Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/pNHLiZosFPLwAP2_39dVXVedoA8.roa
File:                     pNHLiZosFPLwAP2_39dVXVedoA8.roa (raw, json)
Hash identifier:          21Dk8gbrcOnUWwtpjgoXFZDgkCZkwg2MK05wmg5NEPk=
Subject key identifier:   A4:D1:CB:89:9A:2C:14:F2:F0:00:FD:BF:DF:D7:55:5D:57:9D:A0:0F
Certificate issuer:       /CN=847dc765d1a039e6fbd6b8fbb64d07d58bf584f5
Certificate serial:       019423D6F93D252AD1B664A5AEA0300585C0
Authority key identifier: 84:7D:C7:65:D1:A0:39:E6:FB:D6:B8:FB:B6:4D:07:D5:8B:F5:84:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hH3HZdGgOeb71rj7tk0H1Yv1hPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/pNHLiZosFPLwAP2_39dVXVedoA8.roa
Signing time:             Wed 01 Jan 2025 21:47:58 +0000
ROA not before:           Wed 01 Jan 2025 21:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59482
IP address blocks:        95.215.228.0/24 maxlen: 24
                          95.215.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/hH3HZdGgOeb71rj7tk0H1Yv1hPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/hH3HZdGgOeb71rj7tk0H1Yv1hPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hH3HZdGgOeb71rj7tk0H1Yv1hPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f9:3d:25:2a:d1:b6:64:a5:ae:a0:30:05:85:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=847dc765d1a039e6fbd6b8fbb64d07d58bf584f5
        Validity
            Not Before: Jan  1 21:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4d1cb899a2c14f2f000fdbfdfd7555d579da00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ff:0c:95:b3:c6:c3:f4:9c:f0:83:ad:5f:33:
                    6c:71:06:d2:f2:15:03:0d:88:60:4e:63:35:36:e5:
                    9a:43:45:39:49:8d:13:44:d7:66:b6:50:79:64:b7:
                    49:be:09:6a:d3:c5:c2:6d:8a:ab:ed:1c:52:be:e5:
                    4b:4b:c7:34:a8:ce:fe:70:65:15:7f:c4:a4:61:07:
                    ff:fa:bb:a9:c0:a4:1f:3d:f5:2a:57:b2:2e:1b:6e:
                    32:aa:03:78:2b:29:79:3e:a7:33:29:06:44:65:7a:
                    11:fa:7c:2a:da:78:bc:a1:67:2f:e9:59:3a:95:2a:
                    a9:09:d1:0a:1a:d1:bf:e4:b6:5b:ec:4a:e1:f7:9f:
                    fa:86:f4:bb:3d:2e:1c:6a:71:8d:57:6d:36:09:6c:
                    d2:f5:5c:b9:e0:c8:76:29:a4:6e:68:b3:0c:f8:1b:
                    3c:d8:7f:2e:1b:bd:b1:3a:59:e7:7a:ce:0b:76:7a:
                    59:06:3b:9f:47:65:55:87:bd:a5:a2:91:09:e3:40:
                    29:ee:f1:45:eb:24:bd:e3:05:a9:5c:3a:81:b5:74:
                    1e:25:26:01:d3:9b:da:1a:fe:df:dc:b6:98:ab:b9:
                    56:3a:ae:39:cb:a1:94:ea:84:ae:00:4f:07:89:2d:
                    85:c3:2f:cb:c1:d6:28:02:87:6e:63:fc:5d:73:c6:
                    24:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:D1:CB:89:9A:2C:14:F2:F0:00:FD:BF:DF:D7:55:5D:57:9D:A0:0F
            X509v3 Authority Key Identifier:
