Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/02cab5-59b4-4d90-a5db-fd214cacfb62/1/ZzkgKBt8osL2jS6WqXWiWojvYXE.roa
File:                     ZzkgKBt8osL2jS6WqXWiWojvYXE.roa (raw, json)
Hash identifier:          13JNe9cdpc50MtnFe7Jo/SOXuaCf/OjrCfwP/kE4Flg=
Subject key identifier:   67:39:20:28:1B:7C:A2:C2:F6:8D:2E:96:A9:75:A2:5A:88:EF:61:71
Certificate issuer:       /CN=3938a81a44127741d949a355a47f3cb599389a78
Certificate serial:       018CC348A2C8A95DBAD2F3402184B54CADF0
Authority key identifier: 39:38:A8:1A:44:12:77:41:D9:49:A3:55:A4:7F:3C:B5:99:38:9A:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTioGkQSd0HZSaNVpH88tZk4mng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/02cab5-59b4-4d90-a5db-fd214cacfb62/1/ZzkgKBt8osL2jS6WqXWiWojvYXE.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211285
IP address blocks:        5.183.24.0/23 maxlen: 24
                          5.183.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/02cab5-59b4-4d90-a5db-fd214cacfb62/1/OTioGkQSd0HZSaNVpH88tZk4mng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/02cab5-59b4-4d90-a5db-fd214cacfb62/1/OTioGkQSd0HZSaNVpH88tZk4mng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OTioGkQSd0HZSaNVpH88tZk4mng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a2:c8:a9:5d:ba:d2:f3:40:21:84:b5:4c:ad:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3938a81a44127741d949a355a47f3cb599389a78
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=673920281b7ca2c2f68d2e96a975a25a88ef6171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:48:39:3a:f4:41:bb:16:b4:00:ca:33:19:88:
                    43:37:5b:e6:7d:f3:07:77:af:64:66:a9:3a:31:b4:
                    82:25:5e:67:c9:02:c7:69:69:95:0f:02:1c:b4:87:
                    72:0c:84:86:cc:20:d9:5a:18:b9:2f:a5:dd:16:d7:
                    8c:f2:c7:b4:34:52:ab:fc:6b:a2:0b:81:77:38:ed:
                    0c:c6:41:90:59:c9:7d:71:a5:02:3d:c0:e0:10:69:
                    1d:12:03:d8:b7:b0:38:20:d6:18:ce:a9:74:42:b6:
                    7b:01:3f:15:3b:09:dd:dc:a4:72:a9:19:3b:ae:f1:
                    cb:5b:96:84:6a:30:59:49:55:a8:f7:c9:86:60:af:
                    df:2f:76:59:50:7c:20:e2:08:3c:32:50:21:46:9a:
                    eb:30:e2:c0:8b:4e:27:e6:b1:93:81:04:0c:aa:77:
                    6a:12:ac:c4:88:45:e7:8b:f3:b3:22:5a:68:52:07:
                    2b:01:66:29:93:e1:7e:a3:b7:8f:e0:62:8b:ee:1e:
                    9f:04:55:9d:10:b6:fa:53:2c:57:3d:29:4c:55:29:
                    3b:af:ba:90:15:cb:fd:a5:af:98:8f:16:55:e1:d1:
                    5d:cc:9f:2a:3e:5a:8f:f0:ef:2f:79:6b:ff:b4:aa:
                    34:0c:12:a3:8c:86:b0:13:15:b0:ba:65:7e:48:8a:
                    d5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:39:20:28:1B:7C:A2:C2:F6:8D:2E:96:A9:75:A2:5A:88:EF:61:71
            X509v3 Authority Key Identifier:
