Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/eBO3HfbX9Ua1LeMFAT-NJHSEA4I.roa
File:                     eBO3HfbX9Ua1LeMFAT-NJHSEA4I.roa (raw, json)
Hash identifier:          vjZfOhL0txDZcuVwz7dgAPqdGMjyJQeiRvFNjwSOWD4=
Subject key identifier:   78:13:B7:1D:F6:D7:F5:46:B5:2D:E3:05:01:3F:8D:24:74:84:03:82
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018E1A45BB63BF818D383E79C6F7EDF89234
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/eBO3HfbX9Ua1LeMFAT-NJHSEA4I.roa
Signing time:             Thu 07 Mar 2024 18:56:01 +0000
ROA not before:           Thu 07 Mar 2024 18:56:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        46.38.128.0/24 maxlen: 24
                          46.38.130.0/24 maxlen: 24
                          212.16.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1a:45:bb:63:bf:81:8d:38:3e:79:c6:f7:ed:f8:92:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Mar  7 18:56:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7813b71df6d7f546b52de305013f8d2474840382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:38:f1:21:d1:09:28:26:35:b5:42:54:6d:9b:
                    e0:08:0f:d3:e4:30:0c:dc:f6:68:9c:03:f7:cf:f5:
                    57:31:e1:b1:c0:36:70:82:74:97:2a:90:00:82:46:
                    5e:e8:14:55:72:b0:0f:ea:f9:a3:4e:ca:c8:af:80:
                    a5:b6:06:f9:24:13:22:3f:1a:b5:c7:f2:0e:d7:3e:
                    c7:fc:9c:8f:16:7a:1b:69:f2:07:d3:9e:e6:4b:d3:
                    45:69:e1:a4:fb:10:87:1d:62:e8:be:12:7d:cb:2c:
                    6c:e4:f7:b7:25:84:64:8d:b9:d2:13:ab:8b:95:40:
                    38:de:ba:f9:d9:4d:72:93:9b:19:b3:88:ce:37:f9:
                    cd:fd:07:47:ac:e8:39:46:20:65:21:11:cc:0e:09:
                    52:21:f9:8f:77:d1:2d:b7:70:75:9b:63:64:44:8f:
                    a2:ea:2a:e8:79:bf:7b:e6:b2:4b:04:e1:13:f6:99:
                    4b:bf:3d:d7:89:3e:a6:27:a8:19:ac:15:60:13:65:
                    46:b0:f1:d4:47:71:83:32:f9:27:07:2a:c4:ff:7c:
                    60:e8:4d:0c:9b:2b:49:10:a2:92:25:5e:fb:0d:52:
                    f6:f6:8f:2f:31:13:b5:ce:53:6e:44:a9:85:2c:16:
                    d4:1b:b2:5f:65:9c:df:18:cb:ac:a5:de:ef:cd:bb:
                    86:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:13:B7:1D:F6:D7:F5:46:B5:2D:E3:05:01:3F:8D:24:74:84:03:82
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/eBO3HfbX9Ua1LeMFAT-NJHSEA4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.128.0/24
                  46.38.130.0/24
                  212.16.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:a7:e0:8e:5f:ed:5f:4d:a6:8f:33:f5:ec:ca:e5:11:07:2d:
         73:73:af:58:68:cc:b5:2b:01:2a:70:94:73:9d:a2:0d:d3:1b:
         75:74:61:7f:86:bb:34:2c:d8:73:a4:a5:8f:1e:54:c7:2c:24:
         37:9f:e4:a5:8e:9d:ea:81:49:ff:86:d1:72:3f:00:fb:7d:d9:
         85:1b:d9:e2:75:12:31:6d:3d:a2:16:6b:85:cc:79:96:40:1e:
         39:af:9a:b2:a0:c0:dc:3c:27:f4:6d:43:25:a3:a1:f1:ec:34:
         98:4b:c6:a9:c3:16:0e:d2:0b:30:99:a3:16:ff:58:bc:21:6a:
         0c:2b:62:5d:2a:96:77:dc:c7:67:69:51:4c:09:91:7a:7b:5a:
         58:2a:69:20:c3:93:e5:00:e6:b9:f2:6f:5c:5d:87:95:b6:d1:
         96:04:de:e6:75:5b:b6:31:01:8d:2b:18:0d:f4:26:ef:5c:50:
         8e:1f:c3:a7:4f:7f:d9:50:cc:a9:3e:9d:b1:f2:30:b6:38:2d:
         21:be:e2:31:6f:c6:a6:a7:68:f9:ba:ce:87:93:2d:df:06:4a:
         42:12:d3:0a:87:11:9a:bf:4b:a7:31:2c:ba:bb:d5:92:85:b9:
         fb:f8:1a:c9:d1:73:b2:b5:43:43:dc:87:97:15:71:ff:3b:70:
         62:ad:96:8e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY4aRbtjv4GNOD55xvft+JI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMzA3MTg1NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODEzYjcxZGY2ZDdmNTQ2YjUyZGUzMDUwMTNmOGQyNDc0ODQwMzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjjxIdEJKCY1tUJUbZvgCA/T5DAM
3PZonAP3z/VXMeGxwDZwgnSXKpAAgkZe6BRVcrAP6vmjTsrIr4Cltgb5JBMiPxq1
x/IO1z7H/JyPFnobafIH057mS9NFaeGk+xCHHWLovhJ9yyxs5Pe3JYRkjbnSE6uL
lUA43rr52U1yk5sZs4jON/nN/QdHrOg5RiBlIRHMDglSIfmPd9Ett3B1m2NkRI+i
6iroeb975rJLBOET9plLvz3XiT6mJ6gZrBVgE2VGsPHUR3GDMvknByrE/3xg6E0M
mytJEKKSJV77DVL29o8vMRO1zlNuRKmFLBbUG7JfZZzfGMuspd7vzbuG+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHgTtx321/VGtS3jBQE/jSR0hAOCMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvZUJPM0hmYlg5VWExTGVNRkFULU5KSFNFQTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALiaAAwQA
LiaCAwQA1BBQMA0GCSqGSIb3DQEBCwUAA4IBAQBWp+COX+1fTaaPM/XsyuURBy1z
c69YaMy1KwEqcJRznaIN0xt1dGF/hrs0LNhzpKWPHlTHLCQ3n+Sljp3qgUn/htFy
PwD7fdmFG9nidRIxbT2iFmuFzHmWQB45r5qyoMDcPCf0bUMlo6Hx7DSYS8apwxYO
0gswmaMW/1i8IWoMK2JdKpZ33MdnaVFMCZF6e1pYKmkgw5PlAOa58m9cXYeVttGW
BN7mdVu2MQGNKxgN9CbvXFCOH8OnT3/ZUMypPp2x8jC2OC0hvuIxb8amp2j5us6H
ky3fBkpCEtMKhxGav0unMSy6u9WShbn7+BrJ0XOytUND3IeXFXH/O3BirZaO
-----END CERTIFICATE-----