Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/ocNZ1fd_wiWvrHossY7HITj5Kdg.roa
File: ocNZ1fd_wiWvrHossY7HITj5Kdg.roa (raw, json)
Hash identifier: w3CJPT/QFBhWyGS1/6s9J/+EPkZYIumP7FD4HfAmEDk=
Subject key identifier: A1:C3:59:D5:F7:7F:C2:25:AF:AC:7A:2C:B1:8E:C7:21:38:F9:29:D8
Certificate issuer: /CN=b5faec4b8d992dd6b9cd89a8489d3c3a652aecd2
Certificate serial: 018CC26D69C2036E3D3BD22DDCD72DDC899B
Authority key identifier: B5:FA:EC:4B:8D:99:2D:D6:B9:CD:89:A8:48:9D:3C:3A:65:2A:EC:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tfrsS42ZLda5zYmoSJ08OmUq7NI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/ocNZ1fd_wiWvrHossY7HITj5Kdg.roa
Signing time: Mon 01 Jan 2024 00:29:59 +0000
ROA not before: Mon 01 Jan 2024 00:29:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16047
IP address blocks: 185.220.40.0/22 maxlen: 22
37.60.176.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/tfrsS42ZLda5zYmoSJ08OmUq7NI.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/tfrsS42ZLda5zYmoSJ08OmUq7NI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tfrsS42ZLda5zYmoSJ08OmUq7NI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 23:23:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:69:c2:03:6e:3d:3b:d2:2d:dc:d7:2d:dc:89:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b5faec4b8d992dd6b9cd89a8489d3c3a652aecd2
Validity
Not Before: Jan 1 00:29:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a1c359d5f77fc225afac7a2cb18ec72138f929d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:b2:4b:0b:5a:b1:88:93:57:f0:f7:4c:67:32:
79:ce:0e:37:8f:67:71:eb:be:44:3d:e0:ab:00:3f:
f2:8a:d9:ec:69:0e:3f:77:cb:9f:f5:5b:24:72:06:
85:78:73:64:db:78:d2:4f:80:03:29:a2:d0:62:7a:
00:89:3d:2a:79:44:29:3e:ec:78:e8:da:0a:ea:5a:
f6:cb:22:8c:a5:a7:d5:a5:02:3d:a8:62:46:d8:9a:
fd:e9:ec:b8:bd:05:3a:d7:b0:61:a6:25:88:86:9e:
f2:ab:93:a0:c6:02:01:8f:ee:8f:af:e2:b8:3d:d4:
a4:51:2d:9c:7b:a2:4a:ec:13:1a:1d:e0:2e:ab:b1:
9d:4b:70:1c:7f:17:96:85:6f:f1:dc:c3:3e:26:4f:
e1:1e:4c:77:ec:e6:0d:84:a8:fa:c0:1d:29:a0:26:
85:d5:a0:e0:4a:21:23:e4:e3:53:53:ac:33:cd:ae:
4d:73:00:9f:1b:03:f7:df:ba:7b:5f:7e:4b:f0:79:
96:e3:8e:d9:de:71:9b:0c:3a:b2:df:86:fe:f8:57:
a1:35:69:35:28:e7:72:cb:95:cf:45:be:c9:d0:ba:
75:d1:ed:3c:6f:bd:37:8f:36:ff:2e:e2:2d:9f:d6:
d2:a6:07:60:30:99:2f:2a:77:43:cb:48:a7:40:c6:
ce:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:C3:59:D5:F7:7F:C2:25:AF:AC:7A:2C:B1:8E:C7:21:38:F9:29:D8
X509v3 Authority Key Identifier:
keyid:B5:FA:EC:4B:8D:99:2D:D6:B9:CD:89:A8:48:9D:3C:3A:65:2A:EC:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tfrsS42ZLda5zYmoSJ08OmUq7NI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/ocNZ1fd_wiWvrHossY7HITj5Kdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/tfrsS42ZLda5zYmoSJ08OmUq7NI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.60.176.0/21
