Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/jGWhSv1mxhuMXfVZ4y2-0IaipmY.roa
File: jGWhSv1mxhuMXfVZ4y2-0IaipmY.roa (raw, json)
Hash identifier: kEo8OfEQszxm2ZxOZALf7o+Dw1KKaAODRcx5hZ1McA4=
Subject key identifier: 8C:65:A1:4A:FD:66:C6:1B:8C:5D:F5:59:E3:2D:BE:D0:86:A2:A6:66
Certificate issuer: /CN=0c17dae04476db1016caa43e3ed9bc6bd69f3975
Certificate serial: 018CC3B715F235DE4D6D34008B48AF980D7E
Authority key identifier: 0C:17:DA:E0:44:76:DB:10:16:CA:A4:3E:3E:D9:BC:6B:D6:9F:39:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/jGWhSv1mxhuMXfVZ4y2-0IaipmY.roa
Signing time: Mon 01 Jan 2024 06:30:04 +0000
ROA not before: Mon 01 Jan 2024 06:30:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 213281
IP address blocks: 217.195.148.0/22 maxlen: 24
151.252.216.0/21 maxlen: 24
45.155.140.0/22 maxlen: 24
2a0f:ff00::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.mft
rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 24 Jun 2024 06:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:15:f2:35:de:4d:6d:34:00:8b:48:af:98:0d:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c17dae04476db1016caa43e3ed9bc6bd69f3975
Validity
Not Before: Jan 1 06:30:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8c65a14afd66c61b8c5df559e32dbed086a2a666
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:b0:ca:0b:c6:fd:ed:88:7a:fa:09:c7:f3:02:
24:2f:0d:b9:35:cc:04:80:59:31:fe:2a:b1:00:0d:
ab:58:5e:a0:4c:81:5c:be:ba:16:70:c3:e7:0a:31:
e6:80:8c:c3:a4:f6:73:8c:95:fb:f7:14:e8:09:4e:
04:4b:cc:c8:62:93:a3:27:38:34:ff:a5:22:9c:4a:
15:82:dd:42:d8:66:b3:86:64:1c:6a:b2:41:2b:55:
a8:c0:aa:12:1f:d4:3e:9c:06:52:a1:32:9f:9d:41:
79:a7:58:9b:c6:cb:79:7f:d5:e2:a4:69:5a:85:42:
83:59:a4:9d:90:1c:80:6b:03:08:67:78:08:c7:bd:
e3:39:50:50:9b:6f:f9:47:8d:54:b5:19:9f:cf:cb:
4f:0c:f4:02:27:e7:6e:14:32:9e:d7:fb:e3:08:cb:
40:01:a5:eb:bf:df:8f:aa:3f:fb:55:78:b2:9f:1d:
45:3b:f9:6f:cd:1a:b7:07:8c:a0:db:a9:0f:76:28:
1b:50:9a:45:be:d2:b8:ab:a1:5c:f3:7e:62:0e:cf:
3a:ef:d7:3c:85:6b:e8:43:36:9f:71:2d:ae:b3:7d:
03:2e:8d:73:d9:76:2a:9c:9a:14:1e:fd:35:d5:49:
e4:4f:e4:65:ad:b2:f8:42:d6:01:d5:65:13:d4:43:
f9:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:65:A1:4A:FD:66:C6:1B:8C:5D:F5:59:E3:2D:BE:D0:86:A2:A6:66
X509v3 Authority Key Identifier:
keyid:0C:17:DA:E0:44:76:DB:10:16:CA:A4:3E:3E:D9:BC:6B:D6:9F:39:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/jGWhSv1mxhuMXfVZ4y2-0IaipmY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.155.140.0/22
151.252.216.0/21
217.195.148.0/22
IPv6:
2a0f:ff00::/29
Signature Algorithm: sha256WithRSAEncryption
