Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/1JoNufPYVhSn8nxwojzCwrAW710.roa
File: 1JoNufPYVhSn8nxwojzCwrAW710.roa (raw, json)
Hash identifier: XwbVycFK1x67oDRZzfrmr5xwje+hVf4YHceFCwrAoi0=
Subject key identifier: D4:9A:0D:B9:F3:D8:56:14:A7:F2:7C:70:A2:3C:C2:C2:B0:16:EF:5D
Certificate issuer: /CN=490b21f79b9ea2f3d042374714867d12401995db
Certificate serial: 018DA2CEDAB1C36A7F0ADD155BAB70F109C6
Authority key identifier: 49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/1JoNufPYVhSn8nxwojzCwrAW710.roa
Signing time: Tue 13 Feb 2024 14:11:21 +0000
ROA not before: Tue 13 Feb 2024 14:11:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51043
IP address blocks: 5.22.136.0/21 maxlen: 24
83.98.32.0/19 maxlen: 19
148.253.160.0/19 maxlen: 24
159.242.64.0/18 maxlen: 24
178.23.128.0/21 maxlen: 24
185.59.180.0/22 maxlen: 24
185.173.67.0/24 maxlen: 24
195.184.238.0/23 maxlen: 24
212.47.86.0/23 maxlen: 23
2a00:ed40::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 08 May 2024 04:02:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:a2:ce:da:b1:c3:6a:7f:0a:dd:15:5b:ab:70:f1:09:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=490b21f79b9ea2f3d042374714867d12401995db
Validity
Not Before: Feb 13 14:11:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d49a0db9f3d85614a7f27c70a23cc2c2b016ef5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:84:fd:28:19:8c:82:8b:23:48:20:cd:84:76:
74:4f:17:a9:09:3d:b4:50:d6:16:63:33:40:c4:80:
17:3c:41:96:44:5a:ce:d6:11:7a:74:92:b2:53:69:
17:2a:2d:6d:7a:e2:e8:dc:15:0e:96:e8:b4:d3:7a:
d6:c9:21:b7:57:c9:9e:bd:2b:4e:8a:38:b7:b7:9d:
1b:93:9e:bf:f4:36:62:8e:a4:ad:2a:9f:44:50:e2:
9f:ba:cc:c5:7e:f2:d1:e3:02:21:f7:0e:9a:c8:06:
21:f9:b5:7f:4b:df:2a:cb:fe:21:d2:ec:a6:d0:45:
bb:ea:f2:0c:2a:ee:ab:a3:fc:25:b1:e8:97:1d:02:
e3:49:48:e0:83:75:97:26:2d:72:ad:78:7c:75:f3:
81:96:8b:60:13:53:a5:ea:06:96:4b:4b:1b:94:c1:
65:fc:08:a4:0f:ed:58:07:9a:09:3b:84:9f:19:22:
91:2e:25:d4:69:97:c0:fc:1f:e0:11:32:45:f4:27:
17:dc:22:c8:5f:ba:99:3b:ee:c9:32:d0:6a:43:f7:
d0:49:8c:b5:f4:3b:9b:bb:1c:1e:db:97:83:40:b8:
77:0c:2e:f7:09:a7:8d:47:63:12:7d:5c:bb:38:ae:
8b:43:5b:ec:dd:d2:e3:3d:cd:ee:a3:45:9a:d1:ac:
6d:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:9A:0D:B9:F3:D8:56:14:A7:F2:7C:70:A2:3C:C2:C2:B0:16:EF:5D
X509v3 Authority Key Identifier:
keyid:49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/1JoNufPYVhSn8nxwojzCwrAW710.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.136.0/21
83.98.32.0/19
148.253.160.0/19
159.242.64.0/18
178.23.128.0/21
185.59.180.0/22