185.220.40.0/22
Signature Algorithm: sha256WithRSAEncryption
77:c3:b2:ca:b5:4a:8a:64:8f:b0:45:5b:24:f9:30:57:e2:3e:
31:95:05:9b:9f:29:5c:9e:99:ca:93:d2:f1:4d:d3:58:92:7f:
86:6d:f2:c6:5c:1a:ac:36:a1:ba:83:fd:b3:ce:d8:f9:16:63:
93:1f:85:99:72:c5:ea:99:bd:02:ae:2f:d4:43:81:ca:ba:8e:
62:75:c0:00:a7:5b:29:45:d7:d5:fb:31:f1:6e:64:7a:a5:ec:
1a:93:ed:07:6a:8a:08:4c:49:23:57:c9:f3:61:18:89:04:7b:
cb:8a:47:20:7c:fb:c8:ac:ef:55:0f:7c:bf:1f:74:5f:fb:77:
60:12:9a:9d:e6:ec:de:a9:7d:db:3b:2e:ab:05:48:9d:87:9d:
96:eb:ed:b2:4b:4d:ea:37:13:15:c8:d7:10:9a:d4:29:98:f0:
34:01:ee:9d:0e:bb:18:da:c1:9f:70:ef:2d:cb:33:a1:51:2b:
65:9c:70:9b:5d:fa:91:c5:f5:5e:75:10:b3:0f:0f:3f:56:86:
86:a5:a3:83:81:8f:67:de:27:27:3e:b9:e7:ab:4b:fc:28:5e:
26:e9:69:ed:d5:99:ff:c2:15:c4:0a:1d:5f:60:9a:d8:83:96:
a9:c1:2d:8b:56:77:5d:69:2c:38:a0:4a:f9:dd:55:7d:40:0a:
bf:65:fb:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbWnCA249O9It3Nct3ImbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ZmFlYzRiOGQ5OTJkZDZiOWNkODlhODQ4OWQzYzNhNjUy
YWVjZDIwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWMzNTlkNWY3N2ZjMjI1YWZhYzdhMmNiMThlYzcyMTM4ZjkyOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubJLC1qxiJNX8PdMZzJ5zg43j2dx
675EPeCrAD/yitnsaQ4/d8uf9VskcgaFeHNk23jST4ADKaLQYnoAiT0qeUQpPux4
6NoK6lr2yyKMpafVpQI9qGJG2Jr96ey4vQU617BhpiWIhp7yq5OgxgIBj+6Pr+K4
PdSkUS2ce6JK7BMaHeAuq7GdS3AcfxeWhW/x3MM+Jk/hHkx37OYNhKj6wB0poCaF
1aDgSiEj5ONTU6wzza5NcwCfGwP337p7X35L8HmW447Z3nGbDDqy34b++FehNWk1
KOdyy5XPRb7J0Lp10e08b703jzb/LuItn9bSpgdgMJkvKndDy0inQMbO1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKHDWdX3f8Ilr6x6LLGOxyE4+SnYMB8GA1UdIwQY
MBaAFLX67EuNmS3Wuc2JqEidPDplKuzSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGZyc1M0MlpMZGE1elltb1NKMDhPbVVxN05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82OGMyOTYtNjliMi00MDcwLTlmZjkt
NDI0M2RlY2FkMzYwLzEvb2NOWjFmZF93aVd2ckhvc3NZN0hJVGo1S2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82OGMyOTYtNjliMi00MDcwLTlmZjktNDI0M2RlY2FkMzYw
LzEvdGZyc1M0MlpMZGE1elltb1NKMDhPbVVxN05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJTywAwQC
udwoMA0GCSqGSIb3DQEBCwUAA4IBAQB3w7LKtUqKZI+wRVsk+TBX4j4xlQWbnylc
npnKk9LxTdNYkn+GbfLGXBqsNqG6g/2zztj5FmOTH4WZcsXqmb0Cri/UQ4HKuo5i
dcAAp1spRdfV+zHxbmR6pewak+0HaooITEkjV8nzYRiJBHvLikcgfPvIrO9VD3y/
H3Rf+3dgEpqd5uzeqX3bOy6rBUidh52W6+2yS03qNxMVyNcQmtQpmPA0Ae6dDrsY
2sGfcO8tyzOhUStlnHCbXfqRxfVedRCzDw8/VoaGpaODgY9n3icnPrnnq0v8KF4m
6Wnt1Zn/whXECh1fYJrYg5apwS2LVnddaSw4oEr53VV9QAq/Zfvh
-----END CERTIFICATE-----
Generated at Tue Nov 26 02:53:46 2024 by rpki-client on console-fra.rpki-client.org