Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/wSyfJEP83AMiCrHWmp590v-7ZD8.roa
File:                     wSyfJEP83AMiCrHWmp590v-7ZD8.roa (raw, json)
Hash identifier:          JDVdEWjuxd0+WPMNBXnMmEPqfR0KjxDi2EZT3mqXu3U=
Subject key identifier:   C1:2C:9F:24:43:FC:DC:03:22:0A:B1:D6:9A:9E:7D:D2:FF:BB:64:3F
Certificate issuer:       /CN=847dc765d1a039e6fbd6b8fbb64d07d58bf584f5
Certificate serial:       018CC3B73B750513E35F888E373AA1DF27B4
Authority key identifier: 84:7D:C7:65:D1:A0:39:E6:FB:D6:B8:FB:B6:4D:07:D5:8B:F5:84:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hH3HZdGgOeb71rj7tk0H1Yv1hPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/wSyfJEP83AMiCrHWmp590v-7ZD8.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59482
IP address blocks:        95.215.228.0/24 maxlen: 24
                          95.215.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/hH3HZdGgOeb71rj7tk0H1Yv1hPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/hH3HZdGgOeb71rj7tk0H1Yv1hPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hH3HZdGgOeb71rj7tk0H1Yv1hPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:75:05:13:e3:5f:88:8e:37:3a:a1:df:27:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=847dc765d1a039e6fbd6b8fbb64d07d58bf584f5
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c12c9f2443fcdc03220ab1d69a9e7dd2ffbb643f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:eb:b5:26:27:0c:bd:11:bb:8d:e2:74:56:cf:
                    bc:3e:5a:da:b7:63:fa:85:78:b2:b8:06:2f:53:fb:
                    dc:db:92:45:5b:28:64:42:06:32:cd:40:a4:15:08:
                    1e:64:b2:a8:17:51:27:d9:32:50:fb:a3:b2:2e:66:
                    f4:6d:06:90:e5:25:5c:ff:2e:c7:09:af:fb:61:74:
                    b1:54:91:54:6a:4a:ef:94:0b:ab:a0:75:7d:ab:83:
                    8a:89:5a:6e:27:1a:09:0e:50:96:07:92:89:6f:d3:
                    1e:e9:b4:73:b1:2a:87:72:77:b5:35:b6:56:08:e2:
                    e5:86:46:e9:46:db:58:a6:3a:a4:11:99:db:1d:53:
                    83:26:04:ca:3d:40:0f:3b:98:67:e0:c6:01:e0:3b:
                    ee:95:8b:53:89:19:6e:f4:1e:35:1c:5a:33:dd:c7:
                    e3:8c:d0:3d:6f:be:48:da:2b:94:b7:03:67:fe:69:
                    c9:b4:77:24:78:31:9c:c4:78:82:cf:be:5b:a1:33:
                    3d:b3:c7:ce:a7:39:14:7d:53:64:d4:dc:87:0e:44:
                    f8:c0:fc:a8:bc:08:01:56:ed:bf:45:c2:db:76:46:
                    af:70:44:83:ee:ef:63:c1:61:c5:fa:cd:73:36:3e:
                    bc:6c:ad:a1:b5:e3:e0:08:73:fd:25:ed:db:d5:46:
                    b2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:2C:9F:24:43:FC:DC:03:22:0A:B1:D6:9A:9E:7D:D2:FF:BB:64:3F
            X509v3 Authority Key Identifier:
