Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/WlAmyDnQpDwG40iCUW-P4--iR7c.roa
File: WlAmyDnQpDwG40iCUW-P4--iR7c.roa (raw, json)
Hash identifier: V0MgfZAlMRRcmNtqdRL90Kf22ejw5Rm/vRJd/assFUk=
Subject key identifier: 5A:50:26:C8:39:D0:A4:3C:06:E3:48:82:51:6F:8F:E3:EF:A2:47:B7
Certificate issuer: /CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
Certificate serial: 018DE66E0DA8F62E4D6D5D0AB3163536EB64
Authority key identifier: 76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/WlAmyDnQpDwG40iCUW-P4--iR7c.roa
Signing time: Mon 26 Feb 2024 17:19:48 +0000
ROA not before: Mon 26 Feb 2024 17:19:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43152
IP address blocks: 109.71.240.0/24 maxlen: 24
109.71.241.0/24 maxlen: 24
109.71.242.0/24 maxlen: 24
109.71.243.0/24 maxlen: 24
109.71.244.0/24 maxlen: 24
109.71.245.0/24 maxlen: 24
109.71.246.0/24 maxlen: 24
109.71.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.mft
rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:e6:6e:0d:a8:f6:2e:4d:6d:5d:0a:b3:16:35:36:eb:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
Validity
Not Before: Feb 26 17:19:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5a5026c839d0a43c06e34882516f8fe3efa247b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:ba:27:3e:4f:a4:d3:31:31:eb:d1:8f:60:0c:
60:10:c1:fc:a7:ce:ec:d0:2d:f8:c6:42:f2:c2:c2:
62:b7:da:75:09:7f:34:ac:ec:99:12:4c:d3:86:d4:
c4:2c:d4:a9:79:c4:61:76:0c:02:17:05:8c:65:25:
c9:40:0d:e1:4d:1a:ba:ee:b2:85:01:5e:46:bb:ef:
8b:88:3f:d8:78:fa:c6:e2:47:2d:fe:e6:00:89:bd:
78:ce:cd:97:ee:d3:6d:1e:06:5c:81:1e:d0:1f:f9:
55:17:21:2c:6f:d4:c4:47:84:d7:ea:9f:d8:4a:c3:
d5:40:08:03:45:87:e1:99:db:c0:65:4e:8a:31:0b:
d7:72:f3:a2:1e:4f:ba:ff:9b:df:1a:62:ce:6b:b5:
d9:aa:c6:cc:46:bd:d1:1d:15:18:41:83:15:38:ba:
4d:c1:b3:b3:df:00:ed:36:e0:82:51:d8:b4:fa:5a:
74:7f:fb:05:5c:1f:de:e5:8a:74:0e:a0:9b:61:53:
d2:c1:db:d5:7d:4b:00:3d:b5:6e:2a:19:3d:c2:13:
99:ef:93:1d:c2:c3:99:0f:63:85:94:17:88:a4:07:
17:27:f0:8c:b3:0c:01:64:d6:35:40:47:20:bb:a1:
31:8d:7c:1e:a8:3d:16:29:7c:4b:59:be:60:47:06:
e8:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:50:26:C8:39:D0:A4:3C:06:E3:48:82:51:6F:8F:E3:EF:A2:47:B7
X509v3 Authority Key Identifier:
keyid:76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/WlAmyDnQpDwG40iCUW-P4--iR7c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.71.240.0/21
