Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/hGNSW4gW2XLamkzFXmsXrYJKBXA.roa
File: hGNSW4gW2XLamkzFXmsXrYJKBXA.roa (raw, json)
Hash identifier: IY9QKz7DaVCDRblSgnKlGXuMxQ1oa340/PAN2aB4+Ms=
Subject key identifier: 84:63:52:5B:88:16:D9:72:DA:9A:4C:C5:5E:6B:17:AD:82:4A:05:70
Certificate issuer: /CN=f04d278485ffaea79e910a262533a80b5ab91c8a
Certificate serial: 0192F67DEF8636575DE71672F9FDCD67D830
Authority key identifier: F0:4D:27:84:85:FF:AE:A7:9E:91:0A:26:25:33:A8:0B:5A:B9:1C:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8E0nhIX_rqeekQomJTOoC1q5HIo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/hGNSW4gW2XLamkzFXmsXrYJKBXA.roa
Signing time: Mon 04 Nov 2024 09:25:01 +0000
ROA not before: Mon 04 Nov 2024 09:25:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201216
IP address blocks: 185.253.108.0/24 maxlen: 24
2a07:1e40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/8E0nhIX_rqeekQomJTOoC1q5HIo.crl
rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/8E0nhIX_rqeekQomJTOoC1q5HIo.mft
rsync://rpki.ripe.net/repository/DEFAULT/8E0nhIX_rqeekQomJTOoC1q5HIo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 03:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:f6:7d:ef:86:36:57:5d:e7:16:72:f9:fd:cd:67:d8:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04d278485ffaea79e910a262533a80b5ab91c8a
Validity
Not Before: Nov 4 09:25:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8463525b8816d972da9a4cc55e6b17ad824a0570
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:a5:03:64:25:d4:3b:d9:14:c6:70:29:30:e5:
dd:36:1b:6f:b8:2f:ed:4d:10:72:d2:8a:ae:93:ce:
bc:1e:2e:34:a3:8d:7f:16:21:c2:99:85:5d:8c:2b:
e2:33:eb:76:84:c8:fb:37:71:53:30:05:e2:33:dc:
05:46:39:c0:0e:15:67:53:58:c4:76:2d:08:b8:bd:
a1:12:50:3c:18:a3:40:b4:4a:71:4a:14:57:34:89:
79:a3:4d:3c:8e:c3:69:0b:9e:4e:39:aa:66:4b:63:
ff:83:5b:7c:80:2e:ac:6f:35:f5:96:e8:10:2f:c0:
0c:33:90:fb:d2:04:82:cd:54:92:a3:80:2e:18:c1:
af:32:f0:61:8a:69:f0:a5:58:7f:37:b3:de:2a:f2:
84:e4:73:18:8e:06:48:12:47:aa:96:b3:2f:52:85:
28:4c:67:62:ef:56:e9:e4:de:56:ef:13:49:47:04:
0f:37:a7:24:2f:64:11:43:6c:0c:f2:11:af:60:94:
97:c3:b2:94:5f:6c:f1:c4:de:c7:c2:56:fa:05:f4:
02:0c:9e:9d:32:99:d0:59:77:7f:2d:c8:b3:4d:71:
ac:08:a0:9e:dc:8d:fe:40:61:57:f1:a4:a2:2f:38:
30:bb:86:d8:e4:8d:85:46:8c:0d:15:4b:9b:e1:82:
e6:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:63:52:5B:88:16:D9:72:DA:9A:4C:C5:5E:6B:17:AD:82:4A:05:70
X509v3 Authority Key Identifier:
keyid:F0:4D:27:84:85:FF:AE:A7:9E:91:0A:26:25:33:A8:0B:5A:B9:1C:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E0nhIX_rqeekQomJTOoC1q5HIo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/hGNSW4gW2XLamkzFXmsXrYJKBXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/8E0nhIX_rqeekQomJTOoC1q5HIo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.253.108.0/24
