Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/k9J2kkTaiM75nAps4rhOzAKn5ME.roa
File: k9J2kkTaiM75nAps4rhOzAKn5ME.roa (raw, json)
Hash identifier: ug4mHC0irbb3lsWySxI9Zqbgro5QCriHbWi1vvsGHd8=
Subject key identifier: 93:D2:76:92:44:DA:88:CE:F9:9C:0A:6C:E2:B8:4E:CC:02:A7:E4:C1
Certificate issuer: /CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Certificate serial: 018FC3BD46788D36DE0525C297D43A3C1A24
Authority key identifier: 02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/k9J2kkTaiM75nAps4rhOzAKn5ME.roa
Signing time: Wed 29 May 2024 09:45:12 +0000
ROA not before: Wed 29 May 2024 09:45:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29676
IP address blocks: 109.224.192.0/20 maxlen: 20
109.224.208.0/21 maxlen: 21
109.224.216.0/22 maxlen: 22
109.224.220.0/23 maxlen: 23
109.224.222.0/24 maxlen: 24
109.224.228.0/22 maxlen: 22
109.224.233.0/24 maxlen: 24
109.224.244.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 27 Jun 2024 03:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:c3:bd:46:78:8d:36:de:05:25:c2:97:d4:3a:3c:1a:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Validity
Not Before: May 29 09:45:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=93d2769244da88cef99c0a6ce2b84ecc02a7e4c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:aa:98:4c:4c:c0:aa:af:1e:c4:68:4f:d0:7f:
a2:47:1a:a5:4d:ca:83:7a:04:6c:ce:b5:55:3b:1a:
b1:c4:23:29:d3:21:ac:d1:a7:64:b0:10:60:98:09:
30:cf:1c:94:e5:26:9c:74:ba:79:36:37:3d:26:37:
d2:b2:33:61:39:2a:7e:11:5b:e5:d1:12:48:4d:70:
f5:06:be:3c:8b:12:66:05:17:01:ef:d4:4f:27:a5:
6b:80:8b:66:07:b0:bf:77:27:5a:76:72:b3:13:10:
3c:4d:11:2c:65:a4:c3:49:fc:bc:fc:4d:fb:ea:c7:
26:ec:25:0e:0a:91:dc:9b:40:d4:14:d0:89:a6:56:
78:0e:b3:4a:83:ac:99:19:c0:58:8b:4c:b1:c9:13:
a0:56:a2:e2:ab:85:b7:9b:7f:0b:fa:58:f2:a0:c8:
89:41:07:4d:91:e7:69:f2:8c:d1:fa:7c:b9:e1:4a:
8a:64:75:f4:e9:61:c4:fb:ac:9c:9b:cb:92:ac:e9:
f4:48:c9:a1:e4:12:ff:45:7a:82:01:9e:6a:ea:38:
98:53:3b:ad:8e:f1:e1:2c:8b:dd:38:ba:d5:eb:72:
87:40:4b:3f:81:b9:ac:1b:e7:24:0c:a4:60:45:0e:
76:f4:72:d0:c4:8f:75:aa:6e:ea:5b:99:39:8f:a4:
77:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:D2:76:92:44:DA:88:CE:F9:9C:0A:6C:E2:B8:4E:CC:02:A7:E4:C1
X509v3 Authority Key Identifier:
keyid:02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/k9J2kkTaiM75nAps4rhOzAKn5ME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.192.0-109.224.222.255
109.224.228.0/22
109.224.233.0/24
