Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/5289c4-02b5-465e-8cbd-773732652f4f/1/KaG_9OhAuCqS6mVHabC7lxG9AHI.roa
File:                     KaG_9OhAuCqS6mVHabC7lxG9AHI.roa (raw, json)
Hash identifier:          xWY0bvnvxQN2TpeVYq9xqInKcrALeii0RU0rJgA/S3U=
Subject key identifier:   29:A1:BF:F4:E8:40:B8:2A:92:EA:65:47:69:B0:BB:97:11:BD:00:72
Certificate issuer:       /CN=529fbab5171a5cb22f6c54f10b3a2cb6db51723e
Certificate serial:       019B76EAD9AA7F9F5C0E6108CFD95FE21B28
Authority key identifier: 52:9F:BA:B5:17:1A:5C:B2:2F:6C:54:F1:0B:3A:2C:B6:DB:51:72:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Up-6tRcaXLIvbFTxCzostttRcj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/5289c4-02b5-465e-8cbd-773732652f4f/1/KaG_9OhAuCqS6mVHabC7lxG9AHI.roa
Signing time:             Thu 01 Jan 2026 00:17:41 +0000
ROA not before:           Thu 01 Jan 2026 00:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209072
IP address blocks:        5.183.140.0/22 maxlen: 22
                          5.183.141.0/24 maxlen: 24
                          5.183.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/5289c4-02b5-465e-8cbd-773732652f4f/1/Up-6tRcaXLIvbFTxCzostttRcj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/5289c4-02b5-465e-8cbd-773732652f4f/1/Up-6tRcaXLIvbFTxCzostttRcj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Up-6tRcaXLIvbFTxCzostttRcj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:d9:aa:7f:9f:5c:0e:61:08:cf:d9:5f:e2:1b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529fbab5171a5cb22f6c54f10b3a2cb6db51723e
        Validity
            Not Before: Jan  1 00:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29a1bff4e840b82a92ea654769b0bb9711bd0072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:60:82:9d:ac:ce:cf:df:26:55:85:d3:a0:24:
                    9c:08:7b:7d:2c:a2:00:ae:27:da:e2:92:d2:1d:ec:
                    04:aa:c4:2a:31:3b:43:cf:cb:5d:23:dd:2f:c0:0b:
                    1d:62:d4:a4:95:65:6a:48:03:a5:3c:9f:1d:25:a9:
                    81:60:14:e5:18:6c:ce:52:6d:39:3a:88:d8:62:21:
                    71:2b:fb:97:bc:3a:c0:2b:92:23:4e:a6:a4:1f:6f:
                    62:2e:cb:51:c2:18:d0:13:dd:b7:8f:be:11:d7:35:
                    82:36:15:e9:52:d6:69:c2:6f:ab:2c:9e:c7:45:b7:
                    97:69:07:6a:4e:70:60:30:48:15:39:b2:6d:20:16:
                    ba:3c:f4:91:04:b4:42:04:2d:00:08:64:58:66:f6:
                    6f:67:32:75:ed:92:42:f4:3a:12:3b:c6:21:2c:e0:
                    da:61:16:dd:34:79:35:d5:2a:2a:dd:f8:ba:94:d5:
                    ba:40:84:91:c8:38:25:cb:10:f9:5f:32:18:8d:03:
                    2e:60:71:05:7a:5f:44:24:55:48:73:72:cd:bc:9f:
                    33:c4:e4:b6:c8:c4:bd:be:f7:d7:5a:8f:4f:b3:e9:
                    1c:5b:22:82:38:9a:38:81:93:11:a1:0c:0b:48:6a:
                    d3:88:94:17:5d:81:09:b9:21:87:e4:4c:30:21:ab:
                    51:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A1:BF:F4:E8:40:B8:2A:92:EA:65:47:69:B0:BB:97:11:BD:00:72
