Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/s0wC4R286yUnEohDK10Gck80Hqo.roa
File:                     s0wC4R286yUnEohDK10Gck80Hqo.roa (raw, json)
Hash identifier:          /h+hJLaIh7UvEKDll9eHT+h8syLDtHjDRvM5gf9Hyaw=
Subject key identifier:   B3:4C:02:E1:1D:BC:EB:25:27:12:88:43:2B:5D:06:72:4F:34:1E:AA
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C2103048916C80974BD8382D256F
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/s0wC4R286yUnEohDK10Gck80Hqo.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39074
IP address blocks:        5.202.136.0/23 maxlen: 23
                          5.202.136.0/24 maxlen: 24
                          5.202.136.0/22 maxlen: 22
                          5.202.137.0/24 maxlen: 24
                          5.202.138.0/24 maxlen: 24
                          5.202.138.0/23 maxlen: 23
                          5.202.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c2:10:30:48:91:6c:80:97:4b:d8:38:2d:25:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b34c02e11dbceb25271288432b5d06724f341eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e3:06:0a:02:a0:01:b6:62:b2:73:51:23:ed:
                    e9:2b:d1:0d:dd:de:37:8d:b7:4a:3b:57:80:3f:fd:
                    cc:6f:57:5e:b4:83:a6:93:75:6a:96:53:ce:73:67:
                    00:80:35:50:c0:eb:c4:88:50:f3:1d:e2:d8:4e:3b:
                    6e:49:f5:3a:62:4b:14:03:be:53:62:a9:1b:85:fb:
                    87:8c:4a:f3:73:fb:da:3c:35:04:88:8d:b0:b6:15:
                    9a:4f:ba:62:6c:48:65:fb:d5:ff:97:5a:f4:2e:b0:
                    e5:77:c0:25:c6:5b:78:2b:6e:bb:12:a1:42:48:3b:
                    fe:c4:20:c0:a7:80:a1:13:b3:02:5a:2b:5b:7e:18:
                    aa:e8:27:b2:41:3f:fc:42:2e:cb:2a:ec:74:ff:bf:
                    15:57:89:4a:9b:9b:ee:3f:d3:9e:e3:f6:af:84:7d:
                    a4:72:d3:73:77:9b:60:c9:27:c1:03:a5:35:90:25:
                    fd:1b:34:2e:19:c1:e7:00:6d:82:4c:ba:85:6c:f1:
                    6b:c1:6d:e3:7c:63:fc:4c:e9:78:96:44:7b:cb:a4:
                    9b:12:c9:fb:84:70:3b:92:bc:1f:7d:19:c0:85:d5:
                    e0:a6:66:b6:4d:7a:c1:5e:ee:f8:4a:11:0a:23:9f:
                    34:e3:73:6d:bf:d7:48:fc:d8:33:01:0f:1c:7d:5f:
                    b5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:4C:02:E1:1D:BC:EB:25:27:12:88:43:2B:5D:06:72:4F:34:1E:AA
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/s0wC4R286yUnEohDK10Gck80Hqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:24:49:6a:65:e3:43:3f:b5:7f:a6:c6:2a:0d:af:c5:9d:2a:
         b6:5b:dd:7f:77:b9:39:b3:1f:6f:35:db:96:30:63:68:42:6c:
         7f:ff:10:4a:81:ab:7f:2a:c9:60:66:d0:75:6f:ed:4e:71:88:
         4b:80:30:0d:77:5f:c8:e5:7d:3c:77:cc:51:86:77:d5:0d:fe:
         24:f4:78:b0:8f:eb:e9:f0:86:be:d3:32:30:f4:d3:6d:51:61:
         2c:df:ff:ed:c4:4f:6d:2d:99:7d:f2:05:a2:44:98:ee:f1:83:
         7b:e0:23:de:c7:58:1a:4a:90:ba:98:18:18:69:77:36:fc:8a:
         04:1e:0d:92:e2:f8:fd:50:32:98:54:9f:08:5d:f2:b7:d0:df:
         12:e4:a7:97:2f:07:14:22:86:8a:33:6b:78:07:af:c1:21:3e:
         ba:3e:38:96:9e:be:85:d6:6a:76:9b:18:f2:55:72:b4:da:60:
         a8:f4:30:64:0f:4e:04:7b:cc:a0:d6:7d:04:50:54:4b:fc:b2:
         67:f7:9c:c0:7e:88:76:a3:7e:7a:57:24:9b:ac:87:d5:3d:91:
         c5:eb:4c:7e:62:29:78:69:6a:8c:6d:45:cf:a5:65:46:e5:6d:
         a6:59:f6:ed:fb:e8:c9:67:56:fd:9d:c5:51:e7:48:5b:72:85:
         1f:36:f1:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMIQMEiRbICXS9g4LSVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzRjMDJlMTFkYmNlYjI1MjcxMjg4NDMyYjVkMDY3MjRmMzQxZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+MGCgKgAbZisnNRI+3pK9EN3d43
jbdKO1eAP/3Mb1detIOmk3VqllPOc2cAgDVQwOvEiFDzHeLYTjtuSfU6YksUA75T
YqkbhfuHjErzc/vaPDUEiI2wthWaT7pibEhl+9X/l1r0LrDld8Alxlt4K267EqFC
SDv+xCDAp4ChE7MCWitbfhiq6CeyQT/8Qi7LKux0/78VV4lKm5vuP9Oe4/avhH2k
ctNzd5tgySfBA6U1kCX9GzQuGcHnAG2CTLqFbPFrwW3jfGP8TOl4lkR7y6SbEsn7
hHA7krwffRnAhdXgpma2TXrBXu74ShEKI58043Ntv9dI/NgzAQ8cfV+1EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNMAuEdvOslJxKIQytdBnJPNB6qMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvczB3QzRSMjg2eVVuRW9oREsxMEdjazgwSHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBcqIMA0G
CSqGSIb3DQEBCwUAA4IBAQB3JElqZeNDP7V/psYqDa/FnSq2W91/d7k5sx9vNduW
MGNoQmx//xBKgat/KslgZtB1b+1OcYhLgDANd1/I5X08d8xRhnfVDf4k9Hiwj+vp
8Ia+0zIw9NNtUWEs3//txE9tLZl98gWiRJju8YN74CPex1gaSpC6mBgYaXc2/IoE
Hg2S4vj9UDKYVJ8IXfK30N8S5KeXLwcUIoaKM2t4B6/BIT66PjiWnr6F1mp2mxjy
VXK02mCo9DBkD04Ee8yg1n0EUFRL/LJn95zAfoh2o356VySbrIfVPZHF60x+Yil4
aWqMbUXPpWVG5W2mWfbt++jJZ1b9ncVR50hbcoUfNvH7
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:28:01 2024 by rpki-client on console-ams.rpki-client.org