:9d:57:20:d4:
                    f2:ad:80:7f:98:e6:d1:e9:93:e3:40:40:89:9e:14:
                    bf:4b:01:00:60:bb:1e:32:8c:20:d9:ea:b6:fa:61:
                    0a:5d:32:c2:c9:ff:d5:55:95:ac:6b:39:9a:f2:47:
                    ec:d7:fe:4c:c3:4f:f6:e9:27:b7:48:4a:f1:b7:80:
                    05:51:d3:d2:d1:6d:f0:b2:2a:39:3d:b0:d2:45:e2:
                    c2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:6E:C2:48:99:60:23:F3:22:1B:E6:07:4A:72:C5:6B:1A:4E:71:60
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DW7CSJlgI_MiG-YHSnLFaxpOcWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.13.0/24
                  151.247.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:34:a4:15:40:a5:ec:df:db:e5:da:01:59:40:cc:ce:60:7e:
         cc:f1:82:c5:aa:64:14:98:c4:0c:c5:54:d9:e9:52:b3:2a:8f:
         a9:40:cc:a5:23:73:93:20:f4:94:14:31:a0:ef:f5:83:90:b0:
         cf:37:e8:73:4e:38:79:b8:d5:dd:03:3c:a5:40:b6:04:66:3e:
         a9:a0:ee:49:fe:68:e3:43:e5:c7:a4:98:56:c0:a4:2e:91:9b:
         b3:95:9c:ed:5e:b9:bd:dd:e9:5a:21:4f:0f:e5:f0:a1:c8:7e:
         57:e4:c7:3c:8b:50:c0:5e:79:c2:5c:c3:ac:50:9e:9f:41:df:
         7e:db:c1:ad:bf:5d:6c:4e:89:df:54:0b:81:29:42:bc:66:06:
         19:b8:f4:07:53:19:7f:c8:7a:dd:e5:fd:b1:47:7c:88:8b:33:
         b8:ab:ad:d3:15:54:1f:11:80:32:75:7b:d4:50:47:c6:57:55:
         36:a1:64:14:f1:49:c7:68:ad:90:87:01:5c:e7:8e:5e:d5:3e:
         79:6b:ea:71:4c:ff:45:0c:67:ad:ed:a9:dd:de:a3:d0:49:35:
         24:a7:fe:6f:fc:03:4d:20:c3:43:14:c5:f7:53:e8:bb:56:7b:
         3d:18:be:e0:c6:00:12:18:dd:75:6a:f1:cd:7f:71:ae:76:ac:
         c7:97:4f:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0fuB1ZXGEdLnFJgDkH6szMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzI0MTIwMDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDZlYzI0ODk5NjAyM2YzMjIxYmU2MDc0YTcyYzU2YjFhNGU3MTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhs8FJTxce3gu1Y0ijcO+HfaMPoh
oOvGIoJvIcLEMq2ZOsCsRd0G2CTpcqA9r9AKF4qyRQvbnBEa2HgaapqNkhyTwTSf
9qpvp/92O726PZXAY6SvNiq/fDyX1o0ueMqgqPKfvdXZmKzW2z9xWdKbXVoyD6b8
RLGSs75hgYpi811WPiMeTL4A+O6p3NLpszBUkvsgE2JcGCERfBaxqtqnTXjm5mcS
xV02fCCa/0VQHJ1XINTyrYB/mObR6ZPjQECJnhS/SwEAYLseMowg2eq2+mEKXTLC
yf/VVZWsazma8kfs1/5Mw0/26Se3SErxt4AFUdPS0W3wsio5PbDSReLClQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA1uwkiZYCPzIhvmB0pyxWsaTnFgMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRFc3Q1NKbGdJX01pRy1ZSFNuTEZheHBPY1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/cNAwQA
l/cRMA0GCSqGSIb3DQEBCwUAA4IBAQBrNKQVQKXs39vl2gFZQMzOYH7M8YLFqmQU
mMQMxVTZ6VKzKo+pQMylI3OTIPSUFDGg7/WDkLDPN+hzTjh5uNXdAzylQLYEZj6p
oO5J/mjjQ+XHpJhWwKQukZuzlZztXrm93elaIU8P5fChyH5X5Mc8i1DAXnnCXMOs
UJ6fQd9+28Gtv11sTonfVAuBKUK8ZgYZuPQHUxl/yHrd5f2xR3yIizO4q63TFVQf
EYAydXvUUEfGV1U2oWQU8UnHaK2QhwFc545e1T55a+pxTP9FDGet7and3qPQSTUk
p/5v/ANNIMNDFMX3U+i7Vns9GL7gxgASGN11avHNf3GudqzHl0+6
-----END CERTIFICATE-----