Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/U7smoD3pihpz9SLM0FLSouRxS6U.roa
File: U7smoD3pihpz9SLM0FLSouRxS6U.roa (raw, json)
Hash identifier: 2NqVDJ+8pJPQN8+0K5us8Rs4RQpuz4mNrA3CBWcyqSI=
Subject key identifier: 53:BB:26:A0:3D:E9:8A:1A:73:F5:22:CC:D0:52:D2:A2:E4:71:4B:A5
Certificate issuer: /CN=7b87f6b9119fa9dcd3e12e7e6bfb706dff978825
Certificate serial: 0191B1EAD431350991B18CB91C42517198AC
Authority key identifier: 7B:87:F6:B9:11:9F:A9:DC:D3:E1:2E:7E:6B:FB:70:6D:FF:97:88:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e4f2uRGfqdzT4S5-a_twbf-XiCU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/U7smoD3pihpz9SLM0FLSouRxS6U.roa
Signing time: Mon 02 Sep 2024 08:47:22 +0000
ROA not before: Mon 02 Sep 2024 08:47:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12859
IP address blocks: 185.173.20.0/22 maxlen: 22
185.173.20.0/24 maxlen: 24
185.173.21.0/24 maxlen: 24
185.173.22.0/24 maxlen: 24
2a0b:3100::/40 maxlen: 48
2a0b:3100:100::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/e4f2uRGfqdzT4S5-a_twbf-XiCU.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/e4f2uRGfqdzT4S5-a_twbf-XiCU.mft
rsync://rpki.ripe.net/repository/DEFAULT/e4f2uRGfqdzT4S5-a_twbf-XiCU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 18:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:b1:ea:d4:31:35:09:91:b1:8c:b9:1c:42:51:71:98:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b87f6b9119fa9dcd3e12e7e6bfb706dff978825
Validity
Not Before: Sep 2 08:47:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=53bb26a03de98a1a73f522ccd052d2a2e4714ba5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:70:48:a8:bc:0c:6a:ce:68:14:2c:7d:67:a6:
98:54:62:af:bd:c4:ee:52:7c:74:ad:db:f1:5b:bc:
62:cf:61:4b:ad:16:4c:3b:3b:9a:67:09:a7:66:40:
77:ee:e0:20:5a:3d:e8:46:a8:d1:13:28:d7:9a:10:
61:e1:94:7d:9d:8f:9e:ac:50:c4:94:3f:f0:8c:c4:
e4:01:ac:e8:7d:a5:a6:e6:5f:20:7a:98:3c:30:e8:
59:ae:5e:dc:4f:00:62:1b:7d:35:40:b1:20:87:2e:
17:d3:00:0a:ae:d4:70:97:3e:d0:98:00:11:6a:63:
34:37:0d:0a:9b:d9:30:f4:02:2f:e4:dd:8d:a9:b7:
95:d8:0c:df:8c:90:05:c7:ed:c7:f3:ae:90:d1:22:
0a:ea:66:60:ed:89:60:00:06:38:45:34:2a:f3:55:
c3:ee:a2:66:6e:b7:31:09:fe:b2:fd:b4:95:5c:e3:
c6:5f:c9:86:98:0b:0b:f6:9b:a3:8b:8c:38:8b:ec:
fb:88:2c:62:85:be:a6:df:f1:ad:6c:3d:0e:e5:ee:
81:22:ab:04:72:fe:66:ff:3f:8e:94:a1:78:52:71:
74:68:ac:42:80:ca:51:70:99:05:35:91:85:7e:c1:
92:9c:68:c9:a6:b1:86:49:5c:5a:7d:5d:aa:b7:c5:
bf:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:BB:26:A0:3D:E9:8A:1A:73:F5:22:CC:D0:52:D2:A2:E4:71:4B:A5
X509v3 Authority Key Identifier:
keyid:7B:87:F6:B9:11:9F:A9:DC:D3:E1:2E:7E:6B:FB:70:6D:FF:97:88:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4f2uRGfqdzT4S5-a_twbf-XiCU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/U7smoD3pihpz9SLM0FLSouRxS6U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/e4f2uRGfqdzT4S5-a_twbf-XiCU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.173.20.0/22