54:88:78:1a:06:63:55:94:23:fe:cb:64:e0:e2:4d:42:fa:59:
67:e6:10:8d:9b:8c:05:9a:5c:a0:45:2a:b0:7b:04:c2:ea:44:
fc:d9:83:7b:aa:2c:18:74:88:42:4c:f0:0a:b4:9a:bc:ac:60:
34:b0:1c:60:22:9a:6c:f9:24:d5:22:66:55:4e:02:45:25:95:
ff:8e:45:af:65:03:e7:6d:dd:c2:68:18:31:4f:02:33:f0:1b:
45:a8:bd:da:bc:94:ce:9c:aa:0f:05:03:e7:30:92:1b:4f:fe:
80:c7:fb:32:c8:97:15:d0:e9:36:fc:e4:c9:b1:0a:33:d2:b0:
5e:db:af:63:26:57:4e:3b:27:de:cd:a2:24:5d:90:3c:f3:8e:
4b:16:a8:66:b4:da:fd:ca:c5:6b:e3:82:42:71:38:42:ae:30:
c5:67:b7:d6:83:a9:ff:f5:ef:95:c4:6b:06:2a:77:17:8b:a1:
61:ca:c1:16:d6:77:2b:90:ce:77:75:f7:21:23:57:09:59:d7:
41:d1:92:02:86:07:7e:9b:b0:a1:5f:07:39:4a:01:94:7c:8f:
5e:12:75:36:07:44:37:02:9c:6b:24:9f:0d:c0:c8:cd:29:9b:
cb:26:96:cd:23:be:a1:ec:46:ff:53:10:31:0c:fb:ee:14:62:
be:d2:3d:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzDtxXyNd5NbTQAi0ivmA1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMTdkYWUwNDQ3NmRiMTAxNmNhYTQzZTNlZDliYzZiZDY5
ZjM5NzUwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzY1YTE0YWZkNjZjNjFiOGM1ZGY1NTllMzJkYmVkMDg2YTJhNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLDKC8b97Yh6+gnH8wIkLw25NcwE
gFkx/iqxAA2rWF6gTIFcvroWcMPnCjHmgIzDpPZzjJX79xToCU4ES8zIYpOjJzg0
/6UinEoVgt1C2GazhmQcarJBK1WowKoSH9Q+nAZSoTKfnUF5p1ibxst5f9XipGla
hUKDWaSdkByAawMIZ3gIx73jOVBQm2/5R41UtRmfz8tPDPQCJ+duFDKe1/vjCMtA
AaXrv9+Pqj/7VXiynx1FO/lvzRq3B4yg26kPdigbUJpFvtK4q6Fc835iDs8679c8
hWvoQzafcS2us30DLo1z2XYqnJoUHv011UnkT+RlrbL4QtYB1WUT1EP5tQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIxloUr9ZsYbjF31WeMtvtCGoqZmMB8GA1UdIwQY
MBaAFAwX2uBEdtsQFsqkPj7ZvGvWnzl1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREJmYTRFUjIyeEFXeXFRLVB0bThhOWFmT1hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi84MWQ5NGQtMmU0MC00NTQ2LThiODkt
ODA0ZjE3ZWMyNDVlLzEvakdXaFN2MW14aHVNWGZWWjR5Mi0wSWFpcG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi84MWQ5NGQtMmU0MC00NTQ2LThiODktODA0ZjE3ZWMyNDVl
LzEvREJmYTRFUjIyeEFXeXFRLVB0bThhOWFmT1hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLZuMAwQD
l/zYAwQC2cOUMA0EAgACMAcDBQMqD/8AMA0GCSqGSIb3DQEBCwUAA4IBAQBUiHga
BmNVlCP+y2Tg4k1C+lln5hCNm4wFmlygRSqwewTC6kT82YN7qiwYdIhCTPAKtJq8
rGA0sBxgIpps+STVImZVTgJFJZX/jkWvZQPnbd3CaBgxTwIz8BtFqL3avJTOnKoP
BQPnMJIbT/6Ax/syyJcV0Ok2/OTJsQoz0rBe269jJldOOyfezaIkXZA8845LFqhm
tNr9ysVr44JCcThCrjDFZ7fWg6n/9e+VxGsGKncXi6FhysEW1ncrkM53dfchI1cJ
WddB0ZIChgd+m7ChXwc5SgGUfI9eEnU2B0Q3ApxrJJ8NwMjNKZvLJpbNI76h7Eb/
UxAxDPvuFGK+0j3+
-----END CERTIFICATE-----
Generated at Sun Jun 23 15:09:01 2024 by rpki-client on console-ams.rpki-client.org