Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/LgNZeRIOd3zN70IRMMp6WzdfhMk.roa
File:                     LgNZeRIOd3zN70IRMMp6WzdfhMk.roa (raw, json)
Hash identifier:          uC0OIlvYaVTQUhtupuqdqYdhMRjDJ6ESjOI/R3LcURg=
Subject key identifier:   2E:03:59:79:12:0E:77:7C:CD:EF:42:11:30:CA:7A:5B:37:5F:84:C9
Certificate issuer:       /CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
Certificate serial:       018CC4931DD1B15D5492027CB04D2B29C9BF
Authority key identifier: 91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/LgNZeRIOd3zN70IRMMp6WzdfhMk.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57551
IP address blocks:        82.112.175.0/24 maxlen: 24
                          82.112.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1d:d1:b1:5d:54:92:02:7c:b0:4d:2b:29:c9:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e035979120e777ccdef421130ca7a5b375f84c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1c:0b:56:cf:b2:ee:30:b1:e7:b0:82:81:65:
                    b0:36:79:7b:33:38:b5:c0:75:ed:1b:c2:d7:14:7a:
                    a2:0b:dd:95:a3:e3:6a:e5:48:9e:4c:ad:e1:8a:37:
                    c0:5f:49:de:66:65:70:f4:fe:c2:b0:b2:f1:31:dc:
                    60:1a:c4:39:03:22:d0:cc:62:d8:d8:98:04:77:e4:
                    82:c5:50:7f:6a:ce:eb:3b:8b:3f:5b:34:33:e8:02:
                    f2:21:ed:95:06:79:4c:03:d2:19:72:12:a8:e8:8d:
                    33:5e:ee:7b:89:15:47:de:ec:7f:e0:3a:5d:64:c2:
                    ca:f0:6c:71:fe:83:dd:7f:f4:7d:c7:d4:fd:a0:30:
                    f4:16:d1:43:62:32:b7:27:1e:98:93:a7:48:1d:bd:
                    11:2e:54:1c:c8:bd:ab:40:db:35:cb:02:88:a1:3a:
                    1c:ce:0d:33:3b:a9:03:12:e6:f3:61:7b:40:df:69:
                    9a:5c:c2:a8:40:22:7f:43:16:d1:a9:2a:cf:18:bf:
                    2c:30:00:f9:2f:64:80:93:50:e5:ea:67:e2:7f:74:
                    aa:84:a5:0b:32:92:5a:98:11:8d:bd:1a:4a:48:bc:
                    87:48:ca:6d:e8:ec:c4:3d:6f:51:74:16:3d:a0:07:
                    f5:97:41:01:ef:ac:c1:23:ef:0f:fb:e9:30:39:fa:
                    30:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:03:59:79:12:0E:77:7C:CD:EF:42:11:30:CA:7A:5B:37:5F:84:C9
            X509v3 Authority Key Identifier:
                keyid:91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/LgNZeRIOd3zN70IRMMp6WzdfhMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:75:6a:03:5d:e9:ea:cf:79:96:e4:0a:f4:aa:aa:94:78:49:
         c0:1f:ae:74:ca:3b:d9:e1:40:7b:a3:ed:a0:a7:60:d6:e0:22:
         81:15:29:87:49:a1:1d:95:df:8d:37:a0:fc:f3:d7:28:57:28:
         6d:e9:a3:2d:e3:25:da:4a:f3:c4:60:bf:cb:63:9a:80:6a:f3:
         c8:41:e9:5e:d4:4e:9e:83:55:cd:48:2f:02:32:f8:c7:f0:38:
         ab:24:03:a8:6d:01:a9:20:2a:c6:66:ce:60:4c:78:ef:61:58:
         67:22:cb:a2:b3:d2:51:18:3d:c0:3d:ab:c4:ee:3d:6b:7d:4b:
         b2:b3:75:71:05:13:c8:b7:82:d3:3e:30:b8:ff:33:5b:fe:85:
         67:d5:bd:63:a8:68:0c:88:bc:55:c9:37:1c:c2:63:62:2f:aa:
         6b:13:ec:b3:e3:2d:fe:21:56:5f:75:14:d0:f1:c9:2f:50:d3:
         a0:4d:36:f7:62:05:82:3a:49:94:6b:72:dd:19:9e:8f:cc:ba:
         dc:06:85:75:a5:ae:6a:5a:66:bd:03:35:2c:56:97:3d:4c:d9:
         38:1f:1b:29:f4:11:e3:ea:6b:eb:30:e8:b1:d1:f6:1e:40:e0:
         30:a9:d5:6e:f9:6e:e8:9a:25:e8:41:76:c0:2b:d2:bb:48:27:
         39:b6:03:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkx3RsV1UkgJ8sE0rKcm/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzgxYmM5NjlkZTZhZGMzZDFkZGMwZWI4OWJkZWVhY2U5
ODA1Y2QwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAzNTk3OTEyMGU3NzdjY2RlZjQyMTEzMGNhN2E1YjM3NWY4NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxwLVs+y7jCx57CCgWWwNnl7Mzi1
wHXtG8LXFHqiC92Vo+Nq5UieTK3hijfAX0neZmVw9P7CsLLxMdxgGsQ5AyLQzGLY
2JgEd+SCxVB/as7rO4s/WzQz6ALyIe2VBnlMA9IZchKo6I0zXu57iRVH3ux/4Dpd
ZMLK8Gxx/oPdf/R9x9T9oDD0FtFDYjK3Jx6Yk6dIHb0RLlQcyL2rQNs1ywKIoToc
zg0zO6kDEubzYXtA32maXMKoQCJ/QxbRqSrPGL8sMAD5L2SAk1Dl6mfif3SqhKUL
MpJamBGNvRpKSLyHSMpt6OzEPW9RdBY9oAf1l0EB76zBI+8P++kwOfowEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4DWXkSDnd8ze9CETDKels3X4TJMB8GA1UdIwQY
MBaAFJE4G8lp3mrcPR3cDrib3urOmAXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMt
MjU2ZGE5NWQxMzQ1LzEvTGdOWmVSSU9kM3pONzBJUk1NcDZXemRmaE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMtMjU2ZGE5NWQxMzQ1
LzEva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUnCuMA0G
CSqGSIb3DQEBCwUAA4IBAQBndWoDXenqz3mW5Ar0qqqUeEnAH650yjvZ4UB7o+2g
p2DW4CKBFSmHSaEdld+NN6D889coVyht6aMt4yXaSvPEYL/LY5qAavPIQele1E6e
g1XNSC8CMvjH8DirJAOobQGpICrGZs5gTHjvYVhnIsuis9JRGD3APavE7j1rfUuy
s3VxBRPIt4LTPjC4/zNb/oVn1b1jqGgMiLxVyTccwmNiL6prE+yz4y3+IVZfdRTQ
8ckvUNOgTTb3YgWCOkmUa3LdGZ6PzLrcBoV1pa5qWma9AzUsVpc9TNk4Hxsp9BHj
6mvrMOix0fYeQOAwqdVu+W7omiXoQXbAK9K7SCc5tgPb
-----END CERTIFICATE-----