Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/WIbpjNFgyL8FweUsKsihkm_PI28.roa
File:                     WIbpjNFgyL8FweUsKsihkm_PI28.roa (raw, json)
Hash identifier:          VoeMP15IKS+YATCW5k8jloGWeOvqG6TTy+tPBwoxnfM=
Subject key identifier:   58:86:E9:8C:D1:60:C8:BF:05:C1:E5:2C:2A:C8:A1:92:6F:CF:23:6F
Certificate issuer:       /CN=79646b38c3d87d33145b634b4e1dcc2145f6416c
Certificate serial:       0194236993ACC1B1E313AC42BA0C6E41E500
Authority key identifier: 79:64:6B:38:C3:D8:7D:33:14:5B:63:4B:4E:1D:CC:21:45:F6:41:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eWRrOMPYfTMUW2NLTh3MIUX2QWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/WIbpjNFgyL8FweUsKsihkm_PI28.roa
Signing time:             Wed 01 Jan 2025 19:48:29 +0000
ROA not before:           Wed 01 Jan 2025 19:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42672
IP address blocks:        95.182.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/eWRrOMPYfTMUW2NLTh3MIUX2QWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/eWRrOMPYfTMUW2NLTh3MIUX2QWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eWRrOMPYfTMUW2NLTh3MIUX2QWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:93:ac:c1:b1:e3:13:ac:42:ba:0c:6e:41:e5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79646b38c3d87d33145b634b4e1dcc2145f6416c
        Validity
            Not Before: Jan  1 19:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5886e98cd160c8bf05c1e52c2ac8a1926fcf236f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:58:b0:33:75:b3:cd:28:b6:5b:df:6a:7b:d1:
                    f0:e6:bd:eb:a8:16:50:93:af:dc:c1:24:b3:80:f7:
                    6c:73:b3:6c:d6:c7:78:69:f7:13:df:01:99:ef:cf:
                    dc:c5:f5:3c:45:d1:81:4c:6d:86:ae:d2:06:51:cc:
                    c1:d3:eb:fb:78:00:37:ee:81:67:c0:30:75:dc:b2:
                    cb:f5:36:29:9a:56:95:a5:8a:61:10:48:db:c0:1a:
                    9b:ad:36:9d:66:7c:13:53:43:2e:a0:f8:54:47:d9:
                    67:1a:c8:6b:18:9a:5e:54:b5:14:5e:f4:2a:4d:b5:
                    1a:c1:8e:66:56:ce:04:11:dd:c7:69:f3:cd:ff:54:
                    20:57:19:96:2c:53:1c:69:5d:e5:98:69:4e:d1:51:
                    84:a2:2a:39:7b:6d:c3:ca:11:c8:8a:2b:3e:a6:ba:
                    99:fe:09:a8:e3:ef:fc:4f:e0:04:40:f3:43:0d:92:
                    8a:53:8d:c9:1d:ae:b6:05:46:52:4a:3a:f7:2d:08:
                    a8:70:10:9f:1a:00:65:3d:58:e0:15:82:9f:1f:0f:
                    b3:32:9d:4f:5d:da:f9:55:6e:b6:88:a4:d9:89:e5:
                    90:b0:b4:5f:ed:c0:75:ca:15:3b:2c:46:c7:21:3a:
                    a8:42:3e:cf:b0:8a:6b:44:6e:5a:b9:00:f9:7a:05:
                    50:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:86:E9:8C:D1:60:C8:BF:05:C1:E5:2C:2A:C8:A1:92:6F:CF:23:6F
            X509v3 Authority Key Identifier:
