Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Gic-PBbn04xnWddgp21gA524KJ4.roa
File:                     Gic-PBbn04xnWddgp21gA524KJ4.roa (raw, json)
Hash identifier:          gAnbN9h15sW7Ob7jt7RMlMieSrJdVnjQ8zWu2k+Jb0Y=
Subject key identifier:   1A:27:3E:3C:16:E7:D3:8C:67:59:D7:60:A7:6D:60:03:9D:B8:28:9E
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0588AD32CE09FA3A3B2BC381959E
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Gic-PBbn04xnWddgp21gA524KJ4.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44626
IP address blocks:        5.8.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:05:88:ad:32:ce:09:fa:3a:3b:2b:c3:81:95:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a273e3c16e7d38c6759d760a76d60039db8289e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2a:de:bb:34:44:19:54:3b:f1:04:c7:6a:0a:
                    3a:a3:8e:50:6d:a4:37:a2:a4:db:04:a6:92:87:b0:
                    9d:95:83:ab:e1:e6:b8:b5:84:69:9c:68:8a:ae:3a:
                    28:1b:60:12:c3:88:94:3b:5c:5d:e0:57:aa:0b:73:
                    c7:19:26:50:15:d3:c2:79:3c:6b:13:4f:35:53:56:
                    22:ad:45:42:cd:a2:22:73:d1:ea:d9:8f:46:94:78:
                    c3:fd:7b:ff:12:71:de:e6:12:0e:4f:6e:53:83:80:
                    3d:ea:bb:5f:ac:23:b2:81:1d:a5:fa:a6:06:af:ef:
                    1b:10:2b:57:ec:6c:0a:25:f3:0e:d3:12:02:67:b2:
                    e0:7e:be:74:00:2c:58:ac:7f:b5:83:c7:e7:26:87:
                    18:c0:05:e1:85:0d:bd:c2:8d:34:5a:0f:90:69:db:
                    5c:ca:3d:37:b9:22:4d:e8:55:a1:38:a8:be:59:c4:
                    d1:c8:76:d3:aa:51:1d:3e:14:31:f7:09:87:71:ef:
                    b2:5f:df:41:75:e4:d2:33:1b:35:be:89:8d:7b:ee:
                    68:31:a8:72:e8:15:1d:22:56:22:73:25:94:bf:12:
                    85:49:fb:3a:1a:dd:60:d4:38:d5:27:58:00:94:f6:
                    c9:89:1e:5f:4c:62:3c:9e:a4:e6:e2:18:06:fe:2c:
                    53:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:27:3E:3C:16:E7:D3:8C:67:59:D7:60:A7:6D:60:03:9D:B8:28:9E
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Gic-PBbn04xnWddgp21gA524KJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:89:11:38:42:47:ce:b9:89:d0:48:68:66:8b:9a:ef:23:44:
         96:b9:86:bc:c0:2b:f5:c5:d0:b2:65:96:2a:99:50:c4:fb:26:
         c6:17:0c:98:5c:23:bc:7b:bc:b9:ad:0a:e6:08:12:34:19:f7:
         89:49:98:eb:72:e7:fd:9f:f2:11:59:0f:dd:da:32:03:1d:6e:
         f3:93:02:bf:7f:7a:9b:b6:57:0a:2b:75:f2:29:0c:c1:ba:b9:
         82:cc:e1:b8:78:f3:04:15:83:a6:42:78:93:9c:0d:19:07:5d:
         e3:8f:15:5d:ad:8f:c5:a5:16:1f:11:72:e4:e2:3b:c5:5f:e9:
         e4:dd:3d:6f:ab:86:b4:9c:23:67:19:f8:2b:90:a7:97:b7:d5:
         f9:aa:c7:a1:55:24:99:a4:a4:0e:78:52:0e:24:79:d5:e3:0b:
         fd:45:71:6c:8b:43:ba:1b:cc:10:8a:57:d5:44:c1:f6:0b:04:
         9a:e8:c2:02:6f:50:4f:58:26:3d:05:ba:21:65:f3:a3:84:7b:
         00:7e:1a:7f:ea:68:ee:85:70:5f:43:74:4f:4d:51:13:3c:d4:
         df:2b:31:2d:b6:89:bc:72:2b:34:40:6f:fa:1b:b8:5b:fd:14:
         db:22:38:80:09:3a:4b:ab:a7:40:00:75:c1:d9:92:c9:a6:a7:
         d8:a4:eb:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgWIrTLOCfo6OyvDgZWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTI3M2UzYzE2ZTdkMzhjNjc1OWQ3NjBhNzZkNjAwMzlkYjgyODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSreuzREGVQ78QTHago6o45QbaQ3
oqTbBKaSh7CdlYOr4ea4tYRpnGiKrjooG2ASw4iUO1xd4FeqC3PHGSZQFdPCeTxr
E081U1YirUVCzaIic9Hq2Y9GlHjD/Xv/EnHe5hIOT25Tg4A96rtfrCOygR2l+qYG
r+8bECtX7GwKJfMO0xICZ7Lgfr50ACxYrH+1g8fnJocYwAXhhQ29wo00Wg+Qadtc
yj03uSJN6FWhOKi+WcTRyHbTqlEdPhQx9wmHce+yX99BdeTSMxs1vomNe+5oMahy
6BUdIlYicyWUvxKFSfs6Gt1g1DjVJ1gAlPbJiR5fTGI8nqTm4hgG/ixTswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBonPjwW59OMZ1nXYKdtYAOduCieMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvR2ljLVBCYm4wNHhuV2RkZ3AyMWdBNTI0S0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQg7MA0G
CSqGSIb3DQEBCwUAA4IBAQDKiRE4QkfOuYnQSGhmi5rvI0SWuYa8wCv1xdCyZZYq
mVDE+ybGFwyYXCO8e7y5rQrmCBI0GfeJSZjrcuf9n/IRWQ/d2jIDHW7zkwK/f3qb
tlcKK3XyKQzBurmCzOG4ePMEFYOmQniTnA0ZB13jjxVdrY/FpRYfEXLk4jvFX+nk
3T1vq4a0nCNnGfgrkKeXt9X5qsehVSSZpKQOeFIOJHnV4wv9RXFsi0O6G8wQilfV
RMH2CwSa6MICb1BPWCY9BbohZfOjhHsAfhp/6mjuhXBfQ3RPTVETPNTfKzEttom8
cis0QG/6G7hb/RTbIjiACTpLq6dAAHXB2ZLJpqfYpOsF
-----END CERTIFICATE-----