Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/tb2nH46kO2BfpeHZpXLsCFReYbw.roa
File: tb2nH46kO2BfpeHZpXLsCFReYbw.roa (raw, json)
Hash identifier: /IBPlR0Zr5JP8fTQweRoNtTZuIW4vbVjH6wCVBvqwQA=
Subject key identifier: B5:BD:A7:1F:8E:A4:3B:60:5F:A5:E1:D9:A5:72:EC:08:54:5E:61:BC
Certificate issuer: /CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Certificate serial: 018CC4252DB86ED75F3FFA419C60673187EC
Authority key identifier: 30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/tb2nH46kO2BfpeHZpXLsCFReYbw.roa
Signing time: Mon 01 Jan 2024 08:30:20 +0000
ROA not before: Mon 01 Jan 2024 08:30:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31167
IP address blocks: 109.74.80.0/20 maxlen: 20
109.74.90.0/24 maxlen: 24
85.14.153.0/24 maxlen: 24
217.119.176.0/20 maxlen: 20
217.171.16.0/20 maxlen: 20
217.171.27.0/24 maxlen: 24
85.14.131.0/24 maxlen: 24
85.14.128.0/18 maxlen: 18
2a00:1788::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.mft
rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 02 Jul 2024 07:02:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:2d:b8:6e:d7:5f:3f:fa:41:9c:60:67:31:87:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Validity
Not Before: Jan 1 08:30:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b5bda71f8ea43b605fa5e1d9a572ec08545e61bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:94:83:70:48:13:50:b4:08:1f:ae:06:b4:e0:
7d:04:a6:78:e4:ef:fc:1f:24:53:a7:0b:0e:6a:ad:
e0:c5:ce:6b:35:82:99:f7:d2:99:d0:9f:95:e4:c5:
78:b2:b8:4d:cf:50:a6:99:ea:18:22:67:eb:02:0a:
d2:38:f3:90:2f:7c:9a:04:53:3b:3c:56:95:6f:d6:
eb:fd:eb:3f:6f:3e:c1:94:40:6a:c7:e8:be:1d:9b:
4e:4e:9c:10:12:29:d2:e1:52:17:82:cf:1a:35:4b:
47:79:8f:ef:4c:f7:3e:3a:bb:69:fd:fe:6e:ec:e9:
80:41:fe:40:46:6a:54:bf:a3:b0:f9:af:c3:3d:62:
c1:3a:3e:9e:43:96:c7:30:3f:46:fe:30:f1:4f:2d:
9a:12:80:14:5b:0c:1c:1c:60:d1:6d:03:13:fb:52:
d7:6c:c1:3c:3b:56:6f:a9:ff:7b:6e:59:f7:aa:ca:
9c:6b:1f:96:14:38:9e:41:c6:b3:80:c3:ef:f1:64:
d5:a8:e4:58:9e:ba:fa:06:a7:c7:ff:f3:3e:80:dc:
ee:25:d5:45:fe:52:2a:39:07:6a:40:20:54:34:80:
3b:0f:f8:01:60:06:c4:bf:50:af:8f:87:67:2f:0e:
33:e1:0c:62:7f:86:f3:51:43:9c:9c:d4:8f:48:9a:
00:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:BD:A7:1F:8E:A4:3B:60:5F:A5:E1:D9:A5:72:EC:08:54:5E:61:BC
X509v3 Authority Key Identifier:
keyid:30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/tb2nH46kO2BfpeHZpXLsCFReYbw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.14.128.0/18
109.74.80.0/20