                keyid:84:7D:C7:65:D1:A0:39:E6:FB:D6:B8:FB:B6:4D:07:D5:8B:F5:84:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hH3HZdGgOeb71rj7tk0H1Yv1hPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/wSyfJEP83AMiCrHWmp590v-7ZD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/7e5030-da24-4bbb-9b95-09cf7e72a033/1/hH3HZdGgOeb71rj7tk0H1Yv1hPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:11:a7:90:fc:32:ac:08:f3:08:91:87:ce:83:29:29:36:ec:
         3c:f9:55:87:60:33:c6:c9:c2:54:8e:e5:b6:86:bc:73:a8:b3:
         72:1a:73:56:e4:fd:97:6b:20:5a:47:0f:c2:b7:b3:8c:05:0b:
         9d:61:28:9f:40:11:f4:60:a8:0e:6b:3c:f6:31:6e:6a:11:3d:
         80:8a:41:44:bf:b8:c2:ec:b6:94:f2:ad:87:7a:63:d1:9b:e4:
         18:d7:03:00:73:af:af:5e:9e:f7:8d:c1:67:db:ba:b1:68:bc:
         96:1a:ab:d2:f1:19:3a:aa:79:55:1f:95:cd:34:88:4f:3a:b0:
         bb:05:2c:8e:1f:0e:38:5e:cf:44:5a:03:90:50:fe:d8:a4:09:
         96:66:ae:6f:88:f7:cc:d3:6b:eb:2f:76:88:41:c3:5d:f9:1b:
         26:cb:58:fd:ab:d2:7f:2c:2e:30:7f:6f:4e:00:bf:10:c1:19:
         d4:3f:59:c9:5e:a4:9c:4b:1c:b3:72:71:31:ed:7c:6a:62:f0:
         5b:bd:ee:ce:ed:a1:82:a4:aa:e1:48:c3:25:43:b0:22:57:60:
         45:d1:5a:ed:fb:a6:a1:c6:4f:85:0a:2f:7e:09:cc:bb:58:86:
         d8:2f:e5:66:2d:a7:63:fc:b6:09:46:c2:cd:1b:fd:43:0b:3e:
         58:27:1e:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzt1BRPjX4iONzqh3ye0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0N2RjNzY1ZDFhMDM5ZTZmYmQ2YjhmYmI2NGQwN2Q1OGJm
NTg0ZjUwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTJjOWYyNDQzZmNkYzAzMjIwYWIxZDY5YTllN2RkMmZmYmI2NDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuu1JicMvRG7jeJ0Vs+8Plrat2P6
hXiyuAYvU/vc25JFWyhkQgYyzUCkFQgeZLKoF1En2TJQ+6OyLmb0bQaQ5SVc/y7H
Ca/7YXSxVJFUakrvlAuroHV9q4OKiVpuJxoJDlCWB5KJb9Me6bRzsSqHcne1NbZW
COLlhkbpRttYpjqkEZnbHVODJgTKPUAPO5hn4MYB4DvulYtTiRlu9B41HFoz3cfj
jNA9b75I2iuUtwNn/mnJtHckeDGcxHiCz75boTM9s8fOpzkUfVNk1NyHDkT4wPyo
vAgBVu2/RcLbdkavcESD7u9jwWHF+s1zNj68bK2htePgCHP9Je3b1UaybQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEsnyRD/NwDIgqx1pqefdL/u2Q/MB8GA1UdIwQY
MBaAFIR9x2XRoDnm+9a4+7ZNB9WL9YT1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEgzSFpkR2dPZWI3MXJqN3RrMEgxWXYxaFBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC83ZTUwMzAtZGEyNC00YmJiLTliOTUt
MDljZjdlNzJhMDMzLzEvd1N5ZkpFUDgzQU1pQ3JIV21wNTkwdi03WkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC83ZTUwMzAtZGEyNC00YmJiLTliOTUtMDljZjdlNzJhMDMz
LzEvaEgzSFpkR2dPZWI3MXJqN3RrMEgxWXYxaFBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX9fkMA0G
CSqGSIb3DQEBCwUAA4IBAQBeEaeQ/DKsCPMIkYfOgykpNuw8+VWHYDPGycJUjuW2
hrxzqLNyGnNW5P2XayBaRw/Ct7OMBQudYSifQBH0YKgOazz2MW5qET2AikFEv7jC
7LaU8q2HemPRm+QY1wMAc6+vXp73jcFn27qxaLyWGqvS8Rk6qnlVH5XNNIhPOrC7
BSyOHw44Xs9EWgOQUP7YpAmWZq5viPfM02vrL3aIQcNd+Rsmy1j9q9J/LC4wf29O
AL8QwRnUP1nJXqScSxyzcnEx7XxqYvBbve7O7aGCpKrhSMMlQ7AiV2BF0Vrt+6ah
xk+FCi9+Ccy7WIbYL+VmLadj/LYJRsLNG/1DCz5YJx7u
-----END CERTIFICATE-----