Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/W-_DwIoBcKHWFoS4csWFAo8bJCI.roa
File:                     W-_DwIoBcKHWFoS4csWFAo8bJCI.roa (raw, json)
Hash identifier:          EK5Swr2tP0PT2mDSAx38VVSi0CRzwiRTTjLXhIleOQM=
Subject key identifier:   5B:EF:C3:C0:8A:01:70:A1:D6:16:84:B8:72:C5:85:02:8F:1B:24:22
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D5756EA36EAF547FDC4727879A170494D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/W-_DwIoBcKHWFoS4csWFAo8bJCI.roa
Signing time:             Sat 04 Apr 2026 07:13:26 +0000
ROA not before:           Sat 04 Apr 2026 07:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200975
IP address blocks:        151.247.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:57:56:ea:36:ea:f5:47:fd:c4:72:78:79:a1:70:49:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr  4 07:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5befc3c08a0170a1d61684b872c585028f1b2422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2e:4b:e5:72:e3:77:54:be:27:39:f3:d8:ec:
                    7d:c1:96:d9:57:e9:f7:30:2c:2e:74:a8:07:16:dd:
                    c8:d7:9d:9e:d7:4a:93:33:9a:75:0a:2d:c7:6e:f9:
                    53:f3:7f:b3:44:81:c2:52:01:b8:21:b7:5c:86:c4:
                    dc:cd:06:de:5c:bd:6d:fc:38:e4:f4:4e:02:cc:f9:
                    24:d8:ed:89:e0:5c:38:a3:cb:dc:26:5a:0f:de:d9:
                    14:65:cc:00:60:f7:7e:4a:22:2c:f3:7e:4a:e9:d1:
                    d2:18:19:aa:4e:96:c6:13:d2:a9:b1:8d:cf:4c:c8:
                    36:c5:b8:23:f7:5f:72:d7:ae:e3:6f:a4:17:8f:65:
                    37:09:e5:9e:fd:29:cc:1d:f5:26:87:1b:bf:64:35:
                    8b:ab:9e:09:52:2c:05:4e:0d:5a:b9:0b:46:af:8c:
                    b4:f3:d8:02:1a:4e:db:c0:5e:c7:73:99:e0:f7:d1:
                    ce:42:1e:8b:a6:7c:59:85:63:3a:16:ad:3e:b2:5f:
                    b9:68:d7:2d:c5:24:b3:02:13:00:a6:d9:3c:30:67:
                    4a:55:83:a7:27:3c:22:2f:85:f2:2d:c2:17:d3:61:
                    74:4e:b2:81:3d:33:27:bd:6f:87:66:08:ea:8e:47:
                    9c:bc:be:83:05:24:fa:36:02:3e:e5:04:2e:86:d8:
                    52:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:EF:C3:C0:8A:01:70:A1:D6:16:84:B8:72:C5:85:02:8F:1B:24:22
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/W-_DwIoBcKHWFoS4csWFAo8bJCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:51:e7:4b:9b:f9:ba:47:16:3e:b4:31:9b:35:ee:55:94:8f:
         3a:8e:30:a4:11:78:c8:f5:29:57:11:38:a8:71:f3:93:87:40:
         75:8f:67:98:d1:50:3d:27:25:16:d8:59:23:fb:fb:54:1a:c8:
         26:59:6c:55:e3:ba:9a:25:6e:a5:63:a8:ae:e4:14:1c:96:3f:
         5f:a1:6b:ef:09:a4:c8:53:67:de:ef:5a:80:45:52:09:29:8e:
         8e:c8:52:c7:8d:40:67:f1:90:03:7a:2d:4f:1e:f3:aa:4f:25:
         07:66:2d:27:d1:9f:23:44:a4:6a:6b:ba:d0:31:f8:b5:96:24:
         f5:83:49:f7:71:b8:f3:06:f2:87:d6:57:d9:92:ef:68:4e:23:
         66:4e:ee:65:66:90:7e:a7:74:be:a3:a3:46:72:06:74:2a:06:
         fc:21:e7:b8:1d:be:5a:8a:54:99:d7:17:cc:d5:12:23:11:73:
         3b:12:02:3f:ef:65:df:5d:46:ab:f4:13:9f:83:a0:92:1a:15:
         c0:d6:cd:e0:49:9f:e8:b1:90:c5:cd:4c:43:31:83:4d:5d:c8:
         58:18:a2:2e:a5:9b:92:20:63:0f:b3:98:a3:7a:4d:8b:19:ab:
         da:dd:9c:7a:e7:79:5f:99:49:01:fb:78:60:03:98:07:f2:c1:
         71:7c:e1:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1XVuo26vVH/cRyeHmhcElNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDA0MDcxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmVmYzNjMDhhMDE3MGExZDYxNjg0Yjg3MmM1ODUwMjhmMWIyNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS5L5XLjd1S+Jznz2Ox9wZbZV+n3
MCwudKgHFt3I152e10qTM5p1Ci3HbvlT83+zRIHCUgG4IbdchsTczQbeXL1t/Djk
9E4CzPkk2O2J4Fw4o8vcJloP3tkUZcwAYPd+SiIs835K6dHSGBmqTpbGE9KpsY3P
TMg2xbgj919y167jb6QXj2U3CeWe/SnMHfUmhxu/ZDWLq54JUiwFTg1auQtGr4y0
89gCGk7bwF7Hc5ng99HOQh6LpnxZhWM6Fq0+sl+5aNctxSSzAhMAptk8MGdKVYOn
JzwiL4XyLcIX02F0TrKBPTMnvW+HZgjqjkecvL6DBST6NgI+5QQuhthSEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvvw8CKAXCh1haEuHLFhQKPGyQiMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVy1fRHdJb0JjS0hXRm9TNGNzV0ZBbzhiSkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/etMA0G
CSqGSIb3DQEBCwUAA4IBAQBUUedLm/m6RxY+tDGbNe5VlI86jjCkEXjI9SlXETio
cfOTh0B1j2eY0VA9JyUW2Fkj+/tUGsgmWWxV47qaJW6lY6iu5BQclj9foWvvCaTI
U2fe71qARVIJKY6OyFLHjUBn8ZADei1PHvOqTyUHZi0n0Z8jRKRqa7rQMfi1liT1
g0n3cbjzBvKH1lfZku9oTiNmTu5lZpB+p3S+o6NGcgZ0Kgb8Iee4Hb5ailSZ1xfM
1RIjEXM7EgI/72XfXUar9BOfg6CSGhXA1s3gSZ/osZDFzUxDMYNNXchYGKIupZuS
IGMPs5ijek2LGava3Zx653lfmUkB+3hgA5gH8sFxfOGY
-----END CERTIFICATE-----