Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/2QHJMnD_CZXNF2xm0bSriUiy2qA.roa
File: 2QHJMnD_CZXNF2xm0bSriUiy2qA.roa (raw, json)
Hash identifier: EpHU42YHLpSSkW9YJtR4rnlT2zInKhEwZODAU7+VOeI=
Subject key identifier: D9:01:C9:32:70:FF:09:95:CD:17:6C:66:D1:B4:AB:89:48:B2:DA:A0
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018EE7358093E093394D09035563FA16E24A
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/2QHJMnD_CZXNF2xm0bSriUiy2qA.roa
Signing time: Tue 16 Apr 2024 14:00:26 +0000
ROA not before: Tue 16 Apr 2024 14:00:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207429
IP address blocks: 80.253.244.0/24 maxlen: 24
80.253.245.0/24 maxlen: 24
80.253.247.0/24 maxlen: 24
91.151.81.0/24 maxlen: 24
213.142.143.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.mft
rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 05 May 2024 08:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e7:35:80:93:e0:93:39:4d:09:03:55:63:fa:16:e2:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Apr 16 14:00:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d901c93270ff0995cd176c66d1b4ab8948b2daa0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:4d:3b:92:77:13:8c:05:5f:11:f5:93:5e:cc:
38:af:e8:58:08:45:46:eb:e7:6d:3e:be:23:94:f0:
94:e2:bb:77:c2:cf:e8:66:b3:cc:db:f6:dd:75:4e:
67:a5:d6:b1:30:66:f2:d7:57:56:9f:42:f1:d0:8a:
d4:b5:f2:da:42:b9:05:e8:05:bb:ac:4b:89:bd:a9:
08:85:88:6c:59:c1:46:42:48:44:85:e2:ad:60:bd:
ce:70:3c:66:bf:cc:fb:59:db:ad:42:95:ba:91:f9:
e7:9a:a0:de:2e:9d:39:f2:4b:91:ec:16:05:5b:17:
26:fb:d9:75:a4:8a:4a:41:4d:f6:d0:8d:f7:2a:1a:
7c:1a:bb:be:07:47:4d:f1:ff:29:f7:d6:f2:09:57:
ce:aa:a5:4c:42:5d:b2:7c:0a:85:3c:99:7c:19:80:
e6:c4:f6:e7:8b:dd:01:f7:32:e8:d2:58:77:60:91:
69:d1:61:68:10:95:c4:52:19:2e:97:cb:2a:ec:c1:
84:c8:c5:ce:d4:27:ae:ab:d2:48:fa:a5:a1:c0:17:
39:d1:91:e3:c9:cc:34:9f:54:36:e2:00:04:99:d1:
62:af:0c:dc:62:0d:83:d8:c5:b3:70:a5:40:ad:1f:
2a:fc:82:97:5e:5c:11:89:6f:13:a4:4f:39:98:d8:
ba:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:01:C9:32:70:FF:09:95:CD:17:6C:66:D1:B4:AB:89:48:B2:DA:A0
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/2QHJMnD_CZXNF2xm0bSriUiy2qA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.244.0/23
80.253.247.0/24
91.151.81.0/24
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:3c:79:70:45:14:22:44:dd:4d:d7:d3:50:e2:18:0a:88:9f:
74:7d:5b:0e:45:a8:50:ed:3e:6b:7c:69:54:b9:8c:91:bc:a7:
d8:75:f0:c3:11:c1:84:25:c7:69:b9:f8:ed:3a:22:ec:4e:a3:
21:1e:a7:b8:1d:68:81:b4:1b:19:40:a9:f7:4a:39:0f:b9:34:
31:b9:5b:cd:7b:09:c4:c2:f2:40:91:fc:22:3c:5a:bf:4c:48:
05:c5:b1:60:2c:19:b0:c2:c1:d0:76:70:a6:c6:6e:18:22:e8:
37:8d:cb:d4:bb:01:57:8a:78:c9:ff:3e:2c:83:a5:d8:f4:9e:
71:65:2f:6c:cf:8b:fb:ac:b8:80:60:ce:90:f8:18:8d:f4:d6:
3b:23:a7:02:3d:fb:55:91:b8:dc:cb:89:00:0d:b2:a6:5b:73:
cf:03:07:65:ec:d3:e9:89:b8:2c:d1:fe:e5:a6:e4:c7:e9:c9:
7c:9f:84:5c:b5:ba:0b:bb:c9:aa:01:23:b0:86:6a:4d:f8:57:
13:e6:95:ca:9d:2f:7e:1f:95:fa:fb:4f:3e:0f:f8:8b:57:1e:
fd:c8:6d:7e:67:8f:08:1a:db:13:54:26:37:de:92:bb:9d:a9:
95:c5:0f:35:36:2a:5c:ce:33:c6:89:37:25:ff:1c:e2:24:3a:
78:ce:85:5d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY7nNYCT4JM5TQkDVWP6FuJKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwNDE2MTQwMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTAxYzkzMjcwZmYwOTk1Y2QxNzZjNjZkMWI0YWI4OTQ4YjJkYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE07kncTjAVfEfWTXsw4r+hYCEVG
6+dtPr4jlPCU4rt3ws/oZrPM2/bddU5npdaxMGby11dWn0Lx0IrUtfLaQrkF6AW7
rEuJvakIhYhsWcFGQkhEheKtYL3OcDxmv8z7WdutQpW6kfnnmqDeLp058kuR7BYF
Wxcm+9l1pIpKQU320I33Khp8Gru+B0dN8f8p99byCVfOqqVMQl2yfAqFPJl8GYDm
xPbni90B9zLo0lh3YJFp0WFoEJXEUhkul8sq7MGEyMXO1Ceuq9JI+qWhwBc50ZHj
ycw0n1Q24gAEmdFirwzcYg2D2MWzcKVArR8q/IKXXlwRiW8TpE85mNi6ewIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNkByTJw/wmVzRdsZtG0q4lIstqgMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvMlFISk1uRF9DWlhORjJ4bTBiU3JpVWl5MnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBUP30AwQA
UP33AwQAW5dRAwQA1Y6PMA0GCSqGSIb3DQEBCwUAA4IBAQBrPHlwRRQiRN1N19NQ
4hgKiJ90fVsORahQ7T5rfGlUuYyRvKfYdfDDEcGEJcdpufjtOiLsTqMhHqe4HWiB
tBsZQKn3SjkPuTQxuVvNewnEwvJAkfwiPFq/TEgFxbFgLBmwwsHQdnCmxm4YIug3
jcvUuwFXinjJ/z4sg6XY9J5xZS9sz4v7rLiAYM6Q+BiN9NY7I6cCPftVkbjcy4kA
DbKmW3PPAwdl7NPpibgs0f7lpuTH6cl8n4RctboLu8mqASOwhmpN+FcT5pXKnS9+
H5X6+08+D/iLVx79yG1+Z48IGtsTVCY33pK7namVxQ81NipczjPGiTcl/xziJDp4
zoVd
-----END CERTIFICATE-----
Generated at Sat May 4 15:07:49 2024 by rpki-client on console-ams.rpki-client.org