Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/G97efQ-ckU_Z0Vv_HY4vwODDV4M.roa
File:                     G97efQ-ckU_Z0Vv_HY4vwODDV4M.roa (raw, json)
Hash identifier:          kzkI4aYyBEhQioB02GRf7W2S9rIyhCHbgeSV9eEX3d8=
Subject key identifier:   1B:DE:DE:7D:0F:9C:91:4F:D9:D1:5B:FF:1D:8E:2F:C0:E0:C3:57:83
Certificate issuer:       /CN=577c0cd5a4cfd83d491d627d8b0fccb670e81534
Certificate serial:       018E03FFA0B930081B4A71FF9F846B1E1241
Authority key identifier: 57:7C:0C:D5:A4:CF:D8:3D:49:1D:62:7D:8B:0F:CC:B6:70:E8:15:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/G97efQ-ckU_Z0Vv_HY4vwODDV4M.roa
Signing time:             Sun 03 Mar 2024 11:07:48 +0000
ROA not before:           Sun 03 Mar 2024 11:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43775
IP address blocks:        91.147.128.0/19 maxlen: 19
                          91.147.128.0/24 maxlen: 24
                          91.147.129.0/24 maxlen: 24
                          91.147.132.0/24 maxlen: 24
                          91.147.133.0/24 maxlen: 24
                          91.147.134.0/24 maxlen: 24
                          91.147.135.0/24 maxlen: 24
                          91.147.152.0/24 maxlen: 24
                          91.147.153.0/24 maxlen: 24
                          91.147.154.0/24 maxlen: 24
                          91.147.156.0/24 maxlen: 24
                          91.147.157.0/24 maxlen: 24
                          91.147.158.0/24 maxlen: 24
                          91.147.159.0/24 maxlen: 24
                          91.147.160.0/20 maxlen: 20
                          91.147.160.0/24 maxlen: 24
                          91.147.161.0/24 maxlen: 24
                          91.147.162.0/24 maxlen: 24
                          91.147.163.0/24 maxlen: 24
                          91.147.164.0/24 maxlen: 24
                          91.147.170.0/24 maxlen: 24
                          91.147.171.0/24 maxlen: 24
                          91.147.173.0/24 maxlen: 24
                          91.147.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:03:ff:a0:b9:30:08:1b:4a:71:ff:9f:84:6b:1e:12:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=577c0cd5a4cfd83d491d627d8b0fccb670e81534
        Validity
            Not Before: Mar  3 11:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bdede7d0f9c914fd9d15bff1d8e2fc0e0c35783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d5:50:13:1b:71:10:08:8e:1c:bf:8e:46:5d:
                    69:c1:1f:3a:ce:1c:0d:1e:ff:c4:c5:34:a9:1b:3a:
                    7b:a5:d3:58:d9:eb:b1:e1:25:54:ad:f9:80:81:e1:
                    71:58:9e:b6:fb:59:d7:3f:31:21:67:2a:e4:5a:19:
                    b3:cb:2b:ff:11:b9:27:d2:40:0e:c8:dc:1b:e3:68:
                    af:bc:06:fe:40:40:77:4e:42:35:14:dd:4a:01:cc:
                    c2:fe:8c:8b:c5:5f:83:5d:db:36:8a:61:ab:d3:8e:
                    f8:1a:d9:e3:63:b9:bb:0e:fc:c7:f0:ac:0e:38:9c:
                    9e:07:3c:79:66:c3:91:a2:0f:f7:57:b3:05:3f:46:
                    5d:34:7c:55:61:f8:c7:4f:65:39:d8:f7:ab:12:7a:
                    4a:ad:8f:5e:e7:3a:cc:0b:f4:59:34:07:87:57:f2:
                    d9:50:55:fd:cd:c3:bd:f1:db:35:4f:89:3c:d7:f4:
                    c0:4d:61:3d:38:4f:9c:23:09:43:c2:d7:b4:79:f0:
                    e0:0f:3b:06:34:2b:1b:45:19:22:80:0f:4e:8c:50:
                    68:0f:87:a8:24:1f:6b:3c:ed:6a:2c:9f:59:f5:83:
                    9e:d0:bb:d8:ef:09:fc:30:99:06:d3:6b:b0:0a:9d:
                    38:e9:8c:75:2a:17:04:cb:1a:43:24:99:d5:a3:83:
                    29:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:DE:DE:7D:0F:9C:91:4F:D9:D1:5B:FF:1D:8E:2F:C0:E0:C3:57:83
            X509v3 Authority Key Identifier:
                keyid:57:7C:0C:D5:A4:CF:D8:3D:49:1D:62:7D:8B:0F:CC:B6:70:E8:15:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/G97efQ-ckU_Z0Vv_HY4vwODDV4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.128.0-91.147.175.255

    Signature Algorithm: sha256WithRSAEncryption
         26:3a:df:87:6a:6b:51:29:c3:e9:51:cb:d2:f7:55:3e:5d:85:
         2a:2c:a1:2c:b1:5e:4b:61:42:ee:d9:1b:ac:0c:1f:53:14:f5:
         20:43:01:42:53:4e:4c:29:05:d6:46:9f:1c:f7:a9:1b:44:19:
         47:f7:e6:df:b0:c2:7e:2a:bf:21:31:ac:d3:90:98:bc:6f:67:
         32:74:8e:4a:67:73:36:41:3f:44:2a:d5:27:66:ad:32:99:f9:
         d9:d9:a4:d3:4c:0e:63:76:87:55:e8:d3:b5:c5:9f:22:f4:2f:
         e6:c3:ff:86:25:a4:3c:61:ed:7b:67:38:4e:78:f4:f6:b9:fe:
         75:2b:61:ef:9b:5e:2b:53:12:ca:fc:4d:84:90:f2:6e:17:1c:
         08:97:03:76:de:16:e9:5e:2a:31:8f:d8:ee:9d:b2:bb:f6:9c:
         0a:86:03:50:f9:32:6d:c8:d1:45:fe:58:c3:c8:99:5f:f9:af:
         fa:50:1f:a8:1a:f5:75:ad:11:ee:3a:26:00:02:53:a0:90:5c:
         73:a5:aa:12:dd:a9:3e:53:95:db:17:6d:dd:ee:78:01:6a:71:
         84:bd:eb:46:e8:c5:75:1b:51:ad:f7:75:3a:90:4f:a2:a3:16:
         b8:00:14:b5:d2:30:83:14:a8:1b:34:f4:09:7b:32:f9:ac:17:
         6f:75:a4:99
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY4D/6C5MAgbSnH/n4RrHhJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3N2MwY2Q1YTRjZmQ4M2Q0OTFkNjI3ZDhiMGZjY2I2NzBl
ODE1MzQwHhcNMjQwMzAzMTEwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmRlZGU3ZDBmOWM5MTRmZDlkMTViZmYxZDhlMmZjMGUwYzM1NzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNVQExtxEAiOHL+ORl1pwR86zhwN
Hv/ExTSpGzp7pdNY2eux4SVUrfmAgeFxWJ62+1nXPzEhZyrkWhmzyyv/Ebkn0kAO
yNwb42ivvAb+QEB3TkI1FN1KAczC/oyLxV+DXds2imGr0474GtnjY7m7DvzH8KwO
OJyeBzx5ZsORog/3V7MFP0ZdNHxVYfjHT2U52PerEnpKrY9e5zrMC/RZNAeHV/LZ
UFX9zcO98ds1T4k81/TATWE9OE+cIwlDwte0efDgDzsGNCsbRRkigA9OjFBoD4eo
JB9rPO1qLJ9Z9YOe0LvY7wn8MJkG02uwCp046Yx1KhcEyxpDJJnVo4Mp0wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBve3n0PnJFP2dFb/x2OL8Dgw1eDMB8GA1UdIwQY
MBaAFFd8DNWkz9g9SR1ifYsPzLZw6BU0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjN3TTFhVFAyRDFKSFdKOWl3X010bkRvRlRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wMTFiNWQtNjUyZS00NTJhLTk2Yzkt
ZDhlYzJjYmNhZDI2LzEvRzk3ZWZRLWNrVV9aMFZ2X0hZNHZ3T0REVjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wMTFiNWQtNjUyZS00NTJhLTk2YzktZDhlYzJjYmNhZDI2
LzEvVjN3TTFhVFAyRDFKSFdKOWl3X010bkRvRlRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAdbk4AD
BARbk6AwDQYJKoZIhvcNAQELBQADggEBACY634dqa1Epw+lRy9L3VT5dhSosoSyx
XkthQu7ZG6wMH1MU9SBDAUJTTkwpBdZGnxz3qRtEGUf35t+wwn4qvyExrNOQmLxv
ZzJ0jkpnczZBP0Qq1SdmrTKZ+dnZpNNMDmN2h1Xo07XFnyL0L+bD/4YlpDxh7Xtn
OE549Pa5/nUrYe+bXitTEsr8TYSQ8m4XHAiXA3beFuleKjGP2O6dsrv2nAqGA1D5
Mm3I0UX+WMPImV/5r/pQH6ga9XWtEe46JgACU6CQXHOlqhLdqT5TldsXbd3ueAFq
cYS960boxXUbUa33dTqQT6KjFrgAFLXSMIMUqBs09Al7MvmsF291pJk=
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:40:08 2024 by rpki-client on console-fra.rpki-client.org