Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/7920pMdj2PdoaT8yjom6At1K0NA.roa
File: 7920pMdj2PdoaT8yjom6At1K0NA.roa (raw, json)
Hash identifier: tG3t6V2nIqI6HybBua8Qmsl16gpjbvtiLeVegAALDU8=
Subject key identifier: EF:DD:B4:A4:C7:63:D8:F7:68:69:3F:32:8E:89:BA:02:DD:4A:D0:D0
Certificate issuer: /CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Certificate serial: 018CC7270DEA3D3C8755446A8BEF1436AC0C
Authority key identifier: 8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/7920pMdj2PdoaT8yjom6At1K0NA.roa
Signing time: Mon 01 Jan 2024 22:31:14 +0000
ROA not before: Mon 01 Jan 2024 22:31:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20900
IP address blocks: 31.217.232.0/21 maxlen: 24
185.182.252.0/22 maxlen: 24
78.159.132.0/22 maxlen: 22
213.190.64.0/19 maxlen: 24
78.159.148.0/24 maxlen: 24
45.11.208.0/22 maxlen: 22
91.214.114.0/23 maxlen: 23
91.214.114.0/24 maxlen: 24
91.214.115.0/24 maxlen: 24
2001:1b08::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.mft
rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Jul 2024 08:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:0d:ea:3d:3c:87:55:44:6a:8b:ef:14:36:ac:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Validity
Not Before: Jan 1 22:31:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=efddb4a4c763d8f768693f328e89ba02dd4ad0d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:97:c1:1b:32:15:22:ba:31:d1:ca:3b:78:14:
0d:d8:a7:4a:ce:a5:7a:5f:20:b1:a8:0f:8e:96:34:
33:82:89:9d:89:cd:0f:f3:82:da:b2:10:ed:b2:17:
0c:6a:cb:a8:d9:e2:fd:eb:3d:0c:70:b6:b6:8e:86:
10:3d:91:68:9a:85:91:a0:67:52:b9:14:e5:04:83:
10:66:5c:d8:6d:88:5e:05:1e:be:cb:cd:a7:91:26:
43:d9:6c:69:3a:42:03:93:0e:34:5e:af:8d:2a:58:
70:a0:be:19:ef:34:8b:11:b4:2f:f0:bf:b3:a8:0a:
09:79:01:64:37:b3:73:4c:4a:c7:36:a8:69:40:53:
45:22:bb:c1:c9:89:d3:de:29:71:65:0f:fd:1e:14:
f4:86:d5:c2:96:6b:56:7f:a1:58:00:96:b7:20:66:
f3:77:90:f7:dc:2e:72:f4:87:0c:84:d6:3d:d0:a9:
96:d1:fa:f2:d1:0b:ae:b7:69:80:96:03:d7:b3:38:
6e:5a:28:7c:f7:c6:4f:7a:26:6b:64:57:5f:31:0f:
e2:94:c0:c7:56:a9:e9:5e:c7:b8:98:00:43:0b:31:
0e:3b:f2:51:31:52:c1:62:2d:7b:7e:c5:73:b1:4d:
0e:df:3d:fd:5b:f9:18:a6:7b:c5:3d:f2:43:92:82:
43:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:DD:B4:A4:C7:63:D8:F7:68:69:3F:32:8E:89:BA:02:DD:4A:D0:D0
X509v3 Authority Key Identifier:
keyid:8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/7920pMdj2PdoaT8yjom6At1K0NA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.232.0/21
45.11.208.0/22
78.159.132.0/22
78.159.148.0/24