                keyid:79:64:6B:38:C3:D8:7D:33:14:5B:63:4B:4E:1D:CC:21:45:F6:41:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eWRrOMPYfTMUW2NLTh3MIUX2QWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/WIbpjNFgyL8FweUsKsihkm_PI28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/eWRrOMPYfTMUW2NLTh3MIUX2QWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.182.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:0d:b7:a7:81:57:40:62:c0:d5:d7:0d:00:07:72:1a:0b:c5:
         70:01:9e:36:b8:84:01:58:da:a0:3d:95:89:3f:76:cf:57:51:
         55:43:ad:d7:ff:5f:76:00:36:c0:3d:62:00:26:45:0c:4e:c1:
         4d:8b:e6:b1:bb:cb:f3:f2:39:f5:c2:44:d5:9d:ee:c5:1a:a7:
         1c:72:31:c7:3f:af:b7:2e:72:af:3b:ce:60:67:1e:06:c3:8a:
         52:1d:7a:23:c7:bf:3c:14:83:fd:38:e5:3a:a9:1d:51:a5:5b:
         89:ea:01:b7:75:09:f1:33:81:1f:3b:e8:72:66:bf:d4:bd:0f:
         c4:07:f4:bc:30:43:f3:5f:f5:c3:86:0d:0e:34:05:b0:18:1b:
         02:9b:ca:44:6a:f4:77:6b:a5:9a:69:69:2c:3b:db:76:ba:f8:
         b8:c9:a2:f7:24:eb:df:65:c9:54:67:cb:6e:eb:ca:89:6a:fd:
         c8:8c:c4:12:65:a1:de:3b:b9:9c:18:5c:c0:58:46:07:12:3f:
         54:4c:da:9f:88:68:42:b9:dd:be:a2:09:05:ee:e9:56:dd:a9:
         e2:bc:47:bf:0a:67:f9:a6:f7:eb:0d:6c:b2:d9:09:0e:3e:cf:
         8b:55:e2:84:96:cc:be:f9:ab:62:d6:38:5b:a0:60:d9:08:c7:
         cd:07:e5:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaZOswbHjE6xCugxuQeUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NjQ2YjM4YzNkODdkMzMxNDViNjM0YjRlMWRjYzIxNDVm
NjQxNmMwHhcNMjUwMTAxMTk0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg2ZTk4Y2QxNjBjOGJmMDVjMWU1MmMyYWM4YTE5MjZmY2YyMzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArliwM3WzzSi2W99qe9Hw5r3rqBZQ
k6/cwSSzgPdsc7Ns1sd4afcT3wGZ78/cxfU8RdGBTG2GrtIGUczB0+v7eAA37oFn
wDB13LLL9TYpmlaVpYphEEjbwBqbrTadZnwTU0MuoPhUR9lnGshrGJpeVLUUXvQq
TbUawY5mVs4EEd3HafPN/1QgVxmWLFMcaV3lmGlO0VGEoio5e23DyhHIiis+prqZ
/gmo4+/8T+AEQPNDDZKKU43JHa62BUZSSjr3LQiocBCfGgBlPVjgFYKfHw+zMp1P
Xdr5VW62iKTZieWQsLRf7cB1yhU7LEbHITqoQj7PsIprRG5auQD5egVQEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiG6YzRYMi/BcHlLCrIoZJvzyNvMB8GA1UdIwQY
MBaAFHlkazjD2H0zFFtjS04dzCFF9kFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVdSck9NUFlmVE1VVzJOTFRoM01JVVgyUVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iMzc4ZTAtY2Y5OS00MWIxLWEzOGEt
ZTEzNmM5ODliZTMzLzEvV0licGpORmd5TDhGd2VVc0tzaWhrbV9QSTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iMzc4ZTAtY2Y5OS00MWIxLWEzOGEtZTEzNmM5ODliZTMz
LzEvZVdSck9NUFlmVE1VVzJOTFRoM01JVVgyUVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7YYMA0G
CSqGSIb3DQEBCwUAA4IBAQCBDbengVdAYsDV1w0AB3IaC8VwAZ42uIQBWNqgPZWJ
P3bPV1FVQ63X/192ADbAPWIAJkUMTsFNi+axu8vz8jn1wkTVne7FGqcccjHHP6+3
LnKvO85gZx4Gw4pSHXojx788FIP9OOU6qR1RpVuJ6gG3dQnxM4EfO+hyZr/UvQ/E
B/S8MEPzX/XDhg0ONAWwGBsCm8pEavR3a6WaaWksO9t2uvi4yaL3JOvfZclUZ8tu
68qJav3IjMQSZaHeO7mcGFzAWEYHEj9UTNqfiGhCud2+ogkF7ulW3anivEe/Cmf5
pvfrDWyy2QkOPs+LVeKElsy++ati1jhboGDZCMfNB+U2
-----END CERTIFICATE-----