Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/iMcJpTjlLZyOGP10epkf2-TRc7U.roa
File:                     iMcJpTjlLZyOGP10epkf2-TRc7U.roa (raw, json)
Hash identifier:          3cryyKIM2xFC3oR4MThkIwUrFTMj7h4vFSluhQW+KZc=
Subject key identifier:   88:C7:09:A5:38:E5:2D:9C:8E:18:FD:74:7A:99:1F:DB:E4:D1:73:B5
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB428C94F37A1FA9C4CF96532958A
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/iMcJpTjlLZyOGP10epkf2-TRc7U.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203363
IP address blocks:        152.89.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b4:28:c9:4f:37:a1:fa:9c:4c:f9:65:32:95:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88c709a538e52d9c8e18fd747a991fdbe4d173b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d7:48:80:ba:5a:d5:bc:51:a8:5a:5b:a4:39:
                    15:13:36:e8:42:6f:31:a2:75:d9:86:25:bb:cf:f9:
                    30:dc:75:3b:a3:8c:04:3e:3e:89:55:99:49:e8:c1:
                    1b:91:c6:0e:a6:2b:56:91:88:b2:1e:df:8d:41:d5:
                    dc:06:28:75:02:55:7c:55:a2:9a:4f:ec:6c:92:ec:
                    e0:85:1b:c9:64:26:17:b2:20:6b:5f:3b:23:64:d9:
                    f8:e1:3e:a0:49:cd:bc:1c:e0:44:61:71:5f:37:2a:
                    d5:47:76:c1:bb:97:cd:d0:8a:bc:bd:4a:05:44:93:
                    f5:1d:17:f6:ad:98:fc:a3:a1:ee:ad:20:86:3b:d8:
                    29:5d:c5:10:09:6a:a9:a8:63:9f:37:93:7b:9e:70:
                    a0:19:9d:fc:31:18:f1:27:c7:03:62:50:e8:3f:e9:
                    0a:77:57:90:2e:d7:c6:f1:3f:dd:c9:30:56:63:51:
                    e1:07:11:82:0c:18:94:1d:c4:d2:7b:08:74:dd:a7:
                    1c:db:e9:87:bb:a4:64:23:51:0f:aa:87:37:3c:0e:
                    ba:49:38:ec:2e:b9:85:65:3d:74:a0:96:70:fa:09:
                    c1:57:20:fd:1c:d5:6b:84:15:b0:d7:79:e6:7d:52:
                    5f:01:5f:cb:65:71:d0:46:05:a3:7e:70:9b:79:a8:
                    0d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C7:09:A5:38:E5:2D:9C:8E:18:FD:74:7A:99:1F:DB:E4:D1:73:B5
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/iMcJpTjlLZyOGP10epkf2-TRc7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:4d:cc:2c:20:1b:5d:da:32:ad:92:cc:9d:38:19:00:5b:8e:
         8c:2f:1d:00:8e:a7:54:36:d6:ae:66:21:2f:f9:30:30:52:89:
         7c:de:9c:24:9c:c2:92:a1:21:cb:d4:2a:41:68:a8:83:a8:8a:
         63:4a:39:8c:22:f3:2b:78:62:ef:f4:b7:96:95:d5:f4:c8:c8:
         77:a7:d3:c2:73:a9:04:98:2e:ba:21:c7:04:a3:26:dc:5f:8e:
         ae:c7:c2:0c:04:67:e1:33:35:76:8d:88:91:58:54:a2:cb:8d:
         e8:73:7b:66:ec:1c:19:ec:2c:d1:57:eb:8e:c8:70:74:d4:09:
         19:c8:10:90:f8:4a:ec:99:30:7d:b8:c5:f5:a9:40:fb:2c:83:
         57:c9:2a:c8:77:45:b2:3f:b1:ea:19:aa:29:a6:40:12:c0:76:
         04:7d:4a:e9:8e:77:67:4d:cd:e0:cb:e8:27:14:9d:b2:b5:83:
         1f:4b:1a:39:31:6e:12:52:00:80:b4:1d:b2:f7:f4:36:3e:96:
         33:c1:92:38:4e:2e:68:91:c9:0f:4f:07:8b:ef:69:34:ea:a4:
         5d:8e:fd:eb:ca:17:12:33:69:f0:20:e2:14:c6:fd:99:d5:55:
         45:1b:68:ac:f4:28:66:7b:85:85:be:0a:c7:90:6a:bd:14:dc:
         08:df:21:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7QoyU83ofqcTPllMpWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGM3MDlhNTM4ZTUyZDljOGUxOGZkNzQ3YTk5MWZkYmU0ZDE3M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNdIgLpa1bxRqFpbpDkVEzboQm8x
onXZhiW7z/kw3HU7o4wEPj6JVZlJ6MEbkcYOpitWkYiyHt+NQdXcBih1AlV8VaKa
T+xskuzghRvJZCYXsiBrXzsjZNn44T6gSc28HOBEYXFfNyrVR3bBu5fN0Iq8vUoF
RJP1HRf2rZj8o6HurSCGO9gpXcUQCWqpqGOfN5N7nnCgGZ38MRjxJ8cDYlDoP+kK
d1eQLtfG8T/dyTBWY1HhBxGCDBiUHcTSewh03acc2+mHu6RkI1EPqoc3PA66STjs
LrmFZT10oJZw+gnBVyD9HNVrhBWw13nmfVJfAV/LZXHQRgWjfnCbeagNnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjHCaU45S2cjhj9dHqZH9vk0XO1MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvaU1jSnBUamxMWnlPR1AxMGVwa2YyLVRSYzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFmrMA0G
CSqGSIb3DQEBCwUAA4IBAQAETcwsIBtd2jKtksydOBkAW46MLx0AjqdUNtauZiEv
+TAwUol83pwknMKSoSHL1CpBaKiDqIpjSjmMIvMreGLv9LeWldX0yMh3p9PCc6kE
mC66IccEoybcX46ux8IMBGfhMzV2jYiRWFSiy43oc3tm7BwZ7CzRV+uOyHB01AkZ
yBCQ+ErsmTB9uMX1qUD7LINXySrId0WyP7HqGaoppkASwHYEfUrpjndnTc3gy+gn
FJ2ytYMfSxo5MW4SUgCAtB2y9/Q2PpYzwZI4Ti5okckPTweL72k06qRdjv3ryhcS
M2nwIOIUxv2Z1VVFG2is9Chme4WFvgrHkGq9FNwI3yHg
-----END CERTIFICATE-----