Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/9252e2-45de-4bcc-8f58-fa4117db1555/1/1UI72nny89eSuVXQYsasNDhfnas.roa
File: 1UI72nny89eSuVXQYsasNDhfnas.roa (raw, json)
Hash identifier: n5aTnp4blbZu4ACZolO3s3hIuC9G00fwG6Tkg5UAmn8=
Subject key identifier: D5:42:3B:DA:79:F2:F3:D7:92:B9:55:D0:62:C6:AC:34:38:5F:9D:AB
Certificate issuer: /CN=cc27531ad999b6d5a0441b75faea7d578653e42a
Certificate serial: 018DD66A50EDB2C3CDBD829E47359620A4A7
Authority key identifier: CC:27:53:1A:D9:99:B6:D5:A0:44:1B:75:FA:EA:7D:57:86:53:E4:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zCdTGtmZttWgRBt1-up9V4ZT5Co.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/9252e2-45de-4bcc-8f58-fa4117db1555/1/1UI72nny89eSuVXQYsasNDhfnas.roa
Signing time: Fri 23 Feb 2024 14:41:48 +0000
ROA not before: Fri 23 Feb 2024 14:41:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197589
IP address blocks: 46.235.136.0/21 maxlen: 21
85.204.112.0/22 maxlen: 22
89.42.0.0/21 maxlen: 21
94.176.44.0/22 maxlen: 22
94.177.68.0/22 maxlen: 22
185.96.20.0/22 maxlen: 22
2a04:d680::/29 maxlen: 29
2a04:d680::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1d/9252e2-45de-4bcc-8f58-fa4117db1555/1/zCdTGtmZttWgRBt1-up9V4ZT5Co.crl
rsync://rpki.ripe.net/repository/DEFAULT/1d/9252e2-45de-4bcc-8f58-fa4117db1555/1/zCdTGtmZttWgRBt1-up9V4ZT5Co.mft
rsync://rpki.ripe.net/repository/DEFAULT/zCdTGtmZttWgRBt1-up9V4ZT5Co.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 17:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:d6:6a:50:ed:b2:c3:cd:bd:82:9e:47:35:96:20:a4:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cc27531ad999b6d5a0441b75faea7d578653e42a
Validity
Not Before: Feb 23 14:41:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d5423bda79f2f3d792b955d062c6ac34385f9dab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:d4:d2:8a:bc:ac:89:ec:b7:b6:aa:f7:95:d1:
c8:08:76:42:47:48:a7:02:b5:76:28:7d:93:9e:89:
58:31:fe:b4:c6:71:f1:67:5f:51:00:2c:94:28:fd:
39:40:5b:24:c3:20:c9:72:ce:3e:64:d1:64:0f:ab:
53:da:12:a0:cf:d7:89:cb:46:2b:24:2e:b3:de:21:
aa:8b:08:a8:6f:dd:dd:d7:b0:f5:35:86:c0:53:90:
24:9e:f7:57:45:01:1a:6f:d0:ea:d1:7b:2a:05:ac:
b1:e2:90:1d:27:af:f3:7f:56:11:3f:39:93:f3:54:
38:00:2a:2f:17:5b:b3:bf:9a:b7:24:db:46:fe:49:
dd:83:40:95:67:4a:ef:e6:cb:ad:67:aa:a1:ae:2e:
96:97:cd:21:64:5c:23:38:06:db:a5:77:40:6f:5f:
a2:ca:92:fd:96:bd:4b:ed:7b:6c:3b:df:3c:92:7c:
16:4c:16:49:f0:59:17:e7:06:26:98:d9:b9:00:4c:
2f:19:62:d1:9d:72:9d:bb:c0:61:de:fc:8a:55:2f:
ad:0f:14:81:92:ab:b1:63:db:a0:8a:ae:70:fb:52:
6f:9f:b5:e7:41:3c:7d:fd:37:df:eb:ef:b0:eb:ef:
88:4c:34:38:1d:8d:f5:5d:e5:99:f9:58:4a:ce:b8:
db:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:42:3B:DA:79:F2:F3:D7:92:B9:55:D0:62:C6:AC:34:38:5F:9D:AB
X509v3 Authority Key Identifier:
keyid:CC:27:53:1A:D9:99:B6:D5:A0:44:1B:75:FA:EA:7D:57:86:53:E4:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCdTGtmZttWgRBt1-up9V4ZT5Co.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/9252e2-45de-4bcc-8f58-fa4117db1555/1/1UI72nny89eSuVXQYsasNDhfnas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/9252e2-45de-4bcc-8f58-fa4117db1555/1/zCdTGtmZttWgRBt1-up9V4ZT5Co.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.235.136.0/21
85.204.112.0/22
89.42.0.0/21
94.176.44.0/22
94.177.68.0/22
185.96.20.0/22
IPv6:
2a04:d680::/29
Signature Algorithm: sha256WithRSAEncryption
5d:9a:59:58:71:73:23:87:5d:2e:c7:74:9e:69:9d:6d:1b:35:
bd:8f:08:03:d4:3b:d2:a7:23:c1:1d:11:14:45:d9:30:69:c0:
fb:03:6d:01:0b:ab:d0:e0:60:52:a4:3a:5b:5a:91:61:f9:1e:
c8:04:98:11:fa:69:b0:3d:04:b0:ab:05:0a:fe:84:7e:11:be:
29:12:55:7c:36:66:44:31:cf:ea:08:6e:f4:36:60:76:a3:8a:
e0:0c:ce:fc:a8:25:12:1b:e9:87:1a:2f:bd:4c:12:80:65:f0:
42:c2:e6:a0:e5:84:81:c8:d6:1b:13:cc:be:ef:bb:86:5e:8e:
aa:f7:02:69:ba:17:0a:1f:67:3d:bb:12:d3:ef:17:80:e1:a3:
9c:f6:41:8f:96:47:9e:fb:62:47:5b:d4:dd:d1:36:17:bb:df:
d2:ce:b3:f7:05:29:81:50:dc:14:9c:96:d8:f1:7d:5d:d7:fa:
f5:c6:a6:20:fe:e0:07:49:ad:ca:bf:d3:ce:0b:13:23:03:87:
b2:9e:f5:e9:4b:ba:df:0e:4b:61:18:cb:61:ea:5c:a6:7a:04:
82:44:61:d4:f3:0a:83:d8:fa:73:21:26:04:83:21:3a:f3:2e:
99:17:64:00:94:65:ce:52:32:ff:77:90:eb:05:df:ec:9f:e9:
f8:2c:70:3e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAY3WalDtssPNvYKeRzWWIKSnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjc1MzFhZDk5OWI2ZDVhMDQ0MWI3NWZhZWE3ZDU3ODY1
M2U0MmEwHhcNMjQwMjIzMTQ0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQyM2JkYTc5ZjJmM2Q3OTJiOTU1ZDA2MmM2YWMzNDM4NWY5ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntTSirysiey3tqr3ldHICHZCR0in
ArV2KH2TnolYMf60xnHxZ19RACyUKP05QFskwyDJcs4+ZNFkD6tT2hKgz9eJy0Yr
JC6z3iGqiwiob93d17D1NYbAU5AknvdXRQEab9Dq0XsqBayx4pAdJ6/zf1YRPzmT
81Q4ACovF1uzv5q3JNtG/kndg0CVZ0rv5sutZ6qhri6Wl80hZFwjOAbbpXdAb1+i
ypL9lr1L7XtsO988knwWTBZJ8FkX5wYmmNm5AEwvGWLRnXKdu8Bh3vyKVS+tDxSB
kquxY9ugiq5w+1Jvn7XnQTx9/Tff6++w6++ITDQ4HY31XeWZ+VhKzrjbtQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNVCO9p58vPXkrlV0GLGrDQ4X52rMB8GA1UdIwQY
MBaAFMwnUxrZmbbVoEQbdfrqfVeGU+QqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNkVEd0bVp0dFdnUkJ0MS11cDlWNFpUNUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC85MjUyZTItNDVkZS00YmNjLThmNTgt
ZmE0MTE3ZGIxNTU1LzEvMVVJNzJubnk4OWVTdVZYUVlzYXNORGhmbmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC85MjUyZTItNDVkZS00YmNjLThmNTgtZmE0MTE3ZGIxNTU1
LzEvekNkVEd0bVp0dFdnUkJ0MS11cDlWNFpUNUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDLuuIAwQC
VcxwAwQDWSoAAwQCXrAsAwQCXrFEAwQCuWAUMA0EAgACMAcDBQMqBNaAMA0GCSqG
SIb3DQEBCwUAA4IBAQBdmllYcXMjh10ux3SeaZ1tGzW9jwgD1DvSpyPBHREURdkw
acD7A20BC6vQ4GBSpDpbWpFh+R7IBJgR+mmwPQSwqwUK/oR+Eb4pElV8NmZEMc/q
CG70NmB2o4rgDM78qCUSG+mHGi+9TBKAZfBCwuag5YSByNYbE8y+77uGXo6q9wJp
uhcKH2c9uxLT7xeA4aOc9kGPlkee+2JHW9Td0TYXu9/SzrP3BSmBUNwUnJbY8X1d
1/r1xqYg/uAHSa3Kv9POCxMjA4eynvXpS7rfDkthGMth6lymegSCRGHU8wqD2Ppz
ISYEgyE68y6ZF2QAlGXOUjL/d5DrBd/sn+n4LHA+
-----END CERTIFICATE-----
Generated at Tue Nov 26 22:53:57 2024 by rpki-client on console-fra.rpki-client.org