Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/d3558d-9057-47db-9959-3060b36b8506/1/gbci5MuBLA9ma6kHo_vEo3lrk2k.roa
File:                     gbci5MuBLA9ma6kHo_vEo3lrk2k.roa (raw, json)
Hash identifier:          iAV6XIsSP3oQUMZVUsmjptl9YcPItxVO645U4t6TKJ8=
Subject key identifier:   81:B7:22:E4:CB:81:2C:0F:66:6B:A9:07:A3:FB:C4:A3:79:6B:93:69
Certificate issuer:       /CN=750ffb6552d58ae774ba424d5527b350624faafc
Certificate serial:       018CC56E4C2F5DFCD4041B900C0D0E2E6866
Authority key identifier: 75:0F:FB:65:52:D5:8A:E7:74:BA:42:4D:55:27:B3:50:62:4F:AA:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQ_7ZVLViud0ukJNVSezUGJPqvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/d3558d-9057-47db-9959-3060b36b8506/1/gbci5MuBLA9ma6kHo_vEo3lrk2k.roa
Signing time:             Mon 01 Jan 2024 14:29:49 +0000
ROA not before:           Mon 01 Jan 2024 14:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39328
IP address blocks:        45.67.180.0/22 maxlen: 24
                          185.154.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/d3558d-9057-47db-9959-3060b36b8506/1/dQ_7ZVLViud0ukJNVSezUGJPqvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/d3558d-9057-47db-9959-3060b36b8506/1/dQ_7ZVLViud0ukJNVSezUGJPqvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQ_7ZVLViud0ukJNVSezUGJPqvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4c:2f:5d:fc:d4:04:1b:90:0c:0d:0e:2e:68:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=750ffb6552d58ae774ba424d5527b350624faafc
        Validity
            Not Before: Jan  1 14:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81b722e4cb812c0f666ba907a3fbc4a3796b9369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2d:b0:cd:fa:4d:eb:28:dd:a6:fa:5e:4c:97:
                    8c:76:86:a5:90:d7:3a:d9:12:7e:1f:ea:c2:48:51:
                    60:4c:62:f6:5f:f5:1a:7c:01:28:e4:86:46:f8:ff:
                    85:b0:51:c5:0d:95:c6:c6:5c:39:9f:10:df:5f:8c:
                    9b:c2:c1:29:db:64:22:be:9b:62:c0:f9:5d:82:43:
                    e9:df:15:a5:0f:a3:f8:e5:b8:78:2e:b5:6c:63:6b:
                    79:a2:8a:18:43:0c:8b:57:85:c2:13:f7:38:ef:91:
                    3d:43:8c:60:2e:26:27:af:0d:02:7c:65:6e:0c:53:
                    d5:5b:df:f6:0d:dd:ed:17:28:b3:f1:e6:dc:d7:8c:
                    57:e5:df:88:c8:7a:eb:6a:1e:3d:e9:0c:42:49:0a:
                    2f:ea:cf:c1:c8:f5:61:53:b9:ed:6d:8c:cf:9d:ed:
                    bb:43:23:66:f2:2e:22:4e:05:fe:c9:8e:ac:31:c7:
                    c1:60:7b:20:dc:41:ae:74:9b:5a:c7:f3:4f:f3:7a:
                    db:1f:78:d4:e3:81:08:ca:57:c3:24:19:10:a4:a7:
                    73:3c:a4:da:22:80:10:92:e7:78:5d:64:c1:ea:d4:
                    d6:b4:35:10:75:5e:63:73:37:c6:bf:13:87:e7:bb:
                    37:b3:a7:79:13:be:b8:4d:48:9e:0f:aa:87:be:f2:
                    dd:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B7:22:E4:CB:81:2C:0F:66:6B:A9:07:A3:FB:C4:A3:79:6B:93:69
            X509v3 Authority Key Identifier:
