Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/JAyLYywo3_6H7w_Jbq8WYcS_5tk.roa
File:                     JAyLYywo3_6H7w_Jbq8WYcS_5tk.roa (raw, json)
Hash identifier:          g8QOA14pHSyNglfWIf6C5GuHjmogABGtz4h5JC3lnWc=
Subject key identifier:   24:0C:8B:63:2C:28:DF:FE:87:EF:0F:C9:6E:AF:16:61:C4:BF:E6:D9
Certificate issuer:       /CN=c755702467770ed69b367b77bbe640bc6db4153e
Certificate serial:       018CC8DF2042E7B6C124DB13F965680FA912
Authority key identifier: C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/JAyLYywo3_6H7w_Jbq8WYcS_5tk.roa
Signing time:             Tue 02 Jan 2024 06:31:55 +0000
ROA not before:           Tue 02 Jan 2024 06:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        84.254.136.0/24 maxlen: 24
                          84.254.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:20:42:e7:b6:c1:24:db:13:f9:65:68:0f:a9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c755702467770ed69b367b77bbe640bc6db4153e
        Validity
            Not Before: Jan  2 06:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=240c8b632c28dffe87ef0fc96eaf1661c4bfe6d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:be:36:79:46:1c:2d:e6:fd:6a:86:b1:12:5e:
                    58:3d:b8:56:c7:bf:af:be:92:b8:69:9d:f1:15:93:
                    78:63:c5:11:32:6d:08:40:3a:f3:d7:2d:55:81:96:
                    c0:60:ae:3e:3a:af:b9:03:54:2b:a5:a4:02:8c:de:
                    82:ce:60:99:2c:32:81:a3:14:7c:2c:bc:12:20:2d:
                    88:ae:db:93:02:93:72:5d:d9:50:7c:ef:a4:ae:c3:
                    8f:d4:26:e0:28:09:23:fc:e8:06:b9:4a:e2:d4:f5:
                    f3:fe:2b:85:39:64:4b:06:34:e8:e7:d8:f5:be:0b:
                    9c:82:a7:11:ea:33:3a:8f:02:cf:08:6d:1a:8d:28:
                    c0:28:38:19:cd:2a:87:84:18:e2:2e:29:be:50:24:
                    c5:03:bb:43:2b:e4:19:44:c6:34:21:01:66:ef:c4:
                    c3:cc:10:95:0a:e3:e6:32:48:2b:78:9d:34:e1:39:
                    b0:a6:fa:80:84:aa:1a:91:49:6d:17:d2:77:64:8b:
                    3f:07:3a:e7:3d:6b:56:b7:9e:c5:3b:1f:31:4c:8e:
                    8b:b2:dd:e0:7f:79:00:a3:6b:a6:3e:75:d2:1d:ef:
                    b9:9c:bd:97:7f:da:bc:bf:0d:4a:ca:04:2b:4c:bd:
                    91:eb:8b:65:6c:7a:de:a7:86:70:81:34:55:36:78:
                    5e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:0C:8B:63:2C:28:DF:FE:87:EF:0F:C9:6E:AF:16:61:C4:BF:E6:D9
            X509v3 Authority Key Identifier:
                keyid:C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/JAyLYywo3_6H7w_Jbq8WYcS_5tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.254.134.0/24
                  84.254.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:5b:f8:1d:bd:08:18:67:4f:27:8c:79:cb:8c:b3:81:cd:4f:
         c0:3e:f5:a2:20:98:de:ea:47:6f:a2:b7:7b:39:c4:c6:7a:4f:
         24:7c:e3:63:8c:8e:05:fd:ed:22:41:7f:65:ad:dc:88:2e:9b:
         49:fe:bd:da:62:b6:27:8c:e5:cb:f8:24:f4:ea:e2:ab:ed:51:
         9d:cf:0d:d2:d2:5e:e7:17:45:5a:69:68:7a:90:4b:bd:53:d9:
         8f:62:e8:d4:13:c8:a7:3f:30:e4:be:cd:e5:ac:01:e2:bd:ba:
         b4:cb:6a:cf:2f:f3:4e:fe:5d:51:e8:43:79:44:25:24:6d:a7:
         b7:73:9b:a5:03:b0:f1:b9:6a:38:66:d0:a9:f0:49:48:8c:8b:
         fe:ad:33:28:b2:42:1a:29:ff:77:7a:2c:6f:b0:1d:40:72:4f:
         08:45:48:f7:a4:17:df:d2:b6:bf:92:81:66:98:f0:43:36:b8:
         b8:72:e1:d7:76:53:26:48:a6:7e:6a:51:46:f2:3d:54:18:45:
         b8:2b:75:ea:51:36:98:14:fb:45:b4:a6:49:3b:01:ab:99:eb:
         c8:40:fc:2d:87:37:bb:38:1d:2a:75:41:f5:22:49:7a:65:ab:
         01:bd:b8:e6:ea:11:6c:8a:b7:55:e1:a5:a9:a7:4d:a1:3d:e2:
         5c:f5:4b:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3yBC57bBJNsT+WVoD6kSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU3MDI0Njc3NzBlZDY5YjM2N2I3N2JiZTY0MGJjNmRi
NDE1M2UwHhcNMjQwMTAyMDYzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDBjOGI2MzJjMjhkZmZlODdlZjBmYzk2ZWFmMTY2MWM0YmZlNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L42eUYcLeb9aoaxEl5YPbhWx7+v
vpK4aZ3xFZN4Y8URMm0IQDrz1y1VgZbAYK4+Oq+5A1QrpaQCjN6CzmCZLDKBoxR8
LLwSIC2IrtuTApNyXdlQfO+krsOP1CbgKAkj/OgGuUri1PXz/iuFOWRLBjTo59j1
vgucgqcR6jM6jwLPCG0ajSjAKDgZzSqHhBjiLim+UCTFA7tDK+QZRMY0IQFm78TD
zBCVCuPmMkgreJ004TmwpvqAhKoakUltF9J3ZIs/BzrnPWtWt57FOx8xTI6Lst3g
f3kAo2umPnXSHe+5nL2Xf9q8vw1KygQrTL2R64tlbHrep4ZwgTRVNnhe6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCQMi2MsKN/+h+8PyW6vFmHEv+bZMB8GA1UdIwQY
MBaAFMdVcCRndw7WmzZ7d7vmQLxttBU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYt
MWQzNzM0OTk5MjRlLzEvSkF5TFl5d28zXzZIN3dfSmJxOFdZY1NfNXRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYtMWQzNzM0OTk5MjRl
LzEveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVP6GAwQA
VP6IMA0GCSqGSIb3DQEBCwUAA4IBAQBsW/gdvQgYZ08njHnLjLOBzU/APvWiIJje
6kdvord7OcTGek8kfONjjI4F/e0iQX9lrdyILptJ/r3aYrYnjOXL+CT06uKr7VGd
zw3S0l7nF0VaaWh6kEu9U9mPYujUE8inPzDkvs3lrAHivbq0y2rPL/NO/l1R6EN5
RCUkbae3c5ulA7DxuWo4ZtCp8ElIjIv+rTMoskIaKf93eixvsB1Ack8IRUj3pBff
0ra/koFmmPBDNri4cuHXdlMmSKZ+alFG8j1UGEW4K3XqUTaYFPtFtKZJOwGrmevI
QPwthze7OB0qdUH1Ikl6ZasBvbjm6hFsirdV4aWpp02hPeJc9UsI
-----END CERTIFICATE-----