                keyid:39:38:A8:1A:44:12:77:41:D9:49:A3:55:A4:7F:3C:B5:99:38:9A:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTioGkQSd0HZSaNVpH88tZk4mng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/02cab5-59b4-4d90-a5db-fd214cacfb62/1/ZzkgKBt8osL2jS6WqXWiWojvYXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/02cab5-59b4-4d90-a5db-fd214cacfb62/1/OTioGkQSd0HZSaNVpH88tZk4mng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:b5:a3:f2:a3:28:41:ee:b8:0d:10:74:2e:61:eb:c1:ba:80:
         c6:7e:58:0f:fa:65:9b:73:58:66:fe:ac:6b:84:34:a6:c5:3b:
         55:2f:51:b9:3f:b5:77:dc:e8:fe:53:0b:90:96:1a:3d:0e:fc:
         7b:d6:ae:f7:8a:00:fa:63:09:9b:a3:eb:7c:0b:6f:63:99:a0:
         cf:4d:c9:b3:28:9b:71:4c:97:03:11:ff:1c:b0:15:58:f6:98:
         86:92:f8:13:8a:1c:d9:82:66:d0:a0:ab:b5:19:e5:a7:87:ed:
         4d:01:b7:cc:48:cc:b9:af:5a:2f:4e:ae:21:33:a4:ff:d4:0e:
         df:bc:ff:68:cf:91:55:fa:25:2d:7e:81:91:27:0b:4c:b2:0b:
         15:f5:e0:dc:93:b9:34:f8:51:cf:5a:ee:bb:7c:a8:88:2a:a3:
         da:5d:49:de:e1:c1:7b:5d:9f:9e:b3:5b:9f:18:40:a8:36:a9:
         c0:b5:da:6a:8a:58:10:64:61:e9:69:da:df:72:99:1a:9e:36:
         85:0f:e6:ef:f5:ee:fd:17:48:95:9a:63:0b:a3:43:2a:91:f3:
         39:23:2a:59:0b:ae:e4:7a:d2:60:10:61:36:26:e0:8f:c6:12:
         6d:8e:7f:ae:1b:aa:f0:6a:86:19:f0:a6:7b:35:f3:2b:eb:4d:
         37:0a:9d:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKLIqV260vNAIYS1TK3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MzhhODFhNDQxMjc3NDFkOTQ5YTM1NWE0N2YzY2I1OTkz
ODlhNzgwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzM5MjAyODFiN2NhMmMyZjY4ZDJlOTZhOTc1YTI1YTg4ZWY2MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUg5OvRBuxa0AMozGYhDN1vmffMH
d69kZqk6MbSCJV5nyQLHaWmVDwIctIdyDISGzCDZWhi5L6XdFteM8se0NFKr/Gui
C4F3OO0MxkGQWcl9caUCPcDgEGkdEgPYt7A4INYYzql0QrZ7AT8VOwnd3KRyqRk7
rvHLW5aEajBZSVWo98mGYK/fL3ZZUHwg4gg8MlAhRprrMOLAi04n5rGTgQQMqndq
EqzEiEXni/OzIlpoUgcrAWYpk+F+o7eP4GKL7h6fBFWdELb6UyxXPSlMVSk7r7qQ
Fcv9pa+YjxZV4dFdzJ8qPlqP8O8veWv/tKo0DBKjjIawExWwumV+SIrVxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc5ICgbfKLC9o0ulql1olqI72FxMB8GA1UdIwQY
MBaAFDk4qBpEEndB2UmjVaR/PLWZOJp4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1Rpb0drUVNkMEhaU2FOVnBIODh0Wms0bW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wMmNhYjUtNTliNC00ZDkwLWE1ZGIt
ZmQyMTRjYWNmYjYyLzEvWnprZ0tCdDhvc0wyalM2V3FYV2lXb2p2WVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wMmNhYjUtNTliNC00ZDkwLWE1ZGItZmQyMTRjYWNmYjYy
LzEvT1Rpb0drUVNkMEhaU2FOVnBIODh0Wms0bW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbcYMA0G
CSqGSIb3DQEBCwUAA4IBAQBetaPyoyhB7rgNEHQuYevBuoDGflgP+mWbc1hm/qxr
hDSmxTtVL1G5P7V33Oj+UwuQlho9Dvx71q73igD6Ywmbo+t8C29jmaDPTcmzKJtx
TJcDEf8csBVY9piGkvgTihzZgmbQoKu1GeWnh+1NAbfMSMy5r1ovTq4hM6T/1A7f
vP9oz5FV+iUtfoGRJwtMsgsV9eDck7k0+FHPWu67fKiIKqPaXUne4cF7XZ+es1uf
GECoNqnAtdpqilgQZGHpadrfcpkanjaFD+bv9e79F0iVmmMLo0MqkfM5IypZC67k
etJgEGE2JuCPxhJtjn+uG6rwaoYZ8KZ7NfMr6003Cp37
-----END CERTIFICATE-----
Generated at Sat Jun 1 11:55:37 2024 by rpki-client on console-fra.rpki-client.org