Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/iGTME27YYtLCjNKAbAnWPHfMnu4.roa
File:                     iGTME27YYtLCjNKAbAnWPHfMnu4.roa (raw, json)
Hash identifier:          ULI3hQGn46ssFRpphyaPadiD0V+oM9Lnjtoh74DUlBQ=
Subject key identifier:   88:64:CC:13:6E:D8:62:D2:C2:8C:D2:80:6C:09:D6:3C:77:CC:9E:EE
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB72C7434A138EE4644B9ED1828C8
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/iGTME27YYtLCjNKAbAnWPHfMnu4.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212107
IP address blocks:        78.142.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b7:2c:74:34:a1:38:ee:46:44:b9:ed:18:28:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8864cc136ed862d2c28cd2806c09d63c77cc9eee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:16:df:ea:4e:24:ee:8b:d8:63:b9:f8:7b:2f:
                    45:20:b8:dc:e6:eb:1e:e1:42:b2:9a:00:9c:00:d7:
                    76:a3:5c:ae:58:c2:cc:ce:ab:13:24:06:e9:7e:c7:
                    4a:a1:80:42:c5:c8:d1:1f:19:9f:64:74:e2:cd:8f:
                    4b:80:c6:1b:1d:c2:e1:b7:36:d4:65:99:c2:c0:0c:
                    1d:81:99:73:b0:49:cc:bf:16:31:2f:55:3e:04:44:
                    fd:bf:18:6c:40:92:c0:6f:97:45:dc:64:a6:d8:cb:
                    e4:10:92:19:9b:b1:32:cb:09:3e:fd:df:73:fc:a3:
                    03:fd:40:28:ef:b8:e8:bc:3a:d1:1e:f4:ff:02:6b:
                    35:0a:29:0d:b3:32:86:78:49:f5:cd:c3:8c:55:b9:
                    d2:a5:81:d4:55:88:36:63:4c:ed:0f:e0:52:66:48:
                    ab:a5:4c:9c:15:07:6e:1c:6d:05:83:ff:71:cc:31:
                    f4:2e:70:9b:6f:df:10:0d:15:ba:35:7b:ca:e9:cc:
                    fe:68:82:ae:2d:32:af:23:5f:00:69:55:bc:26:81:
                    87:11:00:22:52:b8:c1:7f:fe:d5:80:f0:89:ff:a6:
                    0a:a5:9a:f4:3d:34:50:74:94:62:11:96:18:b3:ac:
                    fc:14:65:da:54:29:dc:e4:8a:4f:ea:ee:17:f4:6b:
                    0a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:64:CC:13:6E:D8:62:D2:C2:8C:D2:80:6C:09:D6:3C:77:CC:9E:EE
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/iGTME27YYtLCjNKAbAnWPHfMnu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:77:6e:54:8a:ec:53:66:e8:19:e2:26:c1:01:5a:15:9e:5a:
         15:84:b7:7f:79:60:5e:4f:dc:b9:ee:5e:ee:57:85:c4:6c:ad:
         8d:64:ee:9b:ae:ae:82:18:fe:13:c0:26:ef:19:62:80:53:9b:
         16:2b:8b:6d:83:05:b7:aa:3f:da:75:06:37:d1:d4:43:ea:af:
         90:64:e3:75:da:bc:58:af:eb:d9:7b:0a:73:e8:6d:5d:f2:37:
         2e:28:cc:31:5a:2b:8f:49:00:1a:89:bf:74:4c:fb:c6:72:a6:
         20:c0:0b:32:b0:11:ea:1b:f4:8d:2d:98:10:73:05:4e:dd:f8:
         4f:e8:0b:ce:b3:84:e2:c8:d6:ce:4a:22:e7:a4:90:71:37:fd:
         8f:3d:a8:60:e7:df:d2:08:1a:a0:55:27:c5:29:be:4c:8b:5f:
         d3:88:78:d7:ec:24:59:09:6e:0d:39:de:3f:1d:31:b7:60:44:
         12:61:3b:35:a3:6c:2e:38:5c:3b:18:3f:27:b6:1c:1d:54:6a:
         1f:f5:e7:72:94:d6:25:6a:16:22:69:6b:a1:bd:79:54:9f:61:
         03:45:01:52:57:66:1f:bb:1a:ad:c0:18:d9:d2:7e:7c:ab:c5:
         21:e2:b5:14:f5:52:76:96:7a:68:a3:90:30:f5:5c:0c:a5:a4:
         79:47:eb:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7csdDShOO5GRLntGCjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODY0Y2MxMzZlZDg2MmQyYzI4Y2QyODA2YzA5ZDYzYzc3Y2M5ZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghbf6k4k7ovYY7n4ey9FILjc5use
4UKymgCcANd2o1yuWMLMzqsTJAbpfsdKoYBCxcjRHxmfZHTizY9LgMYbHcLhtzbU
ZZnCwAwdgZlzsEnMvxYxL1U+BET9vxhsQJLAb5dF3GSm2MvkEJIZm7Eyywk+/d9z
/KMD/UAo77jovDrRHvT/Ams1CikNszKGeEn1zcOMVbnSpYHUVYg2Y0ztD+BSZkir
pUycFQduHG0Fg/9xzDH0LnCbb98QDRW6NXvK6cz+aIKuLTKvI18AaVW8JoGHEQAi
UrjBf/7VgPCJ/6YKpZr0PTRQdJRiEZYYs6z8FGXaVCnc5IpP6u4X9GsKjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhkzBNu2GLSwozSgGwJ1jx3zJ7uMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvaUdUTUUyN1lZdExDak5LQWJBbldQSGZNbnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo75MA0G
CSqGSIb3DQEBCwUAA4IBAQCnd25UiuxTZugZ4ibBAVoVnloVhLd/eWBeT9y57l7u
V4XEbK2NZO6brq6CGP4TwCbvGWKAU5sWK4ttgwW3qj/adQY30dRD6q+QZON12rxY
r+vZewpz6G1d8jcuKMwxWiuPSQAaib90TPvGcqYgwAsysBHqG/SNLZgQcwVO3fhP
6AvOs4TiyNbOSiLnpJBxN/2PPahg59/SCBqgVSfFKb5Mi1/TiHjX7CRZCW4NOd4/
HTG3YEQSYTs1o2wuOFw7GD8nthwdVGof9edylNYlahYiaWuhvXlUn2EDRQFSV2Yf
uxqtwBjZ0n58q8Uh4rUU9VJ2lnpoo5Aw9VwMpaR5R+uz
-----END CERTIFICATE-----