Signature Algorithm: sha256WithRSAEncryption
32:0e:f5:90:87:ad:2c:16:a1:d7:57:01:a1:da:87:63:52:44:
5a:ab:88:b3:f5:76:89:8f:2b:6a:c3:aa:d8:d0:72:33:40:f5:
44:1f:90:ad:0f:cc:9d:b1:a6:02:ce:cf:e4:2f:b2:63:31:85:
4e:c8:c6:b3:3a:70:31:07:65:fa:92:63:33:9b:c6:06:4f:76:
82:53:13:ea:a2:dc:17:ac:1b:90:0d:50:cf:04:1d:19:97:4c:
ca:86:7e:b0:7f:d7:98:52:ef:8e:6e:46:ef:10:8b:b3:23:bf:
18:19:8e:cf:6f:68:1b:0e:11:16:e0:64:2b:60:e3:b5:ec:09:
d5:d9:78:05:98:3e:78:c2:6f:df:73:b9:8c:eb:94:d5:dd:4c:
3d:2c:a7:ae:e9:f6:b4:80:82:a6:e5:cf:3f:f7:6e:80:59:63:
47:0c:b0:f5:9e:04:c9:be:9a:19:f9:7f:fb:d5:30:39:ef:9d:
8b:3d:9d:59:e6:14:01:20:c2:59:e5:e9:75:d3:e5:d7:9d:59:
1b:1f:64:61:ec:9e:30:4e:d2:b2:c9:e5:cb:0d:43:6c:1e:cd:
d6:25:2b:9e:ae:17:41:3a:b6:3d:37:42:17:14:90:cd:1a:ff:
65:08:5e:35:73:60:a3:2f:8e:c1:a1:9a:69:6d:4f:92:9e:7a:
02:5b:df:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3mbg2o9i5NbV0KsxY1NutkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZWYwYTBlZThmYTE1NGQ3YWRhNDM4YWYxMjEyMjY5Y2Uw
YWNjNDEwHhcNMjQwMjI2MTcxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTUwMjZjODM5ZDBhNDNjMDZlMzQ4ODI1MTZmOGZlM2VmYTI0N2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7onPk+k0zEx69GPYAxgEMH8p87s
0C34xkLywsJit9p1CX80rOyZEkzThtTELNSpecRhdgwCFwWMZSXJQA3hTRq67rKF
AV5Gu++LiD/YePrG4kct/uYAib14zs2X7tNtHgZcgR7QH/lVFyEsb9TER4TX6p/Y
SsPVQAgDRYfhmdvAZU6KMQvXcvOiHk+6/5vfGmLOa7XZqsbMRr3RHRUYQYMVOLpN
wbOz3wDtNuCCUdi0+lp0f/sFXB/e5Yp0DqCbYVPSwdvVfUsAPbVuKhk9whOZ75Md
wsOZD2OFlBeIpAcXJ/CMswwBZNY1QEcgu6ExjXweqD0WKXxLWb5gRwbo0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpQJsg50KQ8BuNIglFvj+Pvoke3MB8GA1UdIwQY
MBaAFHbvCg7o+hVNetpDivEhImnOCsxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmIt
M2JlOTk1ZDJiYmRhLzEvV2xBbXlEblFwRHdHNDBpQ1VXLVA0LS1pUjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmItM2JlOTk1ZDJiYmRh
LzEvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbUfwMA0G
CSqGSIb3DQEBCwUAA4IBAQAyDvWQh60sFqHXVwGh2odjUkRaq4iz9XaJjytqw6rY
0HIzQPVEH5CtD8ydsaYCzs/kL7JjMYVOyMazOnAxB2X6kmMzm8YGT3aCUxPqotwX
rBuQDVDPBB0Zl0zKhn6wf9eYUu+ObkbvEIuzI78YGY7Pb2gbDhEW4GQrYOO17AnV
2XgFmD54wm/fc7mM65TV3Uw9LKeu6fa0gIKm5c8/926AWWNHDLD1ngTJvpoZ+X/7
1TA5752LPZ1Z5hQBIMJZ5el10+XXnVkbH2Rh7J4wTtKyyeXLDUNsHs3WJSuerhdB
OrY9N0IXFJDNGv9lCF41c2CjL47BoZppbU+SnnoCW98q
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:58:56 2024 by rpki-client on console-ams.rpki-client.org