Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/f4e03e-27b2-494b-8c0f-6f7009bee915/1/eBovQd7laMJDh7EXSoyMFy7n66Q.roa
File:                     eBovQd7laMJDh7EXSoyMFy7n66Q.roa (raw, json)
Hash identifier:          VTjxdL7XL4VnnXvmtNRxN4uUeKR3vTv9n/WpP39ttGU=
Subject key identifier:   78:1A:2F:41:DE:E5:68:C2:43:87:B1:17:4A:8C:8C:17:2E:E7:EB:A4
Certificate issuer:       /CN=089c8c7f334053c8a90a3408009ef3d3b7a82e3d
Certificate serial:       018FC9E8CA31BCF178C84B4E2D3A835C18BA
Authority key identifier: 08:9C:8C:7F:33:40:53:C8:A9:0A:34:08:00:9E:F3:D3:B7:A8:2E:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CJyMfzNAU8ipCjQIAJ7z07eoLj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/f4e03e-27b2-494b-8c0f-6f7009bee915/1/eBovQd7laMJDh7EXSoyMFy7n66Q.roa
Signing time:             Thu 30 May 2024 14:30:27 +0000
ROA not before:           Thu 30 May 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44735
IP address blocks:        2a13:2440:b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/f4e03e-27b2-494b-8c0f-6f7009bee915/1/CJyMfzNAU8ipCjQIAJ7z07eoLj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/f4e03e-27b2-494b-8c0f-6f7009bee915/1/CJyMfzNAU8ipCjQIAJ7z07eoLj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CJyMfzNAU8ipCjQIAJ7z07eoLj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c9:e8:ca:31:bc:f1:78:c8:4b:4e:2d:3a:83:5c:18:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=089c8c7f334053c8a90a3408009ef3d3b7a82e3d
        Validity
            Not Before: May 30 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=781a2f41dee568c24387b1174a8c8c172ee7eba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1b:13:ed:48:c4:fd:8c:52:ad:f8:31:38:9b:
                    df:b7:23:93:1a:6e:4d:4e:aa:86:84:77:6c:b1:ef:
                    16:55:36:f6:e3:83:79:57:2f:22:f0:db:b1:49:53:
                    09:e1:cf:d7:53:29:22:4a:d3:57:e0:34:42:82:3e:
                    b7:01:69:e0:ec:22:31:95:65:a5:eb:a0:db:91:5d:
                    a0:ca:2f:2c:2d:de:fc:62:5f:98:64:78:88:53:bf:
                    bf:8d:fa:d7:ae:b7:9d:1e:86:02:9d:fc:87:47:8b:
                    ed:e9:04:aa:10:57:1e:d2:d2:1c:86:60:5b:bd:72:
                    45:7d:4a:21:8c:73:df:ae:57:18:0b:3e:70:40:62:
                    99:2b:2a:19:b9:8f:07:73:29:e1:f1:bd:5c:65:56:
                    63:cd:07:7b:f4:d1:c1:40:60:b0:ed:a2:11:3a:e5:
                    4c:5e:04:d8:41:b2:0c:d6:1e:b6:b6:89:f2:d0:27:
                    38:11:d0:e1:2e:af:49:4c:d3:1d:f9:8a:9f:e7:2d:
                    cd:d1:de:20:b8:ae:53:79:6f:1a:f1:0c:ad:f6:e2:
                    6e:0c:0e:f6:fd:97:ae:62:1b:c2:a9:04:60:e3:55:
                    e2:fe:ea:00:af:5b:20:d9:9a:8a:4d:b9:b7:84:1d:
                    c6:c5:57:fb:b7:20:08:33:bb:23:cf:37:d5:1c:91:
                    46:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1A:2F:41:DE:E5:68:C2:43:87:B1:17:4A:8C:8C:17:2E:E7:EB:A4
            X509v3 Authority Key Identifier:
