Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/PN-hNBC2YiRvBhT7CiQffYhGTZI.roa
File:                     PN-hNBC2YiRvBhT7CiQffYhGTZI.roa (raw, json)
Hash identifier:          HlCF3505pz3FUxgf118Kbo0us350ojRdmyDphTKI9Bs=
Subject key identifier:   3C:DF:A1:34:10:B6:62:24:6F:06:14:FB:0A:24:1F:7D:88:46:4D:92
Certificate issuer:       /CN=c755702467770ed69b367b77bbe640bc6db4153e
Certificate serial:       018CC8DF20C33E39E769868EFC4626C6D041
Authority key identifier: C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/PN-hNBC2YiRvBhT7CiQffYhGTZI.roa
Signing time:             Tue 02 Jan 2024 06:31:55 +0000
ROA not before:           Tue 02 Jan 2024 06:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        84.254.136.0/24 maxlen: 24
                          84.254.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:20:c3:3e:39:e7:69:86:8e:fc:46:26:c6:d0:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c755702467770ed69b367b77bbe640bc6db4153e
        Validity
            Not Before: Jan  2 06:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cdfa13410b662246f0614fb0a241f7d88464d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:dd:40:28:94:49:f4:4c:be:7f:b2:d3:4e:76:
                    06:22:ab:d6:ac:b9:30:fa:6c:38:c9:cb:8b:22:5c:
                    f2:68:d3:33:5e:9d:58:3b:ed:cf:21:87:3e:29:ca:
                    f5:8c:d2:9d:08:e0:bc:53:d9:0d:b6:17:23:9c:fd:
                    f6:66:db:91:03:ab:9e:ec:a6:88:ce:49:29:75:29:
                    62:88:fe:38:cf:fc:f8:27:21:6e:db:68:45:46:91:
                    98:9f:0c:6e:0c:ec:ff:ec:36:02:61:ce:25:3d:53:
                    66:40:5e:18:89:e1:10:89:45:14:94:f5:89:98:8d:
                    27:32:d3:48:93:a3:66:c4:c6:a7:ef:07:a3:9c:c0:
                    7c:4b:34:77:87:f6:b1:85:56:11:01:ea:81:dc:47:
                    4e:82:61:b4:75:9a:84:49:1f:3e:00:a3:85:49:c4:
                    ff:42:3e:d3:8c:6b:02:12:89:a5:6d:b0:a5:c9:69:
                    0f:6f:f4:bb:9d:bc:1a:d2:7c:3a:5e:56:f1:fd:57:
                    2c:f9:31:16:e0:5c:1c:2f:90:a9:d1:50:01:96:ac:
                    cc:bf:97:b0:c6:7e:3e:86:0a:e2:91:fa:fb:c3:65:
                    a0:50:e8:fe:5e:4e:90:cc:f0:34:08:bd:bc:2a:ad:
                    37:ba:58:cd:ea:97:41:3e:8c:ce:a3:18:47:6b:28:
                    fe:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:DF:A1:34:10:B6:62:24:6F:06:14:FB:0A:24:1F:7D:88:46:4D:92
            X509v3 Authority Key Identifier:
                keyid:C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/PN-hNBC2YiRvBhT7CiQffYhGTZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.254.134.0/24
                  84.254.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:22:a2:d6:a3:a7:e7:3b:f2:6e:d3:ca:56:ed:4a:ce:6b:7b:
         b7:73:84:e4:7d:e1:c8:66:c1:8e:e6:34:b6:59:36:7d:56:ef:
         f7:6d:07:7c:72:12:be:e7:66:49:7b:7c:af:fd:62:ec:6d:e6:
         d7:2c:97:50:eb:fd:7b:ef:5f:a4:ab:9b:9c:63:72:82:a3:8d:
         b3:42:0c:e6:f0:fd:87:ba:26:01:5f:45:49:df:60:25:ad:b6:
         d8:7f:42:e6:24:a0:dd:23:b4:2a:29:5a:74:f4:36:c3:51:83:
         a7:72:65:bb:01:ec:32:e0:fd:71:fa:78:41:48:28:e8:d3:04:
         c0:13:63:a3:08:f7:b7:b2:69:da:17:44:9f:bc:a5:89:66:96:
         dd:4e:24:dd:dd:d9:04:a9:ff:2b:0b:d4:80:17:bc:57:3f:84:
         e9:23:b1:27:eb:b0:1c:50:95:31:f4:d7:9d:97:04:d9:a4:2c:
         32:d3:e6:9c:d6:38:42:4d:ab:c0:db:2e:72:8e:e1:6b:06:b1:
         7c:3e:3f:f5:32:45:2f:f1:dd:dd:95:02:ad:b0:1a:44:d9:ea:
         1e:fc:af:69:ff:cc:56:a5:85:7d:9d:70:83:72:52:32:7d:fa:
         88:67:ef:25:bb:c9:9a:5c:ac:53:45:9b:18:02:47:c9:17:07:
         23:55:d8:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3yDDPjnnaYaO/EYmxtBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU3MDI0Njc3NzBlZDY5YjM2N2I3N2JiZTY0MGJjNmRi
NDE1M2UwHhcNMjQwMTAyMDYzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RmYTEzNDEwYjY2MjI0NmYwNjE0ZmIwYTI0MWY3ZDg4NDY0ZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5t1AKJRJ9Ey+f7LTTnYGIqvWrLkw
+mw4ycuLIlzyaNMzXp1YO+3PIYc+Kcr1jNKdCOC8U9kNthcjnP32ZtuRA6ue7KaI
zkkpdSliiP44z/z4JyFu22hFRpGYnwxuDOz/7DYCYc4lPVNmQF4YieEQiUUUlPWJ
mI0nMtNIk6NmxMan7wejnMB8SzR3h/axhVYRAeqB3EdOgmG0dZqESR8+AKOFScT/
Qj7TjGsCEomlbbClyWkPb/S7nbwa0nw6Xlbx/Vcs+TEW4FwcL5Cp0VABlqzMv5ew
xn4+hgrikfr7w2WgUOj+Xk6QzPA0CL28Kq03uljN6pdBPozOoxhHayj+jwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDzfoTQQtmIkbwYU+wokH32IRk2SMB8GA1UdIwQY
MBaAFMdVcCRndw7WmzZ7d7vmQLxttBU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYt
MWQzNzM0OTk5MjRlLzEvUE4taE5CQzJZaVJ2QmhUN0NpUWZmWWhHVFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYtMWQzNzM0OTk5MjRl
LzEveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVP6GAwQA
VP6IMA0GCSqGSIb3DQEBCwUAA4IBAQAtIqLWo6fnO/Ju08pW7UrOa3u3c4TkfeHI
ZsGO5jS2WTZ9Vu/3bQd8chK+52ZJe3yv/WLsbebXLJdQ6/1771+kq5ucY3KCo42z
Qgzm8P2HuiYBX0VJ32AlrbbYf0LmJKDdI7QqKVp09DbDUYOncmW7Aewy4P1x+nhB
SCjo0wTAE2OjCPe3smnaF0SfvKWJZpbdTiTd3dkEqf8rC9SAF7xXP4TpI7En67Ac
UJUx9NedlwTZpCwy0+ac1jhCTavA2y5yjuFrBrF8Pj/1MkUv8d3dlQKtsBpE2eoe
/K9p/8xWpYV9nXCDclIyffqIZ+8lu8maXKxTRZsYAkfJFwcjVdg/
-----END CERTIFICATE-----