                keyid:84:7D:C7:65:D1:A0:39:E6:FB:D6:B8:FB:B6:4D:07:D5:8B:F5:84:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hH3HZdGgOeb71rj7tk0H1Yv1hPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/pNHLiZosFPLwAP2_39dVXVedoA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/hH3HZdGgOeb71rj7tk0H1Yv1hPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:56:3b:cc:39:30:94:df:30:5f:1b:6e:0a:72:12:07:8f:31:
         3d:79:99:a4:91:b4:dc:a2:bd:82:07:79:3f:51:e2:dd:70:4a:
         a7:cb:90:d2:71:cd:26:f8:30:f2:39:d8:d1:e7:96:fc:ae:ed:
         65:d6:89:1d:9a:50:95:c5:b4:1a:9f:3c:67:62:ea:2d:7b:63:
         c1:45:f2:5f:68:9a:43:08:d8:71:24:1e:f2:89:b0:d0:60:a6:
         c0:b3:28:01:1f:12:ad:3d:cc:09:4d:9f:eb:44:a9:6e:ef:3f:
         1c:96:28:93:76:c3:08:84:03:2a:b3:53:c5:f7:8d:81:23:af:
         8b:48:eb:32:79:0d:8a:bd:71:4e:5b:da:37:ec:07:ab:5c:a6:
         9c:2d:fa:49:bd:70:86:c5:a1:13:8c:84:04:eb:2f:f6:86:73:
         b5:b6:08:9d:d7:b4:56:e6:b3:f2:ef:2f:92:b7:f1:69:5b:1e:
         43:ce:66:99:fe:e2:ad:38:ff:75:e4:7f:ec:1f:77:32:17:43:
         0d:fe:e4:7b:68:f4:11:78:c0:4a:e1:8d:04:10:3e:f6:59:25:
         c0:f8:d8:5c:a7:e4:6d:d8:76:ac:42:5f:a1:67:5c:a8:2e:56:
         15:0b:de:40:bc:f0:7a:d7:6f:4d:ea:22:71:d9:1c:98:05:63:
         ed:5e:6c:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1vk9JSrRtmSlrqAwBYXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0N2RjNzY1ZDFhMDM5ZTZmYmQ2YjhmYmI2NGQwN2Q1OGJm
NTg0ZjUwHhcNMjUwMTAxMjE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGQxY2I4OTlhMmMxNGYyZjAwMGZkYmZkZmQ3NTU1ZDU3OWRhMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv8MlbPGw/Sc8IOtXzNscQbS8hUD
DYhgTmM1NuWaQ0U5SY0TRNdmtlB5ZLdJvglq08XCbYqr7RxSvuVLS8c0qM7+cGUV
f8SkYQf/+rupwKQfPfUqV7IuG24yqgN4Kyl5PqczKQZEZXoR+nwq2ni8oWcv6Vk6
lSqpCdEKGtG/5LZb7Erh95/6hvS7PS4canGNV202CWzS9Vy54Mh2KaRuaLMM+Bs8
2H8uG72xOlnnes4LdnpZBjufR2VVh72lopEJ40Ap7vFF6yS94wWpXDqBtXQeJSYB
05vaGv7f3LaYq7lWOq45y6GU6oSuAE8HiS2Fwy/LwdYoAoduY/xdc8YklwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTRy4maLBTy8AD9v9/XVV1XnaAPMB8GA1UdIwQY
MBaAFIR9x2XRoDnm+9a4+7ZNB9WL9YT1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEgzSFpkR2dPZWI3MXJqN3RrMEgxWXYxaFBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC83ZTUwMzAtZGEyNC00YmJiLTliOTUt
MDljZjdlNzJhMDMzLzEvcE5ITGlab3NGUEx3QVAyXzM5ZFZYVmVkb0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC83ZTUwMzAtZGEyNC00YmJiLTliOTUtMDljZjdlNzJhMDMz
LzEvaEgzSFpkR2dPZWI3MXJqN3RrMEgxWXYxaFBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX9fkMA0G
CSqGSIb3DQEBCwUAA4IBAQCPVjvMOTCU3zBfG24KchIHjzE9eZmkkbTcor2CB3k/
UeLdcEqny5DScc0m+DDyOdjR55b8ru1l1okdmlCVxbQanzxnYuote2PBRfJfaJpD
CNhxJB7yibDQYKbAsygBHxKtPcwJTZ/rRKlu7z8cliiTdsMIhAMqs1PF942BI6+L
SOsyeQ2KvXFOW9o37AerXKacLfpJvXCGxaETjIQE6y/2hnO1tgid17RW5rPy7y+S
t/FpWx5DzmaZ/uKtOP915H/sH3cyF0MN/uR7aPQReMBK4Y0EED72WSXA+Nhcp+Rt
2HasQl+hZ1yoLlYVC95AvPB6129N6iJx2RyYBWPtXmy8
-----END CERTIFICATE-----