Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/e9487f-fdc7-40a7-8a67-1be69ca393ba/1/tNFRmswT2bxBow-5I-1iXkORBDY.roa
File: tNFRmswT2bxBow-5I-1iXkORBDY.roa (raw, json)
Hash identifier: +58OME90CWAxk2q3BhetF12hSJ3iD9yZCX+rEgoejIU=
Subject key identifier: B4:D1:51:9A:CC:13:D9:BC:41:A3:0F:B9:23:ED:62:5E:43:91:04:36
Certificate issuer: /CN=84b0cac838f282e042948f9d2b2cd5754d2e8c47
Certificate serial: 018CC8DF348D9014F944DF755A4CABC3F879
Authority key identifier: 84:B0:CA:C8:38:F2:82:E0:42:94:8F:9D:2B:2C:D5:75:4D:2E:8C:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLDKyDjyguBClI-dKyzVdU0ujEc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/e9487f-fdc7-40a7-8a67-1be69ca393ba/1/tNFRmswT2bxBow-5I-1iXkORBDY.roa
Signing time: Tue 02 Jan 2024 06:32:00 +0000
ROA not before: Tue 02 Jan 2024 06:32:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35046
IP address blocks: 213.226.208.0/20 maxlen: 20
94.143.232.0/21 maxlen: 21
185.133.100.0/22 maxlen: 22
2a00:5100::/32 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/e9487f-fdc7-40a7-8a67-1be69ca393ba/1/hLDKyDjyguBClI-dKyzVdU0ujEc.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/e9487f-fdc7-40a7-8a67-1be69ca393ba/1/hLDKyDjyguBClI-dKyzVdU0ujEc.mft
rsync://rpki.ripe.net/repository/DEFAULT/hLDKyDjyguBClI-dKyzVdU0ujEc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 23:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:34:8d:90:14:f9:44:df:75:5a:4c:ab:c3:f8:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b0cac838f282e042948f9d2b2cd5754d2e8c47
Validity
Not Before: Jan 2 06:32:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b4d1519acc13d9bc41a30fb923ed625e43910436
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:3b:28:a6:78:11:f8:34:c8:2b:0f:b2:2e:d9:
4a:2c:72:0d:bb:45:94:ae:69:8b:56:b5:2a:34:6d:
de:d1:ee:b5:10:6b:82:29:64:93:0b:41:b9:e0:2d:
0d:1b:65:cc:8f:d8:7f:26:92:68:19:ff:f5:7f:a0:
4b:f4:67:37:53:9b:cc:45:e7:a8:94:63:86:79:b2:
2c:de:e9:ed:df:a3:ca:41:47:6e:f4:72:06:11:a2:
27:c6:ee:51:d9:e8:7c:3d:6f:f3:91:3a:3f:ee:43:
29:06:c5:67:07:cb:09:12:6d:6a:0a:ca:77:43:36:
25:9a:2c:15:d6:26:3e:b6:19:64:37:d3:fa:8d:02:
50:50:b7:9a:09:36:3e:19:57:e9:0f:c3:57:40:5c:
db:21:06:fe:1a:3f:83:a2:9c:af:bc:8a:38:e1:1f:
36:14:e4:c9:a6:58:87:31:bd:19:fd:00:60:9b:c4:
11:ea:3b:56:b0:c2:f7:2b:23:8f:33:2d:02:f4:95:
12:ec:c8:45:7b:4c:1f:52:3c:fd:a4:00:2b:8f:8f:
85:2f:f8:f3:25:b4:2a:c4:d4:e5:42:46:92:ad:5d:
f0:fb:4c:cf:65:1f:15:19:17:d7:37:34:3f:4b:78:
74:9d:de:f2:99:3a:f5:ec:8d:90:32:6b:46:c3:e2:
ec:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:D1:51:9A:CC:13:D9:BC:41:A3:0F:B9:23:ED:62:5E:43:91:04:36
X509v3 Authority Key Identifier:
keyid:84:B0:CA:C8:38:F2:82:E0:42:94:8F:9D:2B:2C:D5:75:4D:2E:8C:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLDKyDjyguBClI-dKyzVdU0ujEc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/e9487f-fdc7-40a7-8a67-1be69ca393ba/1/tNFRmswT2bxBow-5I-1iXkORBDY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/e9487f-fdc7-40a7-8a67-1be69ca393ba/1/hLDKyDjyguBClI-dKyzVdU0ujEc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.143.232.0/21
