Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/4e897f-e435-4715-a3c5-85be425d3199/1/B_-mvmMFCaSw9yzY9VFQ0vuha6c.roa
File: B_-mvmMFCaSw9yzY9VFQ0vuha6c.roa (raw, json)
Hash identifier: tkrwplflypffShp6GnotO0NDkeVReXUnt7Fwmv0FM64=
Subject key identifier: 07:FF:A6:BE:63:05:09:A4:B0:F7:2C:D8:F5:51:50:D2:FB:A1:6B:A7
Certificate issuer: /CN=b6cf4e57cbc15ce4ecef44f50e5b8592fbeeeea0
Certificate serial: 018CC9BCB216635343A8697A06CD1BF63130
Authority key identifier: B6:CF:4E:57:CB:C1:5C:E4:EC:EF:44:F5:0E:5B:85:92:FB:EE:EE:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ts9OV8vBXOTs70T1DluFkvvu7qA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/4e897f-e435-4715-a3c5-85be425d3199/1/B_-mvmMFCaSw9yzY9VFQ0vuha6c.roa
Signing time: Tue 02 Jan 2024 10:33:55 +0000
ROA not before: Tue 02 Jan 2024 10:33:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6453
IP address blocks: 85.158.134.0/24 maxlen: 24
85.158.133.0/24 maxlen: 24
85.158.135.0/24 maxlen: 24
85.158.129.0/24 maxlen: 24
85.158.128.0/21 maxlen: 21
85.158.128.0/24 maxlen: 24
85.158.130.0/24 maxlen: 24
85.158.132.0/24 maxlen: 24
85.158.131.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/4e897f-e435-4715-a3c5-85be425d3199/1/ts9OV8vBXOTs70T1DluFkvvu7qA.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/4e897f-e435-4715-a3c5-85be425d3199/1/ts9OV8vBXOTs70T1DluFkvvu7qA.mft
rsync://rpki.ripe.net/repository/DEFAULT/ts9OV8vBXOTs70T1DluFkvvu7qA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 May 2024 08:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:b2:16:63:53:43:a8:69:7a:06:cd:1b:f6:31:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b6cf4e57cbc15ce4ecef44f50e5b8592fbeeeea0
Validity
Not Before: Jan 2 10:33:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=07ffa6be630509a4b0f72cd8f55150d2fba16ba7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:75:70:89:b4:60:ed:94:19:32:50:19:f7:f8:
66:88:ee:97:ca:5a:ad:5c:a8:13:08:9b:17:9c:92:
2c:37:28:6d:87:2f:f5:48:37:bb:6b:d6:8a:06:81:
c6:04:e2:41:a6:68:20:44:06:ce:8d:0e:f9:f6:54:
5c:e2:35:d0:4c:e3:44:93:6e:3f:c4:ec:73:dc:76:
f6:c6:ba:11:66:7e:82:d4:74:51:06:8a:88:28:e0:
6f:20:4f:98:8a:e0:7e:49:2c:c1:1f:3e:2f:87:ba:
a2:93:1a:49:2f:c1:9c:41:ab:5c:92:6c:84:a2:ca:
a8:dc:90:ee:62:13:12:57:ae:cc:98:54:f0:bb:60:
97:c9:55:99:ad:4c:dc:95:4e:aa:ff:d9:d6:22:52:
bb:91:50:d0:7c:a1:9f:40:ff:fc:a3:90:30:47:bf:
54:fe:16:2f:f4:fa:03:ba:aa:6f:b8:5e:44:bf:a7:
93:15:a0:47:f6:f6:15:34:b8:86:5d:a5:eb:67:27:
d3:6b:bf:77:c7:dc:36:38:d5:23:16:01:e1:8b:50:
1a:c7:a0:32:32:fe:5e:91:84:d1:41:11:b8:82:63:
5d:61:81:3f:4b:4b:55:64:2a:93:9c:fe:c9:01:35:
8a:0d:05:e5:88:79:52:f4:0f:a8:34:4b:c3:b2:9f:
bd:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:FF:A6:BE:63:05:09:A4:B0:F7:2C:D8:F5:51:50:D2:FB:A1:6B:A7
X509v3 Authority Key Identifier:
