Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/H3OJjril8VQreWqGR-TwcHNEcXs.roa
File: H3OJjril8VQreWqGR-TwcHNEcXs.roa (raw, json)
Hash identifier: 9+prVnNxxAktnUOHccAB3eCwidzpqYieG0xL81HY0qk=
Subject key identifier: 1F:73:89:8E:B8:A5:F1:54:2B:79:6A:86:47:E4:F0:70:73:44:71:7B
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 018CC8012AEC8B47650435DDB5D8E49A75E8
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/H3OJjril8VQreWqGR-TwcHNEcXs.roa
Signing time: Tue 02 Jan 2024 02:29:28 +0000
ROA not before: Tue 02 Jan 2024 02:29:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43513
IP address blocks: 85.254.145.0/24 maxlen: 24
85.254.142.0/23 maxlen: 23
159.148.102.0/24 maxlen: 24
85.254.32.0/21 maxlen: 21
85.254.49.74/32 maxlen: 32
85.254.49.75/32 maxlen: 32
85.254.49.72/32 maxlen: 32
85.254.49.73/32 maxlen: 32
85.254.5.0/24 maxlen: 24
159.148.198.0/23 maxlen: 23
159.148.200.0/24 maxlen: 24
85.254.16.0/22 maxlen: 22
85.254.24.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 02 May 2024 07:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:2a:ec:8b:47:65:04:35:dd:b5:d8:e4:9a:75:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Jan 2 02:29:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1f73898eb8a5f1542b796a8647e4f0707344717b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:c2:d5:82:eb:b2:ba:ee:b7:0f:69:22:ab:59:
6b:64:4a:c0:0b:23:65:69:ec:49:05:a6:81:4f:80:
6b:04:76:50:d3:4f:6f:3e:10:7f:43:fe:ae:59:2e:
0a:4a:54:ef:d4:fe:9e:cd:5c:e3:a1:96:82:ef:67:
e5:d3:4d:47:8a:10:dd:f9:36:7a:5b:ed:e7:f2:4d:
da:6a:d7:04:2f:20:2d:26:27:10:99:ec:20:01:f2:
cb:cd:c5:00:4e:5f:34:64:30:11:50:6d:d7:97:67:
e2:33:45:22:99:c5:2d:25:b2:bf:ce:9f:fa:26:07:
1a:17:cc:cb:4b:90:b0:a3:59:66:fc:ed:be:4d:c3:
99:97:93:29:8b:86:1c:bd:6f:a8:84:d1:c8:69:09:
17:f7:10:98:dc:88:06:7b:2c:14:36:24:8c:67:09:
6b:dd:4c:81:59:df:2a:70:3a:1f:4d:96:b7:6d:21:
6f:3a:f1:3b:a5:2e:e5:ea:1a:11:89:3c:4b:6d:e5:
0d:08:fd:b8:cb:87:e1:27:4d:c6:4f:e8:46:60:c7:
cc:45:1d:8a:c1:63:54:eb:95:b8:7a:4a:95:61:34:
3a:97:48:a3:6a:c2:46:f6:ae:91:d1:ff:f1:93:9a:
ab:fb:ef:29:41:26:31:07:6c:b4:09:00:bd:23:86:
43:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:73:89:8E:B8:A5:F1:54:2B:79:6A:86:47:E4:F0:70:73:44:71:7B
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/H3OJjril8VQreWqGR-TwcHNEcXs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.254.5.0/24