                keyid:75:0F:FB:65:52:D5:8A:E7:74:BA:42:4D:55:27:B3:50:62:4F:AA:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQ_7ZVLViud0ukJNVSezUGJPqvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d3558d-9057-47db-9959-3060b36b8506/1/gbci5MuBLA9ma6kHo_vEo3lrk2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d3558d-9057-47db-9959-3060b36b8506/1/dQ_7ZVLViud0ukJNVSezUGJPqvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.180.0/22
                  185.154.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:72:5b:82:d9:82:40:00:2f:5e:62:52:bd:50:99:d4:c4:7d:
         85:c2:58:68:d4:21:6f:7b:bb:7e:8f:cb:13:42:ee:e0:e7:e4:
         fd:ec:6c:ac:f3:16:ef:d0:37:ac:23:58:f7:fb:49:9a:65:81:
         e0:fd:50:2e:95:be:ee:e6:ff:0c:0c:b5:d9:db:2a:5f:f3:65:
         38:fe:2b:e6:45:18:46:5e:97:6f:f7:94:ee:27:39:62:c6:e3:
         7f:dd:cd:e6:e0:92:08:ea:35:22:80:24:57:b5:d7:08:1d:5a:
         a3:df:66:fa:33:df:6c:ec:56:df:30:17:0c:a5:cf:f3:dd:8c:
         7d:63:03:46:e9:5f:f9:91:dd:8e:7a:a3:ea:93:ed:ab:b8:08:
         09:f7:18:46:43:b7:c0:f8:28:0b:db:8b:d5:bb:54:53:0a:ff:
         70:06:af:51:49:a2:e4:42:3f:da:82:10:5c:90:b9:77:26:76:
         55:d5:ed:98:41:53:e7:92:e8:4c:1c:41:46:bf:a7:88:92:12:
         bd:1c:10:0c:bc:74:aa:c3:85:ef:17:68:63:a5:c5:a9:b4:86:
         cb:a4:3e:71:fb:fa:15:98:27:01:59:2d:79:a3:f0:37:19:21:
         37:be:94:f7:0d:6b:b1:f3:ed:35:1a:98:95:c4:f4:69:d4:78:
         b8:2d:d3:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbkwvXfzUBBuQDA0OLmhmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MGZmYjY1NTJkNThhZTc3NGJhNDI0ZDU1MjdiMzUwNjI0
ZmFhZmMwHhcNMjQwMTAxMTQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWI3MjJlNGNiODEyYzBmNjY2YmE5MDdhM2ZiYzRhMzc5NmI5MzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy2wzfpN6yjdpvpeTJeMdoalkNc6
2RJ+H+rCSFFgTGL2X/UafAEo5IZG+P+FsFHFDZXGxlw5nxDfX4ybwsEp22Qivpti
wPldgkPp3xWlD6P45bh4LrVsY2t5oooYQwyLV4XCE/c475E9Q4xgLiYnrw0CfGVu
DFPVW9/2Dd3tFyiz8ebc14xX5d+IyHrrah496QxCSQov6s/ByPVhU7ntbYzPne27
QyNm8i4iTgX+yY6sMcfBYHsg3EGudJtax/NP83rbH3jU44EIylfDJBkQpKdzPKTa
IoAQkud4XWTB6tTWtDUQdV5jczfGvxOH57s3s6d5E764TUieD6qHvvLdKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIG3IuTLgSwPZmupB6P7xKN5a5NpMB8GA1UdIwQY
MBaAFHUP+2VS1YrndLpCTVUns1BiT6r8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFfN1pWTFZpdWQwdWtKTlZTZXpVR0pQcXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9kMzU1OGQtOTA1Ny00N2RiLTk5NTkt
MzA2MGIzNmI4NTA2LzEvZ2JjaTVNdUJMQTltYTZrSG9fdkVvM2xyazJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9kMzU1OGQtOTA1Ny00N2RiLTk5NTktMzA2MGIzNmI4NTA2
LzEvZFFfN1pWTFZpdWQwdWtKTlZTZXpVR0pQcXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLUO0AwQC
uZr8MA0GCSqGSIb3DQEBCwUAA4IBAQBscluC2YJAAC9eYlK9UJnUxH2Fwlho1CFv
e7t+j8sTQu7g5+T97Gys8xbv0DesI1j3+0maZYHg/VAulb7u5v8MDLXZ2ypf82U4
/ivmRRhGXpdv95TuJzlixuN/3c3m4JII6jUigCRXtdcIHVqj32b6M99s7FbfMBcM
pc/z3Yx9YwNG6V/5kd2OeqPqk+2ruAgJ9xhGQ7fA+CgL24vVu1RTCv9wBq9RSaLk
Qj/aghBckLl3JnZV1e2YQVPnkuhMHEFGv6eIkhK9HBAMvHSqw4XvF2hjpcWptIbL
pD5x+/oVmCcBWS15o/A3GSE3vpT3DWux8+01GpiVxPRp1Hi4LdNh
-----END CERTIFICATE-----