185.173.67.0/24
195.184.238.0/23
212.47.86.0/23
IPv6:
2a00:ed40::/32
Signature Algorithm: sha256WithRSAEncryption
29:13:5e:34:ec:40:7e:3c:c1:ed:26:10:8a:5a:f5:67:3b:49:
44:de:a5:7c:8a:cf:a2:30:24:b5:08:64:c9:76:dc:51:6c:7d:
5f:f4:0c:bc:c9:c5:6b:ae:31:34:25:b2:a0:d6:28:e0:67:05:
18:00:eb:13:ec:2d:68:e3:45:24:bb:c2:40:a1:d9:b3:87:1b:
0e:30:96:6f:4b:f1:29:8a:11:04:46:ff:ff:42:30:68:1d:bf:
62:67:ce:53:e1:3e:cb:90:c7:bf:e4:1b:43:75:d0:13:a8:b3:
42:d3:e8:9a:77:07:c3:c3:84:98:97:5b:ef:6c:c5:c1:fc:92:
44:f4:39:a4:b3:eb:d1:13:b2:3a:e7:4a:0d:55:f0:c7:d3:87:
d7:24:4e:0b:64:1c:55:fa:ea:15:17:97:8f:22:19:95:e5:ac:
4d:d9:57:f7:06:00:9a:8d:0f:96:bc:31:7f:ff:da:d5:5d:e5:
87:98:8a:04:16:7a:dd:60:71:8c:65:36:c2:9b:18:0a:13:79:
06:8d:d4:f8:89:0b:66:21:3d:17:a5:c2:a8:6c:32:28:06:87:
73:c0:16:a6:b5:83:27:8b:d6:a1:e6:c0:70:6a:e9:e4:14:7f:
ca:98:23:a3:24:09:7f:ac:84:81:f7:51:57:56:97:cc:6e:58:
a9:cb:1e:26
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAY2iztqxw2p/Ct0VW6tw8QnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MGIyMWY3OWI5ZWEyZjNkMDQyMzc0NzE0ODY3ZDEyNDAx
OTk1ZGIwHhcNMjQwMjEzMTQxMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDlhMGRiOWYzZDg1NjE0YTdmMjdjNzBhMjNjYzJjMmIwMTZlZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIT9KBmMgosjSCDNhHZ0TxepCT20
UNYWYzNAxIAXPEGWRFrO1hF6dJKyU2kXKi1teuLo3BUOlui003rWySG3V8mevStO
iji3t50bk56/9DZijqStKp9EUOKfuszFfvLR4wIh9w6ayAYh+bV/S98qy/4h0uym
0EW76vIMKu6ro/wlseiXHQLjSUjgg3WXJi1yrXh8dfOBlotgE1Ol6gaWS0sblMFl
/AikD+1YB5oJO4SfGSKRLiXUaZfA/B/gETJF9CcX3CLIX7qZO+7JMtBqQ/fQSYy1
9Dubuxwe25eDQLh3DC73CaeNR2MSfVy7OK6LQ1vs3dLjPc3uo0Wa0axt2QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFNSaDbnz2FYUp/J8cKI8wsKwFu9dMB8GA1UdIwQY
MBaAFEkLIfebnqLz0EI3RxSGfRJAGZXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2Mt
NDgwYzMyZjQwMGUxLzEvMUpvTnVmUFlWaFNuOG54d29qekN3ckFXNzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2MtNDgwYzMyZjQwMGUx
LzEvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDBRaIAwQF
U2IgAwQFlP2gAwQGn/JAAwQDsheAAwQCuTu0AwQAua1DAwQBw7juAwQB1C9WMA0E
AgACMAcDBQAqAO1AMA0GCSqGSIb3DQEBCwUAA4IBAQApE1407EB+PMHtJhCKWvVn
O0lE3qV8is+iMCS1CGTJdtxRbH1f9Ay8ycVrrjE0JbKg1ijgZwUYAOsT7C1o40Uk
u8JAodmzhxsOMJZvS/EpihEERv//QjBoHb9iZ85T4T7LkMe/5BtDddATqLNC0+ia
dwfDw4SYl1vvbMXB/JJE9Dmks+vRE7I650oNVfDH04fXJE4LZBxV+uoVF5ePIhmV
5axN2Vf3BgCajQ+WvDF//9rVXeWHmIoEFnrdYHGMZTbCmxgKE3kGjdT4iQtmIT0X
pcKobDIoBodzwBamtYMni9ah5sBwaunkFH/KmCOjJAl/rISB91FXVpfMblipyx4m
-----END CERTIFICATE-----
Generated at Tue May 7 11:01:10 2024 by rpki-client on console-fra.rpki-client.org