IPv6:
2a07:1e40::/29
Signature Algorithm: sha256WithRSAEncryption
62:b6:2d:af:5e:e3:81:b5:08:a6:d3:88:f3:cc:bf:1a:cf:94:
4a:a2:01:03:28:ec:e5:4e:36:2f:d0:ca:a9:73:e7:37:78:15:
af:d8:8f:ef:3b:6a:89:60:37:fd:8d:d2:bb:26:45:f8:13:f6:
bd:3c:b1:c3:64:5d:8d:1c:19:21:8a:af:a5:8d:0c:29:a6:e6:
3e:bd:6e:e5:15:bb:2a:df:2e:cf:9e:c0:93:7a:5e:71:01:fc:
b9:19:20:74:79:5a:a7:c3:a9:4e:b9:e6:84:46:29:d6:81:76:
51:c4:aa:96:08:53:d6:3a:4a:8c:40:52:fb:49:e7:c8:eb:58:
a0:f1:80:90:d6:a1:41:c2:61:5e:d4:7b:05:d3:27:2a:0a:ca:
0c:7b:f4:d6:1d:0b:44:18:9c:37:53:03:c6:6b:06:4e:ab:e3:
b7:a5:c7:48:f4:f3:5c:47:7f:98:ff:73:cb:1c:f7:89:10:9f:
91:cf:10:14:ac:0e:96:c8:00:ab:01:8f:09:e1:51:e5:e3:6a:
67:ad:fb:f1:14:95:64:5f:44:2f:d9:28:91:95:69:3e:4e:d4:
1a:ec:8d:0a:e6:4e:66:26:7b:54:61:6f:42:fa:29:7b:37:93:
7b:dc:c8:e3:67:43:4d:07:0f:3f:4c:56:c8:09:9c:69:f8:9d:
00:00:97:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZL2fe+GNldd5xZy+f3NZ9gwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGQyNzg0ODVmZmFlYTc5ZTkxMGEyNjI1MzNhODBiNWFi
OTFjOGEwHhcNMjQxMTA0MDkyNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDYzNTI1Yjg4MTZkOTcyZGE5YTRjYzU1ZTZiMTdhZDgyNGEwNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaUDZCXUO9kUxnApMOXdNhtvuC/t
TRBy0oquk868Hi40o41/FiHCmYVdjCviM+t2hMj7N3FTMAXiM9wFRjnADhVnU1jE
di0IuL2hElA8GKNAtEpxShRXNIl5o008jsNpC55OOapmS2P/g1t8gC6sbzX1lugQ
L8AMM5D70gSCzVSSo4AuGMGvMvBhimnwpVh/N7PeKvKE5HMYjgZIEkeqlrMvUoUo
TGdi71bp5N5W7xNJRwQPN6ckL2QRQ2wM8hGvYJSXw7KUX2zxxN7Hwlb6BfQCDJ6d
MpnQWXd/LcizTXGsCKCe3I3+QGFX8aSiLzgwu4bY5I2FRowNFUub4YLmUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIRjUluIFtly2ppMxV5rF62CSgVwMB8GA1UdIwQY
MBaAFPBNJ4SF/66nnpEKJiUzqAtauRyKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEUwbmhJWF9ycWVla1FvbUpUT29DMXE1SElvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9hYTc0MjYtNzExZC00ZjNlLThkZjkt
NWMwZTMxNmQyOGI4LzEvaEdOU1c0Z1cyWExhbWt6Rlhtc1hyWUpLQlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9hYTc0MjYtNzExZC00ZjNlLThkZjktNWMwZTMxNmQyOGI4
LzEvOEUwbmhJWF9ycWVla1FvbUpUT29DMXE1SElvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf1sMA0E
AgACMAcDBQMqBx5AMA0GCSqGSIb3DQEBCwUAA4IBAQBiti2vXuOBtQim04jzzL8a
z5RKogEDKOzlTjYv0Mqpc+c3eBWv2I/vO2qJYDf9jdK7JkX4E/a9PLHDZF2NHBkh
iq+ljQwppuY+vW7lFbsq3y7PnsCTel5xAfy5GSB0eVqnw6lOueaERinWgXZRxKqW
CFPWOkqMQFL7SefI61ig8YCQ1qFBwmFe1HsF0ycqCsoMe/TWHQtEGJw3UwPGawZO
q+O3pcdI9PNcR3+Y/3PLHPeJEJ+RzxAUrA6WyACrAY8J4VHl42pnrfvxFJVkX0Qv
2SiRlWk+TtQa7I0K5k5mJntUYW9C+il7N5N73MjjZ0NNBw8/TFbICZxp+J0AAJc6
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:51:45 2024 by rpki-client on console-fra.rpki-client.org