109.224.244.0/22
Signature Algorithm: sha256WithRSAEncryption
bd:77:cf:52:7e:e5:21:94:8a:4b:70:16:c0:40:25:e6:fe:6a:
e9:44:63:fe:76:cf:b5:b1:c7:41:27:d9:7e:ce:7e:c8:2c:87:
92:90:fe:c0:a5:a8:3f:14:ff:6c:00:55:62:c1:aa:85:ca:29:
8c:15:9d:24:29:f3:41:55:ed:03:e2:3e:8a:ae:fa:ff:d7:cc:
45:18:ed:1c:1c:3c:49:cd:52:34:71:3c:a4:6a:cd:8d:f8:15:
24:a7:43:e1:72:b6:75:1c:ae:d4:cf:88:87:45:94:44:dd:4d:
05:24:07:69:83:70:c0:54:07:df:87:1a:b0:ee:f7:28:d3:c6:
ea:b9:a3:18:dd:a0:5b:59:ed:ab:96:bb:7e:ed:7a:e5:d3:00:
32:b2:af:18:18:d0:90:6e:6f:1c:4a:45:e3:ce:7c:27:3c:9a:
27:af:04:40:ae:a6:f8:7d:b7:b8:02:b5:e8:88:f9:87:c4:4f:
54:98:a9:57:f0:d8:00:d8:fc:97:7c:a6:cd:ed:c4:d5:63:48:
18:8d:3c:42:fc:65:4a:90:27:42:ef:f1:38:bc:47:e3:e9:ef:
9f:9c:a5:90:c1:e1:3a:4e:63:f1:02:73:37:19:25:39:59:9e:
e0:ac:a2:a7:12:95:6c:4a:c9:48:50:ca:b6:21:24:d5:fe:0e:
2b:c2:68:da
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY/DvUZ4jTbeBSXCl9Q6PBokMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjk4MGMxMGQ3MTEwZjkxZmZmOWUwZWNlYjYzOWQ5ZTc1
YjM1ZTIwHhcNMjQwNTI5MDk0NTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2QyNzY5MjQ0ZGE4OGNlZjk5YzBhNmNlMmI4NGVjYzAyYTdlNGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qqYTEzAqq8exGhP0H+iRxqlTcqD
egRszrVVOxqxxCMp0yGs0adksBBgmAkwzxyU5SacdLp5Njc9JjfSsjNhOSp+EVvl
0RJITXD1Br48ixJmBRcB79RPJ6VrgItmB7C/dydadnKzExA8TREsZaTDSfy8/E37
6scm7CUOCpHcm0DUFNCJplZ4DrNKg6yZGcBYi0yxyROgVqLiq4W3m38L+ljyoMiJ
QQdNkedp8ozR+ny54UqKZHX06WHE+6ycm8uSrOn0SMmh5BL/RXqCAZ5q6jiYUzut
jvHhLIvdOLrV63KHQEs/gbmsG+ckDKRgRQ529HLQxI91qm7qW5k5j6R3cQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJPSdpJE2ojO+ZwKbOK4TswCp+TBMB8GA1UdIwQY
MBaAFAK5gMENcRD5H/+eDs62OdnnWzXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUt
NzBjMGE1MDZkNzk3LzEvazlKMmtrVGFpTTc1bkFwczRyaE96QUtuNU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUtNzBjMGE1MDZkNzk3
LzEvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAZt4MAD
BABt4N4DBAJt4OQDBABt4OkDBAJt4PQwDQYJKoZIhvcNAQELBQADggEBAL13z1J+
5SGUiktwFsBAJeb+aulEY/52z7Wxx0En2X7Ofsgsh5KQ/sClqD8U/2wAVWLBqoXK
KYwVnSQp80FV7QPiPoqu+v/XzEUY7RwcPEnNUjRxPKRqzY34FSSnQ+FytnUcrtTP
iIdFlETdTQUkB2mDcMBUB9+HGrDu9yjTxuq5oxjdoFtZ7auWu37teuXTADKyrxgY
0JBubxxKRePOfCc8mievBECupvh9t7gCteiI+YfET1SYqVfw2ADY/Jd8ps3txNVj
SBiNPEL8ZUqQJ0Lv8Ti8R+Pp75+cpZDB4TpOY/ECczcZJTlZnuCsoqcSlWxKyUhQ
yrYhJNX+DivCaNo=
-----END CERTIFICATE-----
Generated at Wed Jun 26 11:21:58 2024 by rpki-client on console-fra.rpki-client.org