Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/2Z3Mta3zFGG528Wrl3hrespJh5I.roa
File: 2Z3Mta3zFGG528Wrl3hrespJh5I.roa (raw, json)
Hash identifier: +sppo9xnGwVmT1MUIKXDwSoqkdTya9zToLk05Ox3BrQ=
Subject key identifier: D9:9D:CC:B5:AD:F3:14:61:B9:DB:C5:AB:97:78:6B:7A:CA:49:87:92
Certificate issuer: /CN=b155daddb871b9d6a53cd6b47f776250837f7774
Certificate serial: 018CC26D09B8FA052DB1BF9C66C5D02D8CC4
Authority key identifier: B1:55:DA:DD:B8:71:B9:D6:A5:3C:D6:B4:7F:77:62:50:83:7F:77:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sVXa3bhxudalPNa0f3diUIN_d3Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/2Z3Mta3zFGG528Wrl3hrespJh5I.roa
Signing time: Mon 01 Jan 2024 00:29:34 +0000
ROA not before: Mon 01 Jan 2024 00:29:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9066
IP address blocks: 213.252.128.0/18 maxlen: 24
62.89.160.0/19 maxlen: 24
212.68.64.0/19 maxlen: 24
2a01:ac00::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/sVXa3bhxudalPNa0f3diUIN_d3Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/sVXa3bhxudalPNa0f3diUIN_d3Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/sVXa3bhxudalPNa0f3diUIN_d3Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 01:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:09:b8:fa:05:2d:b1:bf:9c:66:c5:d0:2d:8c:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b155daddb871b9d6a53cd6b47f776250837f7774
Validity
Not Before: Jan 1 00:29:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d99dccb5adf31461b9dbc5ab97786b7aca498792
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:24:97:94:5f:5d:d0:02:ff:c0:8f:26:7a:7c:
8b:e3:b7:0b:c4:33:ab:62:0c:c2:a1:6c:7d:ee:36:
cd:d1:c6:9d:19:5a:75:a8:7b:e5:fd:d3:cb:83:e3:
e0:27:fc:06:f4:5a:62:24:ee:f8:99:fe:e7:1d:bd:
7d:f2:f9:46:44:f1:dc:67:5d:b6:7e:6c:4d:f2:9b:
4c:e3:fc:72:ae:47:9d:78:cd:e8:bf:ad:d5:8a:d9:
b9:6f:e4:6b:46:ea:b1:69:56:d6:95:3f:0d:8d:7f:
af:f5:60:98:f0:8d:bf:89:b7:c3:14:5a:c5:ff:cb:
7c:0c:0a:46:eb:4e:40:9a:82:99:fe:15:ed:ac:ab:
4f:1b:da:34:52:1f:b4:dd:45:27:36:7f:ae:eb:bd:
c1:da:d0:23:70:60:9a:43:9c:17:69:23:20:62:f8:
97:25:a1:eb:19:b2:a6:32:fe:45:35:0d:cf:ea:9c:
9b:5c:c6:89:75:c7:5c:60:9a:b1:d1:3b:29:cb:73:
ef:42:ef:23:8f:4d:79:12:41:01:68:fd:8d:09:35:
36:54:a6:59:f5:bd:63:7f:57:39:68:b8:5f:96:98:
53:a2:97:53:4f:85:5d:bc:6a:0a:42:a3:07:2f:24:
e4:b4:17:36:36:56:00:1c:1c:59:05:fe:f8:46:cf:
44:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:9D:CC:B5:AD:F3:14:61:B9:DB:C5:AB:97:78:6B:7A:CA:49:87:92
X509v3 Authority Key Identifier:
keyid:B1:55:DA:DD:B8:71:B9:D6:A5:3C:D6:B4:7F:77:62:50:83:7F:77:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVXa3bhxudalPNa0f3diUIN_d3Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/2Z3Mta3zFGG528Wrl3hrespJh5I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/sVXa3bhxudalPNa0f3diUIN_d3Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.89.160.0/19