85.254.16.0/22
85.254.24.0/22
85.254.32.0/21
85.254.49.72/30
85.254.142.0/23
85.254.145.0/24
159.148.102.0/24
159.148.198.0-159.148.200.255
Signature Algorithm: sha256WithRSAEncryption
3a:2e:31:56:30:a8:23:17:2a:84:fb:e1:a5:64:6a:8c:cb:18:
0a:9c:80:1f:8a:3b:da:00:03:5c:74:c8:99:41:18:60:53:7a:
bb:d5:ff:97:75:f4:1f:18:85:ee:bb:d7:38:c0:4c:67:c9:91:
be:ac:05:65:0e:29:a8:52:08:32:d8:2e:84:88:c3:cc:52:08:
fe:20:4f:10:7b:62:d5:e1:2c:d2:ce:32:6f:6d:63:8d:4d:96:
d9:8e:ce:b6:af:39:26:51:f6:2f:14:8d:0b:81:35:51:fd:ec:
1e:69:c2:84:9a:23:0d:ee:b7:71:24:e7:b6:5a:4d:b2:b2:a2:
88:f8:17:24:da:c2:6b:c1:94:35:e5:98:45:b9:bc:ea:c5:fa:
c9:7e:7d:35:c6:a2:0a:92:3d:b2:25:aa:52:f4:45:b0:97:6f:
53:69:2e:10:3b:cf:eb:c2:c8:7d:88:76:9c:5c:8d:52:a8:83:
bb:56:9c:47:ac:a6:c3:9e:02:a4:36:61:a0:cd:1a:40:84:64:
f1:50:c7:4b:ed:6b:04:d5:9e:69:6d:f6:f0:ab:2f:93:f4:0f:
b4:2c:d2:ff:ee:7a:93:99:99:65:53:5d:32:14:e4:82:e5:80:
78:9f:e2:1d:c8:2a:3d:a9:5f:e4:ea:6c:e3:be:65:df:b9:78:
3a:f9:af:e1
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzIASrsi0dlBDXdtdjkmnXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjczODk4ZWI4YTVmMTU0MmI3OTZhODY0N2U0ZjA3MDczNDQ3MTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8LVguuyuu63D2kiq1lrZErACyNl
aexJBaaBT4BrBHZQ009vPhB/Q/6uWS4KSlTv1P6ezVzjoZaC72fl001HihDd+TZ6
W+3n8k3aatcELyAtJicQmewgAfLLzcUATl80ZDARUG3Xl2fiM0UimcUtJbK/zp/6
JgcaF8zLS5Cwo1lm/O2+TcOZl5Mpi4YcvW+ohNHIaQkX9xCY3IgGeywUNiSMZwlr
3UyBWd8qcDofTZa3bSFvOvE7pS7l6hoRiTxLbeUNCP24y4fhJ03GT+hGYMfMRR2K
wWNU65W4ekqVYTQ6l0ijasJG9q6R0f/xk5qr++8pQSYxB2y0CQC9I4ZD4wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFB9ziY64pfFUK3lqhkfk8HBzRHF7MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvSDNPSmpyaWw4VlFyZVdxR1ItVHdjSE5FY1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAATA/AwQAVf4FAwQC
Vf4QAwQCVf4YAwQDVf4gAwUCVf4xSAMEAVX+jgMEAFX+kQMEAJ+UZjAMAwQBn5TG
AwQAn5TIMA0GCSqGSIb3DQEBCwUAA4IBAQA6LjFWMKgjFyqE++GlZGqMyxgKnIAf
ijvaAANcdMiZQRhgU3q71f+XdfQfGIXuu9c4wExnyZG+rAVlDimoUggy2C6EiMPM
Ugj+IE8Qe2LV4SzSzjJvbWONTZbZjs62rzkmUfYvFI0LgTVR/eweacKEmiMN7rdx
JOe2Wk2ysqKI+Bck2sJrwZQ15ZhFubzqxfrJfn01xqIKkj2yJapS9EWwl29TaS4Q
O8/rwsh9iHacXI1SqIO7VpxHrKbDngKkNmGgzRpAhGTxUMdL7WsE1Z5pbfbwqy+T
9A+0LNL/7nqTmZllU10yFOSC5YB4n+IdyCo9qV/k6mzjvmXfuXg6+a/h
-----END CERTIFICATE-----
Generated at Wed May 1 13:38:18 2024 by rpki-client on console-fra.rpki-client.org