91.214.114.0/23
185.182.252.0/22
213.190.64.0/19
IPv6:
2001:1b08::/32
Signature Algorithm: sha256WithRSAEncryption
db:99:9a:ce:1c:df:64:34:ab:d2:6c:14:5b:33:8d:df:48:21:
73:3d:56:c6:95:0c:61:fc:0a:a9:92:0b:2c:19:48:d5:29:5a:
00:24:de:97:d7:bd:fc:a9:f4:9b:97:39:14:91:93:88:e4:6f:
cc:3c:4f:e2:c5:a4:29:0b:f8:bc:bc:f4:e8:82:3d:31:96:78:
7b:36:43:5b:f1:7f:75:19:54:9c:5e:52:f8:28:92:0e:16:c3:
4c:17:0c:65:5a:b5:6c:50:0a:2f:fc:ef:7f:fe:5e:88:38:f4:
a5:b5:e8:c7:30:e4:04:eb:2c:34:91:43:ca:52:ed:36:9b:f4:
44:42:80:07:6a:dc:4a:a5:dd:85:dd:2c:e0:52:3b:43:37:8b:
a4:99:b9:d7:93:db:07:bf:d6:75:ec:0f:f3:35:5c:93:1f:23:
c1:26:b3:ee:a3:d6:d8:fc:7c:a3:80:6a:63:06:2b:81:4d:77:
92:07:7a:2f:1e:9c:17:11:3b:23:8d:dc:98:bc:bf:f4:f9:52:
19:a3:84:c3:16:49:55:b7:12:c8:e4:53:89:c0:6b:a8:e4:93:
f2:46:a6:32:84:09:2f:75:88:79:c5:30:cd:e1:81:94:e9:c3:
34:28:f7:94:5a:f3:68:a2:c0:11:b5:ed:0b:b5:85:39:21:d6:
f8:17:36:65
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzHJw3qPTyHVURqi+8UNqwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMDYwMDQwZWYzYTA4MjNhYTk3M2YwZDA1OTJiMWRkYTgw
OGY3ODIwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmRkYjRhNGM3NjNkOGY3Njg2OTNmMzI4ZTg5YmEwMmRkNGFkMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJfBGzIVIrox0co7eBQN2KdKzqV6
XyCxqA+OljQzgomdic0P84LashDtshcMasuo2eL96z0McLa2joYQPZFomoWRoGdS
uRTlBIMQZlzYbYheBR6+y82nkSZD2WxpOkIDkw40Xq+NKlhwoL4Z7zSLEbQv8L+z
qAoJeQFkN7NzTErHNqhpQFNFIrvByYnT3ilxZQ/9HhT0htXClmtWf6FYAJa3IGbz
d5D33C5y9IcMhNY90KmW0fry0Quut2mAlgPXszhuWih898ZPeiZrZFdfMQ/ilMDH
VqnpXse4mABDCzEOO/JRMVLBYi17fsVzsU0O3z39W/kYpnvFPfJDkoJDgwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFO/dtKTHY9j3aGk/Mo6JugLdStDQMB8GA1UdIwQY
MBaAFIwGAEDvOggjqpc/DQWSsd2oCPeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4Yjkt
NGU0YTM1ZGQzNjc3LzEvNzkyMHBNZGoyUGRvYVQ4eWpvbTZBdDFLME5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4YjktNGU0YTM1ZGQzNjc3
LzEvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDH9noAwQC
LQvQAwQCTp+EAwQATp+UAwQBW9ZyAwQCubb8AwQF1b5AMA0EAgACMAcDBQAgARsI
MA0GCSqGSIb3DQEBCwUAA4IBAQDbmZrOHN9kNKvSbBRbM43fSCFzPVbGlQxh/Aqp
kgssGUjVKVoAJN6X1738qfSblzkUkZOI5G/MPE/ixaQpC/i8vPTogj0xlnh7NkNb
8X91GVScXlL4KJIOFsNMFwxlWrVsUAov/O9//l6IOPSltejHMOQE6yw0kUPKUu02
m/REQoAHatxKpd2F3SzgUjtDN4ukmbnXk9sHv9Z17A/zNVyTHyPBJrPuo9bY/Hyj
gGpjBiuBTXeSB3ovHpwXETsjjdyYvL/0+VIZo4TDFklVtxLI5FOJwGuo5JPyRqYy
hAkvdYh5xTDN4YGU6cM0KPeUWvNoosARte0LtYU5Idb4FzZl
-----END CERTIFICATE-----
Generated at Thu Jul 4 17:29:33 2024 by rpki-client on console-ams.rpki-client.org