Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/KrUfNC_JkOdPNXNnNQN5z86lztc.roa
File:                     KrUfNC_JkOdPNXNnNQN5z86lztc.roa (raw, json)
Hash identifier:          woQVRlfj1yT+f+wT2SHk18GBJW1le0NCdEaDFsBD3fA=
Subject key identifier:   2A:B5:1F:34:2F:C9:90:E7:4F:35:73:67:35:03:79:CF:CE:A5:CE:D7
Certificate issuer:       /CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
Certificate serial:       018CC2DAE19E38502488FDD1CE73BBD7E9D8
Authority key identifier: 13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/KrUfNC_JkOdPNXNnNQN5z86lztc.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8517
IP address blocks:        161.9.128.0/17 maxlen: 24
                          161.9.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 01:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e1:9e:38:50:24:88:fd:d1:ce:73:bb:d7:e9:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ab51f342fc990e74f357367350379cfcea5ced7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:19:41:26:34:23:de:50:ca:e6:5d:fc:c0:46:
                    2d:82:be:99:bc:ac:2a:17:70:fe:55:3a:f4:ba:be:
                    da:ce:a4:a9:1a:fd:dd:99:dc:18:8e:22:fd:72:8d:
                    1e:e6:5f:06:66:5b:d3:49:66:14:19:4e:fe:ae:1b:
                    b9:d5:96:0f:a0:22:60:fc:e0:c2:a1:29:1d:79:e7:
                    f4:d2:61:41:88:24:71:6e:8c:e3:83:6b:c8:8d:9d:
                    a5:78:28:19:8b:df:99:ba:64:b5:db:08:07:d6:48:
                    3b:44:82:5d:19:7a:3b:32:78:fc:2c:ba:4e:e1:8a:
                    3d:f5:fd:d8:e0:90:b8:13:4d:39:a6:98:e3:7a:10:
                    7e:d1:83:e3:35:ce:c6:69:e4:db:dc:9d:80:dc:71:
                    e1:7a:87:32:6e:9d:02:f4:63:8c:d0:ba:16:29:5d:
                    5d:f1:a5:b8:5e:aa:fb:91:bf:3f:5e:5d:51:dd:a8:
                    f8:9b:5d:e6:28:bd:6c:07:3b:96:07:27:8f:78:d1:
                    ec:ae:3a:71:a2:c7:82:a1:9c:ba:42:46:c7:46:31:
                    03:72:66:c8:27:bb:15:10:d8:9d:fa:3f:a0:7d:b9:
                    5a:16:ff:fd:a0:17:0a:ed:2e:d4:8a:4e:06:24:de:
                    69:38:a5:fe:c1:60:5f:f6:36:48:0e:4d:34:56:cd:
                    57:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B5:1F:34:2F:C9:90:E7:4F:35:73:67:35:03:79:CF:CE:A5:CE:D7
            X509v3 Authority Key Identifier:
                keyid:13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/KrUfNC_JkOdPNXNnNQN5z86lztc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.9.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         2f:4d:4a:a1:5f:fd:20:1d:aa:29:19:b5:3a:15:8a:3b:63:54:
         4d:e4:24:12:38:dd:69:39:ea:f4:0c:12:49:b4:26:59:0d:85:
         7a:fa:c5:bc:06:d0:9e:f2:98:7e:43:4a:55:3d:6e:07:40:db:
         d9:da:13:9d:35:44:d0:f8:d1:a4:e1:be:dd:16:fb:09:95:e0:
         09:00:e2:b9:93:d9:95:fc:cc:4d:b4:88:06:dc:6b:4b:52:23:
         d9:21:c5:61:07:f9:fd:c1:f9:b9:ac:e2:2f:f3:af:ef:65:f0:
         75:d5:47:f4:66:e3:ab:7a:86:56:fd:d8:8e:05:3f:c6:86:57:
         37:55:51:20:2a:26:ea:27:4a:b7:a7:b3:a0:d5:40:d3:11:ed:
         cd:04:b3:95:86:de:20:9b:94:c4:33:69:31:99:6f:6b:ce:68:
         ac:c9:8e:89:39:ca:74:01:52:1e:b4:c4:bd:c6:2c:6d:44:05:
         5c:9f:a9:75:f4:ac:d7:53:40:b0:bc:56:b8:4f:90:55:a8:5e:
         23:bf:b1:dd:59:28:cc:33:88:0b:94:19:c0:36:da:fb:44:1f:
         dc:7d:72:a1:95:a6:e8:93:a1:fa:ce:ae:86:4c:be:1e:7f:ba:
         fe:66:bf:ad:e2:bf:bf:b6:07:a1:d3:b8:f9:11:ba:cc:9c:ae:
         f7:73:cf:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uGeOFAkiP3RznO71+nYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWE3OGIyOGYwNTRmNzJmNTIyNmFlM2VjNDU0OTgwZWQy
YTEwYzkwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI1MWYzNDJmYzk5MGU3NGYzNTczNjczNTAzNzljZmNlYTVjZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBlBJjQj3lDK5l38wEYtgr6ZvKwq
F3D+VTr0ur7azqSpGv3dmdwYjiL9co0e5l8GZlvTSWYUGU7+rhu51ZYPoCJg/ODC
oSkdeef00mFBiCRxbozjg2vIjZ2leCgZi9+ZumS12wgH1kg7RIJdGXo7Mnj8LLpO
4Yo99f3Y4JC4E005ppjjehB+0YPjNc7GaeTb3J2A3HHheocybp0C9GOM0LoWKV1d
8aW4Xqr7kb8/Xl1R3aj4m13mKL1sBzuWByePeNHsrjpxoseCoZy6QkbHRjEDcmbI
J7sVENid+j+gfblaFv/9oBcK7S7Uik4GJN5pOKX+wWBf9jZIDk00Vs1XXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq1HzQvyZDnTzVzZzUDec/Opc7XMB8GA1UdIwQY
MBaAFBPqeLKPBU9y9SJq4+xFSYDtKhDJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUt
MTA5OGQ2ZDg4ZGU4LzEvS3JVZk5DX0prT2RQTlhObk5RTjV6ODZsenRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUtMTA5OGQ2ZDg4ZGU4
LzEvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHoQmAMA0G
CSqGSIb3DQEBCwUAA4IBAQAvTUqhX/0gHaopGbU6FYo7Y1RN5CQSON1pOer0DBJJ
tCZZDYV6+sW8BtCe8ph+Q0pVPW4HQNvZ2hOdNUTQ+NGk4b7dFvsJleAJAOK5k9mV
/MxNtIgG3GtLUiPZIcVhB/n9wfm5rOIv86/vZfB11Uf0ZuOreoZW/diOBT/Ghlc3
VVEgKibqJ0q3p7Og1UDTEe3NBLOVht4gm5TEM2kxmW9rzmisyY6JOcp0AVIetMS9
xixtRAVcn6l19KzXU0CwvFa4T5BVqF4jv7HdWSjMM4gLlBnANtr7RB/cfXKhlabo
k6H6zq6GTL4ef7r+Zr+t4r+/tgeh07j5EbrMnK73c88I
-----END CERTIFICATE-----