185.133.100.0/22
213.226.208.0/20
IPv6:
2a00:5100::/32
Signature Algorithm: sha256WithRSAEncryption
59:f0:18:1d:72:d4:e3:80:6c:34:de:e7:9b:1d:f8:d1:1b:67:
b7:c4:f1:75:27:c6:56:e2:aa:41:72:b6:07:17:00:3a:cb:03:
23:5d:fe:4e:d5:79:a4:3f:53:06:66:a6:30:bc:6e:17:4a:c7:
4c:be:b3:31:1e:f6:e9:21:9a:6d:66:b8:ec:8c:b5:6a:a3:02:
50:a4:0c:ad:d6:00:3d:5a:8c:15:91:96:75:5b:ce:a8:59:fd:
e8:38:9d:42:89:11:68:ce:04:18:9e:86:e8:66:11:10:fe:72:
93:48:e4:ae:c1:97:24:03:5e:a0:df:42:00:f1:82:8f:0e:5a:
2a:b5:69:c7:f7:d8:6c:6d:fc:16:06:d8:f4:b9:0a:b3:a5:79:
71:da:46:ad:7c:66:4e:d5:b3:37:47:c1:6c:43:e8:71:93:d9:
fe:df:26:45:c7:22:97:ac:fd:6e:e5:30:3f:92:a9:38:4c:7f:
27:cd:99:9e:56:ef:6b:b4:ef:23:07:07:e8:15:89:76:03:66:
04:e6:59:9a:96:c6:21:44:23:5d:07:5a:9d:c9:b4:39:66:3e:
9d:ca:09:12:1b:2f:7e:86:a2:40:48:3e:d9:6e:72:c3:2a:c2:
ff:04:4a:c1:8c:2d:53:43:56:90:56:64:17:39:2c:0c:51:e9:
d4:0a:2b:e8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzI3zSNkBT5RN91Wkyrw/h5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjBjYWM4MzhmMjgyZTA0Mjk0OGY5ZDJiMmNkNTc1NGQy
ZThjNDcwHhcNMjQwMTAyMDYzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQxNTE5YWNjMTNkOWJjNDFhMzBmYjkyM2VkNjI1ZTQzOTEwNDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTsopngR+DTIKw+yLtlKLHINu0WU
rmmLVrUqNG3e0e61EGuCKWSTC0G54C0NG2XMj9h/JpJoGf/1f6BL9Gc3U5vMReeo
lGOGebIs3unt36PKQUdu9HIGEaInxu5R2eh8PW/zkTo/7kMpBsVnB8sJEm1qCsp3
QzYlmiwV1iY+thlkN9P6jQJQULeaCTY+GVfpD8NXQFzbIQb+Gj+DopyvvIo44R82
FOTJpliHMb0Z/QBgm8QR6jtWsML3KyOPMy0C9JUS7MhFe0wfUjz9pAArj4+FL/jz
JbQqxNTlQkaSrV3w+0zPZR8VGRfXNzQ/S3h0nd7ymTr17I2QMmtGw+LspQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLTRUZrME9m8QaMPuSPtYl5DkQQ2MB8GA1UdIwQY
MBaAFISwysg48oLgQpSPnSss1XVNLoxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExES3lEanlndUJDbEktZEt5elZkVTB1akVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9lOTQ4N2YtZmRjNy00MGE3LThhNjct
MWJlNjljYTM5M2JhLzEvdE5GUm1zd1QyYnhCb3ctNUktMWlYa09SQkRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9lOTQ4N2YtZmRjNy00MGE3LThhNjctMWJlNjljYTM5M2Jh
LzEvaExES3lEanlndUJDbEktZEt5elZkVTB1akVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDXo/oAwQC
uYVkAwQE1eLQMA0EAgACMAcDBQAqAFEAMA0GCSqGSIb3DQEBCwUAA4IBAQBZ8Bgd
ctTjgGw03uebHfjRG2e3xPF1J8ZW4qpBcrYHFwA6ywMjXf5O1XmkP1MGZqYwvG4X
SsdMvrMxHvbpIZptZrjsjLVqowJQpAyt1gA9WowVkZZ1W86oWf3oOJ1CiRFozgQY
noboZhEQ/nKTSOSuwZckA16g30IA8YKPDloqtWnH99hsbfwWBtj0uQqzpXlx2kat
fGZO1bM3R8FsQ+hxk9n+3yZFxyKXrP1u5TA/kqk4TH8nzZmeVu9rtO8jBwfoFYl2
A2YE5lmalsYhRCNdB1qdybQ5Zj6dygkSGy9+hqJASD7ZbnLDKsL/BErBjC1TQ1aQ
VmQXOSwMUenUCivo
-----END CERTIFICATE-----
Generated at Sat Jun 8 06:12:34 2024 by rpki-client on console-ams.rpki-client.org