            X509v3 Authority Key Identifier:
                keyid:52:9F:BA:B5:17:1A:5C:B2:2F:6C:54:F1:0B:3A:2C:B6:DB:51:72:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Up-6tRcaXLIvbFTxCzostttRcj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/5289c4-02b5-465e-8cbd-773732652f4f/1/KaG_9OhAuCqS6mVHabC7lxG9AHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/5289c4-02b5-465e-8cbd-773732652f4f/1/Up-6tRcaXLIvbFTxCzostttRcj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:af:a2:e2:74:4f:23:1e:a0:b6:c3:50:b9:e2:38:6a:78:60:
         f4:f6:08:d9:4a:30:a4:ec:16:df:bf:ba:25:b9:c6:f2:6c:cd:
         cf:2a:b4:84:90:26:5c:f5:cd:b0:32:fe:0b:14:20:34:85:b7:
         bf:21:60:34:7b:d9:4a:7f:b5:aa:d1:96:6e:2e:da:4e:71:1d:
         5f:ed:8e:6a:b8:2c:2d:47:e0:b3:1d:86:32:56:f4:7e:37:9f:
         02:7f:da:c6:11:4d:aa:0a:c5:04:e6:cc:b2:36:23:7c:ef:9c:
         c4:95:3c:57:6b:7d:fb:e2:24:8e:c3:7f:71:a5:8e:ad:ef:0f:
         c4:16:0d:43:19:61:99:55:e6:d5:59:f6:82:ec:96:06:8c:2c:
         36:9f:57:93:ab:da:8f:b0:48:31:9a:f6:94:21:69:c7:27:ea:
         f2:29:59:d9:46:72:2a:88:17:2f:88:9a:67:1d:00:99:4e:16:
         5b:f7:eb:31:57:5d:90:0d:ca:57:38:7f:21:f6:c9:17:81:22:
         13:bf:29:2b:d7:98:72:78:66:03:98:ea:88:5e:e3:28:b7:fa:
         fd:a3:89:60:f1:3a:20:0e:6d:49:ae:64:65:7d:26:2c:1d:b0:
         27:76:42:88:bf:51:2f:c4:16:f7:8d:73:9b:a6:97:c2:e3:c5:
         4f:a4:9d:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26tmqf59cDmEIz9lf4hsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWZiYWI1MTcxYTVjYjIyZjZjNTRmMTBiM2EyY2I2ZGI1
MTcyM2UwHhcNMjYwMTAxMDAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWExYmZmNGU4NDBiODJhOTJlYTY1NDc2OWIwYmI5NzExYmQwMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGCCnazOz98mVYXToCScCHt9LKIA
rifa4pLSHewEqsQqMTtDz8tdI90vwAsdYtSklWVqSAOlPJ8dJamBYBTlGGzOUm05
OojYYiFxK/uXvDrAK5IjTqakH29iLstRwhjQE923j74R1zWCNhXpUtZpwm+rLJ7H
RbeXaQdqTnBgMEgVObJtIBa6PPSRBLRCBC0ACGRYZvZvZzJ17ZJC9DoSO8YhLODa
YRbdNHk11Soq3fi6lNW6QISRyDglyxD5XzIYjQMuYHEFel9EJFVIc3LNvJ8zxOS2
yMS9vvfXWo9Ps+kcWyKCOJo4gZMRoQwLSGrTiJQXXYEJuSGH5EwwIatRiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmhv/ToQLgqkuplR2mwu5cRvQByMB8GA1UdIwQY
MBaAFFKfurUXGlyyL2xU8Qs6LLbbUXI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXAtNnRSY2FYTEl2YkZUeEN6b3N0dHRSY2o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81Mjg5YzQtMDJiNS00NjVlLThjYmQt
NzczNzMyNjUyZjRmLzEvS2FHXzlPaEF1Q3FTNm1WSGFiQzdseEc5QUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81Mjg5YzQtMDJiNS00NjVlLThjYmQtNzczNzMyNjUyZjRm
LzEvVXAtNnRSY2FYTEl2YkZUeEN6b3N0dHRSY2o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbeMMA0G
CSqGSIb3DQEBCwUAA4IBAQC4r6LidE8jHqC2w1C54jhqeGD09gjZSjCk7Bbfv7ol
ucbybM3PKrSEkCZc9c2wMv4LFCA0hbe/IWA0e9lKf7Wq0ZZuLtpOcR1f7Y5quCwt
R+CzHYYyVvR+N58Cf9rGEU2qCsUE5syyNiN875zElTxXa3374iSOw39xpY6t7w/E
Fg1DGWGZVebVWfaC7JYGjCw2n1eTq9qPsEgxmvaUIWnHJ+ryKVnZRnIqiBcviJpn
HQCZThZb9+sxV12QDcpXOH8h9skXgSITvykr15hyeGYDmOqIXuMot/r9o4lg8Tog
Dm1JrmRlfSYsHbAndkKIv1EvxBb3jXObppfC48VPpJ0w
-----END CERTIFICATE-----