Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/LHrV1cPfXHrSBtvvWkIilMF8_K0.roa
File:                     LHrV1cPfXHrSBtvvWkIilMF8_K0.roa (raw, json)
Hash identifier:          dGx17C5M7N7kYcJiMNf9urpjYiyk8qQdgim0i8yb0qE=
Subject key identifier:   2C:7A:D5:D5:C3:DF:5C:7A:D2:06:DB:EF:5A:42:22:94:C1:7C:FC:AD
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       018CC86F66E92DCCA1AEC061EE79AB301CB7
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/LHrV1cPfXHrSBtvvWkIilMF8_K0.roa
Signing time:             Tue 02 Jan 2024 04:29:52 +0000
ROA not before:           Tue 02 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.27.178.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:66:e9:2d:cc:a1:ae:c0:61:ee:79:ab:30:1c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jan  2 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c7ad5d5c3df5c7ad206dbef5a422294c17cfcad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5a:23:06:1d:ad:46:00:c1:7e:68:c7:a1:84:
                    11:3a:bc:4b:a5:28:68:50:71:71:89:bc:36:0a:0e:
                    40:f6:13:fd:20:bc:55:b1:35:09:57:f7:b2:65:f0:
                    6a:9e:bf:7b:61:4b:24:b0:f3:e9:e7:5e:69:67:88:
                    15:32:af:0f:b5:a5:b8:3f:68:4b:93:d2:cd:de:42:
                    ab:ae:8f:55:d7:d1:1f:9d:3a:4b:91:4d:47:62:a5:
                    01:8f:98:e0:ca:c3:72:0f:7f:ab:88:d7:2f:1a:88:
                    37:99:79:25:11:82:9a:ef:08:83:44:62:1e:6b:2b:
                    e0:01:73:c5:0d:e4:84:09:22:95:87:27:12:a8:08:
                    bb:30:3d:d7:2e:30:ba:68:5d:9c:c2:9d:a8:4f:f6:
                    94:7f:c3:40:17:80:9f:1a:e5:f2:01:b8:78:da:c0:
                    3e:bc:62:57:d3:16:6a:2b:05:bb:0c:fa:e9:a9:b6:
                    d4:21:8b:1e:3b:82:7c:69:9c:0a:aa:24:de:5a:4d:
                    13:b3:41:28:09:ad:77:f7:b3:3a:08:52:fc:c8:29:
                    ed:30:8d:c8:c5:ca:02:6d:4b:38:35:1b:96:01:f7:
                    c5:d6:5f:8b:6d:e8:73:b2:08:29:de:1f:17:62:37:
                    af:29:c3:af:0f:4d:69:f8:f2:e5:51:ae:95:07:14:
                    c4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:7A:D5:D5:C3:DF:5C:7A:D2:06:DB:EF:5A:42:22:94:C1:7C:FC:AD
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/LHrV1cPfXHrSBtvvWkIilMF8_K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:84:6f:4c:9c:7b:71:05:b1:ee:07:4e:a8:29:ef:05:64:27:
         4c:05:99:a0:f7:ee:47:ba:9c:f4:c3:7e:2b:3f:4a:40:6b:36:
         a1:7b:d6:de:e7:d7:e8:75:4d:93:42:b2:c7:00:84:2a:37:7b:
         cf:c5:d6:bf:fe:e4:cb:4c:84:47:24:8e:1a:4d:0c:1e:71:bf:
         e6:00:58:ca:2a:12:8d:17:b9:3c:50:93:aa:f0:d6:ff:e2:56:
         d5:75:09:a0:ae:81:6d:07:3b:36:2f:2b:ba:57:37:ae:ed:23:
         a1:19:8c:a3:73:a3:cc:14:73:35:05:cc:ce:22:a5:e2:03:69:
         9b:19:75:53:3e:4c:81:6d:b0:04:5d:05:25:0c:2a:af:bb:95:
         61:9c:c6:15:67:62:54:a5:fd:e7:bc:75:82:37:ee:7f:25:be:
         6e:93:a4:16:df:6a:3d:8d:13:df:e0:40:b8:e7:09:a6:ee:3e:
         5c:8c:e2:6c:88:62:fb:39:f9:ee:99:cf:c6:80:80:da:8d:9a:
         f4:ac:7f:2b:35:79:e9:e9:dd:ee:86:49:ae:21:db:12:f2:90:
         39:78:9e:27:95:44:cc:2d:a0:1d:81:da:d2:0b:43:4b:f0:2d:
         f5:ef:1f:a1:a4:d7:84:0b:35:84:c5:06:72:76:bf:c9:c0:61:
         e3:1e:20:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2bpLcyhrsBh7nmrMBy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjQwMTAyMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzdhZDVkNWMzZGY1YzdhZDIwNmRiZWY1YTQyMjI5NGMxN2NmY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVojBh2tRgDBfmjHoYQROrxLpSho
UHFxibw2Cg5A9hP9ILxVsTUJV/eyZfBqnr97YUsksPPp515pZ4gVMq8PtaW4P2hL
k9LN3kKrro9V19EfnTpLkU1HYqUBj5jgysNyD3+riNcvGog3mXklEYKa7wiDRGIe
ayvgAXPFDeSECSKVhycSqAi7MD3XLjC6aF2cwp2oT/aUf8NAF4CfGuXyAbh42sA+
vGJX0xZqKwW7DPrpqbbUIYseO4J8aZwKqiTeWk0Ts0EoCa1397M6CFL8yCntMI3I
xcoCbUs4NRuWAffF1l+Lbehzsggp3h8XYjevKcOvD01p+PLlUa6VBxTEAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCx61dXD31x60gbb71pCIpTBfPytMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvTEhyVjFjUGZYSHJTQnR2dldrSWlsTUY4X0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRuyMA0G
CSqGSIb3DQEBCwUAA4IBAQBihG9MnHtxBbHuB06oKe8FZCdMBZmg9+5Hupz0w34r
P0pAazahe9be59fodU2TQrLHAIQqN3vPxda//uTLTIRHJI4aTQwecb/mAFjKKhKN
F7k8UJOq8Nb/4lbVdQmgroFtBzs2Lyu6Vzeu7SOhGYyjc6PMFHM1BczOIqXiA2mb
GXVTPkyBbbAEXQUlDCqvu5VhnMYVZ2JUpf3nvHWCN+5/Jb5uk6QW32o9jRPf4EC4
5wmm7j5cjOJsiGL7Ofnumc/GgIDajZr0rH8rNXnp6d3uhkmuIdsS8pA5eJ4nlUTM
LaAdgdrSC0NL8C317x+hpNeECzWExQZydr/JwGHjHiDP
-----END CERTIFICATE-----