Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/j5-KkPhaonBp9O6Lkh4cihKg3lE.roa
File:                     j5-KkPhaonBp9O6Lkh4cihKg3lE.roa (raw, json)
Hash identifier:          r9c9FFI37N+3Q9oPETJTdezbNhd2csllh0uExHrciX8=
Subject key identifier:   8F:9F:8A:90:F8:5A:A2:70:69:F4:EE:8B:92:1E:1C:8A:12:A0:DE:51
Certificate issuer:       /CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
Certificate serial:       018CC2DAE265AC01D9AD5491C30A2662C9CB
Authority key identifier: 13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/j5-KkPhaonBp9O6Lkh4cihKg3lE.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9095
IP address blocks:        160.75.0.0/16 maxlen: 24
                          161.9.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e2:65:ac:01:d9:ad:54:91:c3:0a:26:62:c9:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f9f8a90f85aa27069f4ee8b921e1c8a12a0de51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:db:f4:6f:7c:f3:8f:b5:11:ad:e2:1b:9f:70:
                    14:65:fb:eb:15:52:c0:00:80:4a:6c:30:ee:9a:82:
                    3e:94:a9:ec:68:32:11:2b:4f:35:6f:6e:80:44:7f:
                    6f:5e:6c:03:cc:11:f4:3b:d0:37:57:b9:c3:e1:9b:
                    13:c0:19:9c:db:d6:73:50:23:e7:f5:2e:e2:78:7c:
                    74:6c:b2:08:95:62:46:6f:91:c5:4c:4e:dc:73:99:
                    8c:b9:1b:1d:3e:d7:c0:e4:01:b9:64:cf:86:05:2f:
                    a0:9c:7e:97:99:9e:a4:e6:dc:78:1c:f8:fb:ba:90:
                    08:22:87:3e:93:e6:72:3f:54:7c:a2:65:86:5c:b0:
                    8d:ee:14:e0:c9:54:b2:66:56:5e:bf:8e:83:7f:68:
                    bb:72:f0:75:c5:89:c5:e4:ed:e2:19:b7:ca:cc:3c:
                    ae:e7:38:e1:97:07:08:d0:bf:a9:44:4d:ce:d4:90:
                    ac:a3:3b:1b:9e:d3:46:e2:aa:5b:e5:af:61:09:d0:
                    3f:5a:73:fb:ae:87:46:f9:b4:6a:b1:a4:a2:c6:fa:
                    2e:42:64:38:56:34:2e:13:93:af:b8:5b:75:be:00:
                    ae:df:06:06:53:b1:3c:13:d0:6b:b3:48:cd:3e:cd:
                    93:b4:85:9e:61:84:c2:fa:09:74:19:9a:78:e9:36:
                    07:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:9F:8A:90:F8:5A:A2:70:69:F4:EE:8B:92:1E:1C:8A:12:A0:DE:51
            X509v3 Authority Key Identifier:
                keyid:13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/j5-KkPhaonBp9O6Lkh4cihKg3lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.75.0.0/16
                  161.9.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         01:29:41:8a:e1:02:a9:0a:8c:34:3d:8a:54:b4:4f:2e:08:ff:
         95:1c:7f:51:e0:9f:ce:a8:37:3b:96:6b:f9:e7:d7:79:4d:4a:
         3f:a3:3a:87:f7:1d:a1:62:5c:84:c4:31:c1:20:05:27:a9:6b:
         79:7e:74:ba:90:4d:14:58:1f:c1:21:cb:90:f4:a8:2b:0e:d7:
         36:f4:6d:d9:40:a6:0f:df:d3:a7:01:09:7b:23:e9:72:1f:12:
         81:d1:9d:1e:5d:78:29:a5:14:bf:e9:5a:d3:7b:29:50:80:f0:
         e2:5c:8f:d7:1b:bb:68:75:50:50:c8:ad:7c:71:bd:fd:d6:d0:
         dd:88:2d:60:5e:5d:00:25:05:63:5a:f3:2d:32:8e:89:1f:ba:
         b3:b4:1c:97:c5:bd:ae:da:e5:84:1c:41:70:5c:b4:b5:30:39:
         8e:c4:9c:bb:b1:01:2f:b2:42:db:58:fe:2c:ac:33:c8:b3:5b:
         ea:b0:fc:1d:0e:18:d5:42:e5:99:5e:ad:b3:00:34:2b:6f:c3:
         6e:e1:be:90:a7:77:84:32:63:31:f6:5d:71:8e:8f:75:34:02:
         e8:e9:b9:ab:61:55:23:8f:ae:ea:de:25:75:68:8b:af:eb:cf:
         70:6f:42:74:38:fe:fd:82:40:08:77:ae:d7:44:85:72:cb:c8:
         3f:07:28:35
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzC2uJlrAHZrVSRwwomYsnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWE3OGIyOGYwNTRmNzJmNTIyNmFlM2VjNDU0OTgwZWQy
YTEwYzkwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjlmOGE5MGY4NWFhMjcwNjlmNGVlOGI5MjFlMWM4YTEyYTBkZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidv0b3zzj7URreIbn3AUZfvrFVLA
AIBKbDDumoI+lKnsaDIRK081b26ARH9vXmwDzBH0O9A3V7nD4ZsTwBmc29ZzUCPn
9S7ieHx0bLIIlWJGb5HFTE7cc5mMuRsdPtfA5AG5ZM+GBS+gnH6XmZ6k5tx4HPj7
upAIIoc+k+ZyP1R8omWGXLCN7hTgyVSyZlZev46Df2i7cvB1xYnF5O3iGbfKzDyu
5zjhlwcI0L+pRE3O1JCsozsbntNG4qpb5a9hCdA/WnP7rodG+bRqsaSixvouQmQ4
VjQuE5OvuFt1vgCu3wYGU7E8E9Brs0jNPs2TtIWeYYTC+gl0GZp46TYH+wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFI+fipD4WqJwafTui5IeHIoSoN5RMB8GA1UdIwQY
MBaAFBPqeLKPBU9y9SJq4+xFSYDtKhDJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUt
MTA5OGQ2ZDg4ZGU4LzEvajUtS2tQaGFvbkJwOU82TGtoNGNpaEtnM2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUtMTA5OGQ2ZDg4ZGU4
LzEvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAoEsDBAeh
CQAwDQYJKoZIhvcNAQELBQADggEBAAEpQYrhAqkKjDQ9ilS0Ty4I/5Ucf1Hgn86o
NzuWa/nn13lNSj+jOof3HaFiXITEMcEgBSepa3l+dLqQTRRYH8Ehy5D0qCsO1zb0
bdlApg/f06cBCXsj6XIfEoHRnR5deCmlFL/pWtN7KVCA8OJcj9cbu2h1UFDIrXxx
vf3W0N2ILWBeXQAlBWNa8y0yjokfurO0HJfFva7a5YQcQXBctLUwOY7EnLuxAS+y
QttY/iysM8izW+qw/B0OGNVC5ZlerbMANCtvw27hvpCnd4QyYzH2XXGOj3U0Aujp
uathVSOPrureJXVoi6/rz3BvQnQ4/v2CQAh3rtdEhXLLyD8HKDU=
-----END CERTIFICATE-----