Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/gbIc_bvjAm4XrVtEykfwi366soo.roa
File:                     gbIc_bvjAm4XrVtEykfwi366soo.roa (raw, json)
Hash identifier:          cHi3jdu8qR9GC7dhCYr95Z/38HVlkJcGyK5d8lmF9QU=
Subject key identifier:   81:B2:1C:FD:BB:E3:02:6E:17:AD:5B:44:CA:47:F0:8B:7E:BA:B2:8A
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018CC5DD14524BCEC408B210B0A1B06A4778
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/gbIc_bvjAm4XrVtEykfwi366soo.roa
Signing time:             Mon 01 Jan 2024 16:30:49 +0000
ROA not before:           Mon 01 Jan 2024 16:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48336
IP address blocks:        45.135.226.0/23 maxlen: 24
                          45.86.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:14:52:4b:ce:c4:08:b2:10:b0:a1:b0:6a:47:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 16:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81b21cfdbbe3026e17ad5b44ca47f08b7ebab28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d2:17:1b:08:ab:4e:61:0d:3e:b1:9b:1c:64:
                    a8:da:a1:69:83:f2:ca:90:90:f3:54:4e:6a:f4:77:
                    f4:d5:2a:df:f4:8b:06:b0:7d:54:a1:b4:6d:7f:9a:
                    95:db:49:c6:7d:78:ad:6b:d2:79:05:8f:eb:e7:ec:
                    9c:d6:f0:46:06:eb:b5:ed:84:a5:42:66:b9:fe:82:
                    e0:79:72:d5:d6:fb:88:b4:83:7d:46:2f:85:63:30:
                    76:03:67:bc:f4:01:58:a0:78:17:99:62:90:a3:9d:
                    75:6b:f9:3a:8a:30:b8:78:91:aa:14:17:04:04:61:
                    bd:2c:36:98:74:93:5c:ee:a4:f9:4f:9b:27:42:26:
                    3e:d6:83:3a:0f:84:ba:85:bc:43:88:30:c6:75:eb:
                    6c:0e:a3:11:15:07:dc:c9:b4:76:7b:e1:cd:b2:cc:
                    5b:7b:2f:74:65:e1:60:d7:b3:1a:6f:37:8f:35:8c:
                    1b:96:dc:cd:e4:89:8c:63:d7:21:4b:23:70:ca:73:
                    52:11:49:5a:03:20:27:61:62:37:4d:d2:0e:4e:49:
                    3e:2b:45:ce:04:0d:11:7b:2b:e1:af:a0:fa:aa:2f:
                    e7:92:b7:20:ed:03:66:b4:dc:bd:bc:4d:51:62:47:
                    75:38:fa:3b:47:70:a4:1e:b7:fa:db:2d:ce:ee:c1:
                    41:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B2:1C:FD:BB:E3:02:6E:17:AD:5B:44:CA:47:F0:8B:7E:BA:B2:8A
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/gbIc_bvjAm4XrVtEykfwi366soo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.240.0/24
                  45.135.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:3e:c9:09:53:dd:c8:a9:9a:5b:80:aa:cd:1e:f6:27:1d:43:
         fc:16:88:17:7e:8c:ca:69:bb:01:5b:33:87:2e:81:a8:d8:d2:
         e5:dd:61:eb:a1:4e:fd:9b:69:9c:5d:79:85:73:3b:17:17:9c:
         37:a4:42:aa:57:b5:97:98:47:cf:98:54:0c:41:1a:9e:f2:30:
         fb:ab:57:70:18:31:e1:25:e7:7c:24:93:ad:da:74:89:4e:0e:
         22:04:68:a4:09:3c:7d:97:a7:4a:0c:20:de:61:da:01:d2:91:
         92:6f:a4:b5:db:70:a6:9a:38:dc:cf:54:aa:e8:25:ca:69:16:
         fa:02:db:ec:51:e2:b8:5d:ce:f2:d2:22:07:58:57:99:36:e1:
         0b:64:9b:51:70:14:30:69:97:ca:bf:82:21:fa:7a:b9:b3:4f:
         81:75:f2:44:51:86:de:b1:fd:19:df:7d:9f:95:d3:09:bd:48:
         ca:e5:e1:bd:1f:ab:74:55:02:53:cb:b4:57:26:69:28:84:91:
         aa:b4:ea:8c:f5:8b:fe:18:94:f9:7f:96:26:92:75:05:e1:92:
         b7:60:d8:19:65:ec:97:f7:ed:af:91:ab:92:3c:d5:6f:74:b9:
         5d:41:68:ca:58:78:a9:4f:1a:a4:4d:61:29:20:ee:c3:b5:47:
         72:a5:91:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3RRSS87ECLIQsKGwakd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTAxMTYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWIyMWNmZGJiZTMwMjZlMTdhZDViNDRjYTQ3ZjA4YjdlYmFiMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdIXGwirTmENPrGbHGSo2qFpg/LK
kJDzVE5q9Hf01Srf9IsGsH1UobRtf5qV20nGfXita9J5BY/r5+yc1vBGBuu17YSl
Qma5/oLgeXLV1vuItIN9Ri+FYzB2A2e89AFYoHgXmWKQo511a/k6ijC4eJGqFBcE
BGG9LDaYdJNc7qT5T5snQiY+1oM6D4S6hbxDiDDGdetsDqMRFQfcybR2e+HNssxb
ey90ZeFg17MabzePNYwbltzN5ImMY9chSyNwynNSEUlaAyAnYWI3TdIOTkk+K0XO
BA0Reyvhr6D6qi/nkrcg7QNmtNy9vE1RYkd1OPo7R3CkHrf62y3O7sFBmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIGyHP274wJuF61bRMpH8It+urKKMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvZ2JJY19idmpBbTRYclZ0RXlrZndpMzY2c29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVbwAwQB
LYfiMA0GCSqGSIb3DQEBCwUAA4IBAQAtPskJU93IqZpbgKrNHvYnHUP8FogXfozK
absBWzOHLoGo2NLl3WHroU79m2mcXXmFczsXF5w3pEKqV7WXmEfPmFQMQRqe8jD7
q1dwGDHhJed8JJOt2nSJTg4iBGikCTx9l6dKDCDeYdoB0pGSb6S123Cmmjjcz1Sq
6CXKaRb6AtvsUeK4Xc7y0iIHWFeZNuELZJtRcBQwaZfKv4Ih+nq5s0+BdfJEUYbe
sf0Z332fldMJvUjK5eG9H6t0VQJTy7RXJmkohJGqtOqM9Yv+GJT5f5YmknUF4ZK3
YNgZZeyX9+2vkauSPNVvdLldQWjKWHipTxqkTWEpIO7DtUdypZFM
-----END CERTIFICATE-----