212.68.64.0/19
213.252.128.0/18
IPv6:
2a01:ac00::/32
Signature Algorithm: sha256WithRSAEncryption
72:20:69:c7:47:13:1c:6c:e5:51:61:5e:b5:5f:f6:18:d8:42:
9b:66:f7:b3:45:6d:64:e1:86:65:36:7c:55:49:26:2f:1b:63:
af:95:dc:0f:c9:a0:b7:72:f0:0b:54:f4:bb:b0:b8:c2:1a:76:
60:da:d4:60:d8:dc:34:87:82:9d:98:83:ab:52:40:0e:68:f4:
03:1e:00:dd:37:64:86:f3:54:b6:f2:50:f6:57:3b:ee:c1:c9:
1a:9d:6b:94:40:f0:49:24:f4:df:17:6d:7f:17:7b:c3:cd:53:
84:fe:ee:df:f9:b5:a4:14:b7:da:60:89:a4:16:43:0b:db:dc:
e9:05:0c:f6:da:ad:df:c3:fc:c1:63:f8:4f:c9:a4:cb:b5:a2:
a5:de:01:cb:03:cc:34:9a:55:60:67:92:75:e9:39:a7:8e:17:
ad:99:a5:8d:51:39:ea:a1:b0:67:1a:da:13:41:b2:d1:25:f3:
71:a1:67:6c:2a:d2:66:76:91:b3:b4:ac:bf:0a:39:a9:3b:dc:
f7:a0:9e:a6:86:d8:7c:3f:da:75:f4:50:13:96:bb:fc:b4:ec:
ea:d4:1d:b6:d5:60:4b:c6:a7:ed:32:38:7a:e7:82:11:86:47:
2a:5e:e4:b7:83:10:5d:77:6e:bb:14:7e:36:bb:53:7a:47:79:
9a:24:e7:88
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzCbQm4+gUtsb+cZsXQLYzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTVkYWRkYjg3MWI5ZDZhNTNjZDZiNDdmNzc2MjUwODM3
Zjc3NzQwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTlkY2NiNWFkZjMxNDYxYjlkYmM1YWI5Nzc4NmI3YWNhNDk4NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ySXlF9d0AL/wI8menyL47cLxDOr
YgzCoWx97jbN0cadGVp1qHvl/dPLg+PgJ/wG9FpiJO74mf7nHb198vlGRPHcZ122
fmxN8ptM4/xyrkedeM3ov63Vitm5b+RrRuqxaVbWlT8NjX+v9WCY8I2/ibfDFFrF
/8t8DApG605AmoKZ/hXtrKtPG9o0Uh+03UUnNn+u673B2tAjcGCaQ5wXaSMgYviX
JaHrGbKmMv5FNQ3P6pybXMaJdcdcYJqx0Tspy3PvQu8jj015EkEBaP2NCTU2VKZZ
9b1jf1c5aLhflphTopdTT4VdvGoKQqMHLyTktBc2NlYAHBxZBf74Rs9EpQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNmdzLWt8xRhudvFq5d4a3rKSYeSMB8GA1UdIwQY
MBaAFLFV2t24cbnWpTzWtH93YlCDf3d0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZYYTNiaHh1ZGFsUE5hMGYzZGlVSU5fZDNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84ZmQ2ZTctNDk2Zi00N2NmLTgwZmIt
NTQ2OGIyY2YwYTc3LzEvMlozTXRhM3pGR0c1MjhXcmwzaHJlc3BKaDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84ZmQ2ZTctNDk2Zi00N2NmLTgwZmItNTQ2OGIyY2YwYTc3
LzEvc1ZYYTNiaHh1ZGFsUE5hMGYzZGlVSU5fZDNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFPlmgAwQF
1ERAAwQG1fyAMA0EAgACMAcDBQAqAawAMA0GCSqGSIb3DQEBCwUAA4IBAQByIGnH
RxMcbOVRYV61X/YY2EKbZvezRW1k4YZlNnxVSSYvG2OvldwPyaC3cvALVPS7sLjC
GnZg2tRg2Nw0h4KdmIOrUkAOaPQDHgDdN2SG81S28lD2VzvuwckanWuUQPBJJPTf
F21/F3vDzVOE/u7f+bWkFLfaYImkFkML29zpBQz22q3fw/zBY/hPyaTLtaKl3gHL
A8w0mlVgZ5J16TmnjhetmaWNUTnqobBnGtoTQbLRJfNxoWdsKtJmdpGztKy/Cjmp
O9z3oJ6mhth8P9p19FATlrv8tOzq1B221WBLxqftMjh654IRhkcqXuS3gxBdd267
FH42u1N6R3maJOeI
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:34:29 2024 by rpki-client on console-ams.rpki-client.org