217.119.176.0/20
217.171.16.0/20
IPv6:
2a00:1788::/32
Signature Algorithm: sha256WithRSAEncryption
54:a0:a0:90:23:17:9c:6f:de:7d:98:17:74:fb:e5:1f:ae:9c:
45:1e:d3:c3:35:9b:83:fa:c4:2b:6c:e4:83:d4:c8:a4:12:83:
8e:c7:20:48:5b:26:61:08:fe:5d:9e:0d:01:17:b7:61:92:c7:
0b:fe:14:64:f4:76:63:6c:df:87:e3:01:20:bc:90:ae:a0:71:
cd:d0:12:ff:cb:74:22:66:00:52:c1:2b:9e:4a:75:f3:b7:44:
d1:0c:89:1a:5b:fb:51:05:e7:d4:26:ea:eb:09:ae:4c:8a:2c:
ad:2a:49:b0:45:13:b6:ae:9b:3b:7a:25:6e:6b:19:1f:92:82:
0f:0c:6c:3e:be:2e:b1:d7:b9:5b:23:87:0a:31:4f:0f:27:f3:
47:f2:7c:0f:29:90:bc:49:aa:2c:f7:cf:41:1b:d2:9f:5b:c1:
db:a7:99:fa:f0:b4:b6:72:30:a9:66:aa:c3:84:12:44:9d:39:
33:bb:61:f6:37:e9:29:c8:b9:ab:62:c3:2e:21:88:a0:6b:70:
c9:41:a6:f0:f7:81:27:77:53:7a:79:0e:8c:b1:47:d4:67:5b:
67:8b:32:39:e4:82:c5:23:85:b3:ce:2a:99:7d:68:2b:b8:f9:
fa:cb:e2:3d:46:30:56:51:68:7f:8a:49:0f:24:1d:ee:ed:26:
ee:cb:78:45
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzEJS24btdfP/pBnGBnMYfsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Q4ODdjMDJlMDdjOWU0NzRkMWY4ZTIxMDQ5Y2FhNmNl
M2ZiZDMwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWJkYTcxZjhlYTQzYjYwNWZhNWUxZDlhNTcyZWMwODU0NWU2MWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJSDcEgTULQIH64GtOB9BKZ45O/8
HyRTpwsOaq3gxc5rNYKZ99KZ0J+V5MV4srhNz1CmmeoYImfrAgrSOPOQL3yaBFM7
PFaVb9br/es/bz7BlEBqx+i+HZtOTpwQEinS4VIXgs8aNUtHeY/vTPc+Ortp/f5u
7OmAQf5ARmpUv6Ow+a/DPWLBOj6eQ5bHMD9G/jDxTy2aEoAUWwwcHGDRbQMT+1LX
bME8O1Zvqf97bln3qsqcax+WFDieQcazgMPv8WTVqORYnrr6BqfH//M+gNzuJdVF
/lIqOQdqQCBUNIA7D/gBYAbEv1Cvj4dnLw4z4Qxif4bzUUOcnNSPSJoAtQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLW9px+OpDtgX6Xh2aVy7AhUXmG8MB8GA1UdIwQY
MBaAFDB9iHwC4HyeR00fjiEEnKps4/vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMt
MWE1ZTVmMTkxYmZhLzEvdGIybkg0NmtPMkJmcGVIWnBYTHNDRlJlWWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMtMWE1ZTVmMTkxYmZh
LzEvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGVQ6AAwQE
bUpQAwQE2XewAwQE2asQMA0EAgACMAcDBQAqABeIMA0GCSqGSIb3DQEBCwUAA4IB
AQBUoKCQIxecb959mBd0++UfrpxFHtPDNZuD+sQrbOSD1MikEoOOxyBIWyZhCP5d
ng0BF7dhkscL/hRk9HZjbN+H4wEgvJCuoHHN0BL/y3QiZgBSwSueSnXzt0TRDIka
W/tRBefUJurrCa5MiiytKkmwRRO2rps7eiVuaxkfkoIPDGw+vi6x17lbI4cKMU8P
J/NH8nwPKZC8Saos989BG9KfW8Hbp5n68LS2cjCpZqrDhBJEnTkzu2H2N+kpyLmr
YsMuIYiga3DJQabw94End1N6eQ6MsUfUZ1tnizI55ILFI4WzziqZfWgruPn6y+I9
RjBWUWh/ikkPJB3u7Sbuy3hF
-----END CERTIFICATE-----
Generated at Mon Jul 1 15:54:49 2024 by rpki-client on console-ams.rpki-client.org