                keyid:08:9C:8C:7F:33:40:53:C8:A9:0A:34:08:00:9E:F3:D3:B7:A8:2E:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJyMfzNAU8ipCjQIAJ7z07eoLj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f4e03e-27b2-494b-8c0f-6f7009bee915/1/eBovQd7laMJDh7EXSoyMFy7n66Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f4e03e-27b2-494b-8c0f-6f7009bee915/1/CJyMfzNAU8ipCjQIAJ7z07eoLj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2440:b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:4e:fa:5c:30:b7:f7:c7:27:f4:9c:68:36:4d:2d:45:9e:44:
         47:d7:96:4c:e1:5f:a6:d0:c1:09:fe:40:fc:36:99:cb:a5:92:
         34:e9:af:e8:0e:c3:49:c5:4d:f9:63:c1:f1:6a:02:d1:33:42:
         6c:84:c4:81:07:2b:3d:5d:cd:4c:50:ff:d5:e8:ef:04:5d:30:
         6a:c6:f4:31:e5:21:f2:30:a2:32:12:47:4b:aa:1e:ae:98:5e:
         12:40:0b:b4:e6:51:4f:72:81:e6:d6:3c:4d:62:35:93:16:10:
         4d:5c:11:67:2f:7c:42:56:94:3c:b1:37:c3:b3:11:dc:90:e1:
         e4:39:72:33:ed:77:9b:37:ca:58:f1:a1:bf:94:42:3d:0a:19:
         32:a3:f9:f4:f5:2e:89:54:5e:d8:bb:70:af:96:dd:fb:c0:5c:
         8b:b2:9b:12:57:e7:33:1b:82:c7:c5:22:a4:a9:1d:b5:a4:34:
         30:7b:14:ba:24:f7:f3:a5:fe:ed:f3:cd:9a:0c:03:23:90:83:
         c4:87:6a:0b:ac:06:55:e6:b6:ea:0b:01:1f:79:06:23:ab:29:
         d0:94:df:e1:cc:d1:60:eb:ad:e6:22:6f:15:15:9c:32:54:14:
         3b:ce:b4:d3:ef:7a:88:01:d8:9f:9f:c2:2f:79:5f:cd:93:7d:
         99:be:7b:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/J6MoxvPF4yEtOLTqDXBi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OWM4YzdmMzM0MDUzYzhhOTBhMzQwODAwOWVmM2QzYjdh
ODJlM2QwHhcNMjQwNTMwMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFhMmY0MWRlZTU2OGMyNDM4N2IxMTc0YThjOGMxNzJlZTdlYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhsT7UjE/YxSrfgxOJvftyOTGm5N
TqqGhHdsse8WVTb244N5Vy8i8NuxSVMJ4c/XUykiStNX4DRCgj63AWng7CIxlWWl
66DbkV2gyi8sLd78Yl+YZHiIU7+/jfrXrredHoYCnfyHR4vt6QSqEFce0tIchmBb
vXJFfUohjHPfrlcYCz5wQGKZKyoZuY8Hcynh8b1cZVZjzQd79NHBQGCw7aIROuVM
XgTYQbIM1h62tony0Cc4EdDhLq9JTNMd+Yqf5y3N0d4guK5TeW8a8Qyt9uJuDA72
/ZeuYhvCqQRg41Xi/uoAr1sg2ZqKTbm3hB3GxVf7tyAIM7sjzzfVHJFGgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHgaL0He5WjCQ4exF0qMjBcu5+ukMB8GA1UdIwQY
MBaAFAicjH8zQFPIqQo0CACe89O3qC49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0p5TWZ6TkFVOGlwQ2pRSUFKN3owN2VvTGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9mNGUwM2UtMjdiMi00OTRiLThjMGYt
NmY3MDA5YmVlOTE1LzEvZUJvdlFkN2xhTUpEaDdFWFNveU1GeTduNjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9mNGUwM2UtMjdiMi00OTRiLThjMGYtNmY3MDA5YmVlOTE1
LzEvQ0p5TWZ6TkFVOGlwQ2pRSUFKN3owN2VvTGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhMkQACw
MA0GCSqGSIb3DQEBCwUAA4IBAQCETvpcMLf3xyf0nGg2TS1FnkRH15ZM4V+m0MEJ
/kD8NpnLpZI06a/oDsNJxU35Y8HxagLRM0JshMSBBys9Xc1MUP/V6O8EXTBqxvQx
5SHyMKIyEkdLqh6umF4SQAu05lFPcoHm1jxNYjWTFhBNXBFnL3xCVpQ8sTfDsxHc
kOHkOXIz7XebN8pY8aG/lEI9Chkyo/n09S6JVF7Yu3Cvlt37wFyLspsSV+czG4LH
xSKkqR21pDQwexS6JPfzpf7t882aDAMjkIPEh2oLrAZV5rbqCwEfeQYjqynQlN/h
zNFg663mIm8VFZwyVBQ7zrTT73qIAdifn8IveV/Nk32ZvnvW
-----END CERTIFICATE-----