Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/kwK7qq9-8R1SFEXV8ya4nXhQnGc.roa
File:                     kwK7qq9-8R1SFEXV8ya4nXhQnGc.roa (raw, json)
Hash identifier:          mpvYfYbKlNMOOXLEAZPX35jqkxWrEfgNP843asfJZCc=
Subject key identifier:   93:02:BB:AA:AF:7E:F1:1D:52:14:45:D5:F3:26:B8:9D:78:50:9C:67
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       0198A76D257CD99ABAEA9E4D45D73B5A2242
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/kwK7qq9-8R1SFEXV8ya4nXhQnGc.roa
Signing time:             Thu 14 Aug 2025 07:13:24 +0000
ROA not before:           Thu 14 Aug 2025 07:13:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        45.149.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:6d:25:7c:d9:9a:ba:ea:9e:4d:45:d7:3b:5a:22:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Aug 14 07:13:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9302bbaaaf7ef11d521445d5f326b89d78509c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d2:7d:ca:b4:f6:b3:ef:6c:c1:41:f9:87:e3:
                    82:80:3f:e6:68:7e:a2:38:3d:8a:c8:d8:bb:04:da:
                    b7:7c:e1:c8:80:cb:54:06:dd:87:7c:ff:97:84:98:
                    6b:58:fa:95:a7:60:60:25:b0:1f:43:a8:d0:a3:8a:
                    7b:47:ee:49:80:a3:aa:90:bb:73:0a:d2:26:09:3d:
                    c8:25:e4:d1:df:0c:5a:c3:7a:b2:00:37:4f:7d:68:
                    77:fe:d5:d5:5d:c6:da:f6:24:44:48:d1:6f:ac:ce:
                    a4:ed:bd:a4:21:9e:cd:2c:50:2d:af:ae:19:1d:55:
                    50:48:39:b4:7c:1a:60:3c:f5:63:ec:01:5d:ee:8a:
                    c3:90:d0:e8:8e:ab:ba:5b:b6:9a:88:20:58:32:6a:
                    fe:0d:f7:1e:57:97:71:36:fa:ba:af:1c:af:0b:23:
                    ad:8f:5a:f7:b7:59:4d:15:b6:f0:1e:34:b0:5f:32:
                    74:c7:80:38:f6:dc:a0:8e:5a:91:51:2b:fc:5b:bd:
                    40:c4:80:b8:77:31:c8:b5:d5:1e:45:5d:c8:d8:d7:
                    e9:4a:ca:41:00:3a:43:01:a7:7f:9e:89:54:d6:b1:
                    af:b3:4a:b6:24:49:1c:71:e5:a9:ce:21:8d:33:5d:
                    05:b9:94:fa:04:a3:90:bf:1f:9b:9f:4f:55:a6:9a:
                    95:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:02:BB:AA:AF:7E:F1:1D:52:14:45:D5:F3:26:B8:9D:78:50:9C:67
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/kwK7qq9-8R1SFEXV8ya4nXhQnGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:72:77:88:ba:7b:e9:54:ff:54:df:52:36:40:72:fa:2d:2e:
         af:6e:57:c9:67:7e:95:6c:8d:6c:ec:e7:bf:ae:1d:62:ff:08:
         d9:71:ca:92:64:a6:71:96:51:bb:a1:a3:b9:ef:70:25:ce:42:
         0f:25:d0:69:f4:40:78:88:a0:1f:6c:74:35:5c:4e:b0:c4:a5:
         b5:b9:5c:c9:65:d9:2c:d2:a0:31:30:5f:90:de:2e:d1:cd:86:
         44:a5:29:92:5e:4c:9d:dd:0e:5c:c9:39:5b:40:1f:a1:d6:b9:
         19:77:f5:cb:cf:1e:ef:78:83:ac:14:32:14:77:b7:1b:e2:70:
         4c:1b:31:f3:93:3b:7d:27:ab:fe:6b:2d:1f:c4:fa:cc:00:94:
         48:5c:ff:ed:e1:50:de:be:65:9f:d1:71:bb:a6:59:f5:6b:ba:
         62:ab:5e:2e:c5:85:46:cd:f4:19:35:58:fd:2d:64:6b:8b:eb:
         01:d1:45:b1:6e:d2:e9:fa:be:5e:0c:5c:85:81:99:bf:da:40:
         5e:f1:3b:a7:c6:81:c3:ab:5d:c0:2d:a5:5f:28:d9:c4:b4:dd:
         03:15:42:42:11:ea:dd:6c:2c:74:59:52:01:cc:d8:2c:e5:4d:
         f4:36:50:3c:f2:96:6d:31:e6:10:f7:97:f3:29:c6:83:65:05:
         1e:00:96:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZinbSV82Zq66p5NRdc7WiJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwODE0MDcxMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzAyYmJhYWFmN2VmMTFkNTIxNDQ1ZDVmMzI2Yjg5ZDc4NTA5YzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29J9yrT2s+9swUH5h+OCgD/maH6i
OD2KyNi7BNq3fOHIgMtUBt2HfP+XhJhrWPqVp2BgJbAfQ6jQo4p7R+5JgKOqkLtz
CtImCT3IJeTR3wxaw3qyADdPfWh3/tXVXcba9iRESNFvrM6k7b2kIZ7NLFAtr64Z
HVVQSDm0fBpgPPVj7AFd7orDkNDojqu6W7aaiCBYMmr+DfceV5dxNvq6rxyvCyOt
j1r3t1lNFbbwHjSwXzJ0x4A49tygjlqRUSv8W71AxIC4dzHItdUeRV3I2NfpSspB
ADpDAad/nolU1rGvs0q2JEkcceWpziGNM10FuZT6BKOQvx+bn09VppqVnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMCu6qvfvEdUhRF1fMmuJ14UJxnMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEva3dLN3FxOS04UjFTRkVYVjh5YTRuWGhRbkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZVeMA0G
CSqGSIb3DQEBCwUAA4IBAQBGcneIunvpVP9U31I2QHL6LS6vblfJZ36VbI1s7Oe/
rh1i/wjZccqSZKZxllG7oaO573AlzkIPJdBp9EB4iKAfbHQ1XE6wxKW1uVzJZdks
0qAxMF+Q3i7RzYZEpSmSXkyd3Q5cyTlbQB+h1rkZd/XLzx7veIOsFDIUd7cb4nBM
GzHzkzt9J6v+ay0fxPrMAJRIXP/t4VDevmWf0XG7pln1a7piq14uxYVGzfQZNVj9
LWRri+sB0UWxbtLp+r5eDFyFgZm/2kBe8TunxoHDq13ALaVfKNnEtN0DFUJCEerd
bCx0WVIBzNgs5U30NlA88pZtMeYQ95fzKcaDZQUeAJYI
-----END CERTIFICATE-----