keyid:B6:CF:4E:57:CB:C1:5C:E4:EC:EF:44:F5:0E:5B:85:92:FB:EE:EE:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ts9OV8vBXOTs70T1DluFkvvu7qA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/4e897f-e435-4715-a3c5-85be425d3199/1/B_-mvmMFCaSw9yzY9VFQ0vuha6c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/4e897f-e435-4715-a3c5-85be425d3199/1/ts9OV8vBXOTs70T1DluFkvvu7qA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.158.128.0/21
Signature Algorithm: sha256WithRSAEncryption
4d:59:a4:1e:66:1f:3f:d1:64:8a:53:a0:aa:08:fa:14:e9:73:
e8:ce:18:cd:80:7b:16:a3:43:db:dc:b6:e0:22:65:bd:c5:20:
11:2b:0a:26:0c:4f:8f:ff:14:19:fd:47:e4:86:88:9d:b5:1f:
6d:e8:7d:14:52:29:49:13:56:29:ec:58:ac:b1:64:97:58:84:
2a:09:8b:25:92:e7:23:de:32:78:7f:23:e9:6b:56:19:f2:ba:
49:20:70:04:aa:58:34:b3:6b:2c:df:e5:76:5c:7a:63:eb:8c:
65:3b:83:69:20:d3:2c:61:a9:e1:38:5d:14:b7:47:43:35:d5:
27:34:f2:ab:dc:83:78:85:93:9a:91:1b:92:46:1b:b7:9c:42:
df:12:b6:7b:9e:f6:f1:d0:c1:45:bd:a3:a0:f0:3f:96:36:78:
e9:68:23:3a:0d:6c:a8:68:fd:59:a9:85:af:10:ee:19:6c:62:
19:7c:c9:3a:e4:91:e8:de:a8:ce:bc:04:89:52:de:62:36:4e:
72:04:8d:4e:10:61:bd:0c:0b:54:ff:e6:f0:94:b6:45:ce:c8:
43:3d:c6:f8:d9:0a:ae:b2:9c:f4:c3:6a:d6:75:b0:a7:f6:a2:
ae:54:d3:81:4a:88:c0:3b:42:6c:54:99:4a:94:1a:ff:ea:99:
f5:4f:49:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvLIWY1NDqGl6Bs0b9jEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2Y2Y0ZTU3Y2JjMTVjZTRlY2VmNDRmNTBlNWI4NTkyZmJl
ZWVlYTAwHhcNMjQwMTAyMTAzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ZmYTZiZTYzMDUwOWE0YjBmNzJjZDhmNTUxNTBkMmZiYTE2YmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHVwibRg7ZQZMlAZ9/hmiO6Xylqt
XKgTCJsXnJIsNyhthy/1SDe7a9aKBoHGBOJBpmggRAbOjQ759lRc4jXQTONEk24/
xOxz3Hb2xroRZn6C1HRRBoqIKOBvIE+YiuB+SSzBHz4vh7qikxpJL8GcQatckmyE
osqo3JDuYhMSV67MmFTwu2CXyVWZrUzclU6q/9nWIlK7kVDQfKGfQP/8o5AwR79U
/hYv9PoDuqpvuF5Ev6eTFaBH9vYVNLiGXaXrZyfTa793x9w2ONUjFgHhi1Aax6Ay
Mv5ekYTRQRG4gmNdYYE/S0tVZCqTnP7JATWKDQXliHlS9A+oNEvDsp+9RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAf/pr5jBQmksPcs2PVRUNL7oWunMB8GA1UdIwQY
MBaAFLbPTlfLwVzk7O9E9Q5bhZL77u6gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHM5T1Y4dkJYT1RzNzBUMURsdUZrdnZ1N3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy80ZTg5N2YtZTQzNS00NzE1LWEzYzUt
ODViZTQyNWQzMTk5LzEvQl8tbXZtTUZDYVN3OXl6WTlWRlEwdnVoYTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy80ZTg5N2YtZTQzNS00NzE1LWEzYzUtODViZTQyNWQzMTk5
LzEvdHM5T1Y4dkJYT1RzNzBUMURsdUZrdnZ1N3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVZ6AMA0G
CSqGSIb3DQEBCwUAA4IBAQBNWaQeZh8/0WSKU6CqCPoU6XPozhjNgHsWo0Pb3Lbg
ImW9xSARKwomDE+P/xQZ/UfkhoidtR9t6H0UUilJE1Yp7FissWSXWIQqCYslkucj
3jJ4fyPpa1YZ8rpJIHAEqlg0s2ss3+V2XHpj64xlO4NpINMsYanhOF0Ut0dDNdUn
NPKr3IN4hZOakRuSRhu3nELfErZ7nvbx0MFFvaOg8D+WNnjpaCM6DWyoaP1ZqYWv
EO4ZbGIZfMk65JHo3qjOvASJUt5iNk5yBI1OEGG9DAtU/+bwlLZFzshDPcb42Qqu
spz0w2rWdbCn9qKuVNOBSojAO0JsVJlKlBr/6pn1T0np
-----END CERTIFICATE-----
Generated at Mon May 20 15:25:40 2024 by rpki-client on console-fra.rpki-client.org