Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS0.roa
File: AS0.roa (raw, json)
Hash identifier: 9CDNsf+lgVmOuG38RCGngegAe9GimEBdezbxdGpPDzs=
Subject key identifier: 91:58:24:52:E4:9B:CE:7F:45:F4:58:B5:CB:0D:66:C7:60:73:8B:1B
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2F7D71B3DF122D9C06CD0DCC3243DFD139590FA3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS0.roa
Signing time: Sat 06 Apr 2024 11:09:31 +0000
ROA not before: Sat 06 Apr 2024 11:04:31 +0000
ROA not after: Sat 05 Apr 2025 11:09:31 +0000
asID: 0
IP address blocks: 148.135.128.0/20 maxlen: 20
148.135.144.0/20 maxlen: 20
148.135.160.0/20 maxlen: 20
148.135.176.0/20 maxlen: 20
148.135.192.0/20 maxlen: 20
148.135.208.0/20 maxlen: 20
148.135.224.0/20 maxlen: 20
148.135.240.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 04 May 2024 20:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:7d:71:b3:df:12:2d:9c:06:cd:0d:cc:32:43:df:d1:39:59:0f:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 6 11:04:31 2024 GMT
Not After : Apr 5 11:09:31 2025 GMT
Subject: CN=91582452E49BCE7F45F458B5CB0D66C760738B1B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:e2:67:0e:64:5c:2f:39:ba:25:1a:7a:3b:f3:
16:68:09:18:bf:3b:26:32:c7:89:5a:4d:4b:c6:83:
43:bf:93:6f:de:59:57:aa:2b:a3:0a:b2:17:55:81:
42:da:65:bb:f2:64:85:1b:48:21:22:27:df:30:68:
db:85:08:de:cd:7b:84:f1:37:04:3a:20:65:e8:c5:
2d:b4:62:64:72:62:86:d9:b8:15:55:2d:c0:c0:35:
5d:17:6f:a3:dc:7b:a5:eb:3f:8b:d5:f5:3b:5d:a6:
df:3e:92:39:f4:1e:3a:2a:83:a4:ad:90:f6:82:31:
6e:68:c7:73:29:ac:ba:eb:0f:0e:e3:44:84:fb:ba:
f3:6e:ac:cb:71:34:7b:ba:76:8c:75:18:ce:3d:76:
f4:09:d6:61:bf:60:8d:88:79:57:46:f9:77:62:b2:
6d:fe:c4:0f:77:d5:4e:ba:2a:23:76:bd:3c:f8:89:
72:e3:cb:99:ee:21:98:de:bd:5f:66:4d:fe:9f:62:
a2:87:17:74:d0:85:9a:76:8d:92:9d:dc:5b:6e:da:
c2:82:cc:fd:34:38:0d:7a:27:c3:47:b2:63:84:00:
58:77:e2:b8:4f:92:67:18:3d:91:3b:6a:78:b5:28:
7e:4a:e3:f6:9d:82:7b:cc:b7:fd:9f:71:e5:4d:e8:
bc:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:58:24:52:E4:9B:CE:7F:45:F4:58:B5:CB:0D:66:C7:60:73:8B:1B
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS0.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.135.128.0/17
Signature Algorithm: sha256WithRSAEncryption
95:3e:1f:7d:47:03:2a:48:c8:fc:a0:55:fd:2f:fc:d3:7b:c1:
bf:75:4c:40:5a:81:23:e4:fb:28:8c:8d:b5:d9:c4:6c:77:a4:
19:be:50:31:15:da:28:43:ef:3a:19:3a:25:9a:19:8d:47:cd:
0d:57:15:83:64:a7:a9:91:14:95:df:b7:7a:e9:99:a8:7a:ee:
fd:a0:c7:33:93:55:bc:23:e1:70:e4:bc:92:45:35:57:25:5b:
54:a7:b9:0d:87:64:aa:64:94:61:4a:26:a5:2d:9b:0c:48:45:
c8:da:d0:43:9f:e0:6f:21:85:db:a4:40:de:43:88:54:cf:58:
b1:ea:a6:38:5f:7b:f8:4a:e7:4f:e2:a9:0e:3c:56:f5:04:58:
fb:bc:17:1a:5d:c2:a8:4b:07:ae:75:9b:eb:f4:12:8e:88:9c:
48:be:41:b9:b6:f5:dd:c8:25:9d:f3:d7:f0:8b:0e:47:84:18:
e3:cb:df:93:cb:87:4a:1f:e6:c5:c0:13:33:f5:fc:da:e7:94:
e2:86:6a:34:98:17:9e:06:67:21:69:98:83:f7:82:0e:25:53:
23:2a:90:9c:8b:30:64:11:f1:02:c1:48:df:e2:8e:0f:61:01:
0c:d9:40:df:54:df:d9:7e:17:36:44:68:f5:1e:4b:75:7d:3f:
be:0f:73:67
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIUL31xs98SLZwGzQ3MMkPf0TlZD6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKDkxNTgyNDUyRTQ5QkNFN0Y0NUY0NThCNUNCMEQ2NkM3NjA3MzhCMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC4mcOZFwvObolGno78xZoCRi/
OyYyx4laTUvGg0O/k2/eWVeqK6MKshdVgULaZbvyZIUbSCEiJ98waNuFCN7Ne4Tx
NwQ6IGXoxS20YmRyYobZuBVVLcDANV0Xb6Pce6XrP4vV9Ttdpt8+kjn0Hjoqg6St
kPaCMW5ox3MprLrrDw7jRIT7uvNurMtxNHu6dox1GM49dvQJ1mG/YI2IeVdG+Xdi
sm3+xA931U66KiN2vTz4iXLjy5nuIZjevV9mTf6fYqKHF3TQhZp2jZKd3Ftu2sKC
zP00OA16J8NHsmOEAFh34rhPkmcYPZE7ani1KH5K4/adgnvMt/2fceVN6LyDAgMB
AAGjggIFMIICATAdBgNVHQ4EFgQUkVgkUuSbzn9F9Fi1yw1mx2BzixswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB5SHgDANBgkq
hkiG9w0BAQsFAAOCAQEAlT4ffUcDKkjI/KBV/S/803vBv3VMQFqBI+T7KIyNtdnE
bHekGb5QMRXaKEPvOhk6JZoZjUfNDVcVg2SnqZEUld+3eumZqHru/aDHM5NVvCPh
cOS8kkU1VyVbVKe5DYdkqmSUYUompS2bDEhFyNrQQ5/gbyGF26RA3kOIVM9Yseqm
OF97+ErnT+KpDjxW9QRY+7wXGl3CqEsHrnWb6/QSjoicSL5Bubb13cglnfPX8IsO
R4QY48vfk8uHSh/mxcATM/X82ueU4oZqNJgXngZnIWmYg/eCDiVTIyqQnIswZBHx
AsFI3+KOD2EBDNlA31Tf2X4XNkRo9R5LdX0/vg9zZw==
-----END CERTIFICATE-----
Generated at Sat May 4 03:15:23 2024 by rpki-client on console-fra.rpki-client.org