Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/XIwK18_GB5dBJUx0gyZUAiwWYc8.roa
File: XIwK18_GB5dBJUx0gyZUAiwWYc8.roa (raw, json)
Hash identifier: 6DgZEO5hhZKa66777bxezti+NRSRejtBfBXvep4VMME=
Subject key identifier: 5C:8C:0A:D7:CF:C6:07:97:41:25:4C:74:83:26:54:02:2C:16:61:CF
Certificate issuer: /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial: 018CC2DAE97EBB20B24753F5FEAC779286EB
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/XIwK18_GB5dBJUx0gyZUAiwWYc8.roa
Signing time: Mon 01 Jan 2024 02:29:35 +0000
ROA not before: Mon 01 Jan 2024 02:29:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6461
IP address blocks: 185.85.76.0/22 maxlen: 22
91.190.168.0/21 maxlen: 21
5.63.24.0/21 maxlen: 21
2a02:798::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.mft
rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:da:e9:7e:bb:20:b2:47:53:f5:fe:ac:77:92:86:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
Validity
Not Before: Jan 1 02:29:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c8c0ad7cfc6079741254c74832654022c1661cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:c9:c0:d4:bc:a9:06:63:45:1c:ed:a3:b8:3e:
30:fc:fa:46:98:8a:ce:72:4f:a2:a8:63:98:15:bc:
e4:36:de:ab:19:66:99:12:fd:51:99:da:e8:bc:8c:
1f:eb:c4:69:7c:e2:4c:fb:bc:2c:61:a5:67:64:ae:
7e:d2:0d:45:0c:32:68:96:99:91:8e:d4:0a:32:01:
e9:41:13:a2:08:8c:0d:d3:7e:36:ce:71:34:5b:ac:
c7:d5:a8:f3:bf:ef:15:a8:1d:5e:77:9d:e8:5c:88:
c6:65:67:cb:d4:c4:32:3c:68:30:f1:f7:a7:11:07:
d1:a4:d3:8b:ef:16:ea:cf:84:0a:b8:b2:94:12:59:
d2:f8:da:68:1e:f9:c7:ea:7c:61:58:06:55:5d:a0:
33:42:bf:e3:b4:bd:f9:52:76:ca:b4:62:9a:63:d4:
9d:bc:57:dc:a9:8d:16:d2:27:8c:03:51:dd:5c:1a:
47:8b:6b:95:c4:e9:c3:64:a9:b8:0b:3e:3c:3f:b0:
4e:af:ff:06:92:c5:9b:e1:d9:42:e7:5c:0e:08:4c:
a8:0f:ea:6e:83:c6:e2:ed:1c:6a:49:b4:9c:38:19:
ba:c0:f9:3f:fd:90:3d:e8:d5:8f:cd:c0:38:37:ff:
bc:35:c1:be:cf:0b:da:17:2e:9f:0b:62:99:e4:77:
cd:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:8C:0A:D7:CF:C6:07:97:41:25:4C:74:83:26:54:02:2C:16:61:CF
X509v3 Authority Key Identifier:
keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/XIwK18_GB5dBJUx0gyZUAiwWYc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.24.0/21
91.190.168.0/21
185.85.76.0/22
IPv6:
2a02:798::/32
Signature Algorithm: sha256WithRSAEncryption
b2:7f:16:60:d9:ba:6e:de:45:1c:b8:d9:bc:7a:1e:63:4b:7b:
91:c8:26:27:5d:81:a2:47:14:9d:77:cb:9c:3b:bf:e6:94:43:
7d:3b:4b:15:c0:71:d9:09:29:71:af:13:1b:e5:f0:44:3e:30:
a6:dc:81:6b:7a:b9:0f:d2:b0:a5:09:17:bd:e4:79:c4:df:51:
47:84:0f:e7:a1:46:35:ef:db:46:86:f0:99:d7:e3:4f:98:10:
b4:65:d4:58:d9:ba:c8:95:e5:9c:36:32:53:75:a6:30:cd:36:
09:7c:66:88:97:c8:a6:c2:73:79:cc:1a:0f:19:d9:c8:1a:2c:
83:11:fa:ff:72:86:b0:06:03:89:e0:31:0c:63:1a:aa:c5:2a:
af:6a:bf:fc:f3:a8:85:23:7c:f7:eb:34:0e:8e:48:34:cd:20:
1a:18:97:8d:f3:d1:5e:3f:63:d7:0b:cc:7b:dd:3f:32:3c:54:
0f:d0:63:0c:54:ad:f3:d8:b6:b1:a8:f4:aa:4c:04:4c:19:9e:
72:df:53:30:15:9e:d1:6e:62:f7:52:0c:3d:ec:21:f4:f4:7f:
e5:8b:9a:d8:37:25:1f:a1:ca:73:9c:ec:80:97:b1:aa:47:7d:
72:7f:04:50:d7:65:0a:9e:cc:58:9a:0a:56:1e:38:21:66:7d:
55:f2:14:1c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzC2ul+uyCyR1P1/qx3kobrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhjMGFkN2NmYzYwNzk3NDEyNTRjNzQ4MzI2NTQwMjJjMTY2MWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocnA1LypBmNFHO2juD4w/PpGmIrO
ck+iqGOYFbzkNt6rGWaZEv1RmdrovIwf68RpfOJM+7wsYaVnZK5+0g1FDDJolpmR
jtQKMgHpQROiCIwN0342znE0W6zH1ajzv+8VqB1ed53oXIjGZWfL1MQyPGgw8fen
EQfRpNOL7xbqz4QKuLKUElnS+NpoHvnH6nxhWAZVXaAzQr/jtL35UnbKtGKaY9Sd
vFfcqY0W0ieMA1HdXBpHi2uVxOnDZKm4Cz48P7BOr/8GksWb4dlC51wOCEyoD+pu
g8bi7RxqSbScOBm6wPk//ZA96NWPzcA4N/+8NcG+zwvaFy6fC2KZ5HfNoQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFyMCtfPxgeXQSVMdIMmVAIsFmHPMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvWEl3SzE4X0dCNWRCSlV4MGd5WlVBaXdXWWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQCyfxZg
2bpu3kUcuNm8eh5jS3uRyCYnXYGiRxSdd8ucO7/mlEN9O0sVwHHZCSlxrxMb5fBE
PjCm3IFrerkP0rClCRe95HnE31FHhA/noUY179tGhvCZ1+NPmBC0ZdRY2brIleWc
NjJTdaYwzTYJfGaIl8imwnN5zBoPGdnIGiyDEfr/coawBgOJ4DEMYxqqxSqvar/8
86iFI3z36zQOjkg0zSAaGJeN89FeP2PXC8x73T8yPFQP0GMMVK3z2LaxqPSqTARM
GZ5y31MwFZ7RbmL3Ugw97CH09H/li5rYNyUfocpznOyAl7GqR31yfwRQ12UKnsxY
mgpWHjghZn1V8hQc
-----END CERTIFICATE-----
Generated at Sat Jun 1 17:22:18 2024 by rpki-client on console-fra.rpki-client.org