IPv6:
2a0b:3100::/39
Signature Algorithm: sha256WithRSAEncryption
70:c0:2a:c1:a3:4c:c9:eb:bd:cd:cd:7f:93:cd:7c:26:ef:f0:
0a:de:98:06:a0:27:be:1f:d3:4e:e2:6b:dc:40:7b:e4:95:c8:
fb:0e:15:9b:0f:0f:67:d7:00:21:1c:de:e7:d9:68:e6:23:5d:
fe:99:4c:95:51:ec:67:4d:a6:57:7f:7f:25:57:e3:a9:6c:bf:
86:2e:fa:94:42:bd:c2:49:8b:3a:0c:d7:ec:9b:2c:11:5d:11:
e1:6a:7f:a1:2a:b8:fd:de:96:55:4c:b6:d4:73:00:a9:6f:82:
e9:76:c0:55:ae:ed:60:57:c4:67:f6:2e:78:0e:91:75:b6:74:
1b:dc:bf:f8:f0:1b:0a:98:f5:19:51:e3:b5:e9:44:55:97:ee:
a4:4a:21:cb:b4:c8:5e:02:6e:aa:43:a3:a5:a4:44:f1:30:d5:
ba:79:e0:82:e3:99:99:df:34:ac:47:66:f5:05:5e:f6:55:87:
f1:6a:20:47:d4:a3:94:d2:39:70:56:6b:a1:b1:05:f2:8a:e5:
d3:3f:0a:df:fe:bd:7d:ac:1f:a0:4a:f9:94:8d:e2:98:c5:52:
70:cb:ca:03:00:1e:70:46:55:7f:fc:79:30:17:0d:d9:d9:2f:
28:56:95:23:4a:06:71:ca:f8:b6:69:f0:27:d5:6b:88:20:44:
b3:64:10:e3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZGx6tQxNQmRsYy5HEJRcZisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiODdmNmI5MTE5ZmE5ZGNkM2UxMmU3ZTZiZmI3MDZkZmY5
Nzg4MjUwHhcNMjQwOTAyMDg0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2JiMjZhMDNkZTk4YTFhNzNmNTIyY2NkMDUyZDJhMmU0NzE0YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3BIqLwMas5oFCx9Z6aYVGKvvcTu
Unx0rdvxW7xiz2FLrRZMOzuaZwmnZkB37uAgWj3oRqjREyjXmhBh4ZR9nY+erFDE
lD/wjMTkAazofaWm5l8gepg8MOhZrl7cTwBiG301QLEghy4X0wAKrtRwlz7QmAAR
amM0Nw0Km9kw9AIv5N2NqbeV2AzfjJAFx+3H866Q0SIK6mZg7YlgAAY4RTQq81XD
7qJmbrcxCf6y/bSVXOPGX8mGmAsL9puji4w4i+z7iCxihb6m3/GtbD0O5e6BIqsE
cv5m/z+OlKF4UnF0aKxCgMpRcJkFNZGFfsGSnGjJprGGSVxafV2qt8W/EwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFO7JqA96Yoac/UizNBS0qLkcUulMB8GA1UdIwQY
MBaAFHuH9rkRn6nc0+Eufmv7cG3/l4glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTRmMnVSR2ZxZHpUNFM1LWFfdHdiZi1YaUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zZjNhYjEtNTk1OS00NWE4LWJjMGYt
ZDc4NTE0ZTllODEyLzEvVTdzbW9EM3BpaHB6OVNMTTBGTFNvdVJ4UzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zZjNhYjEtNTk1OS00NWE4LWJjMGYtZDc4NTE0ZTllODEy
LzEvZTRmMnVSR2ZxZHpUNFM1LWFfdHdiZi1YaUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCua0UMA4E
AgACMAgDBgEqCzEAADANBgkqhkiG9w0BAQsFAAOCAQEAcMAqwaNMyeu9zc1/k818
Ju/wCt6YBqAnvh/TTuJr3EB75JXI+w4Vmw8PZ9cAIRze59lo5iNd/plMlVHsZ02m
V39/JVfjqWy/hi76lEK9wkmLOgzX7JssEV0R4Wp/oSq4/d6WVUy21HMAqW+C6XbA
Va7tYFfEZ/YueA6RdbZ0G9y/+PAbCpj1GVHjtelEVZfupEohy7TIXgJuqkOjpaRE
8TDVunngguOZmd80rEdm9QVe9lWH8WogR9SjlNI5cFZrobEF8orl0z8K3/69fawf
oEr5lI3imMVScMvKAwAecEZVf/x5MBcN2dkvKFaVI0oGccr4tmnwJ9VriCBEs2QQ
4w==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:08:18 2024 by rpki-client on console-ams.rpki-client.org