Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/Z8HK86u_Tc2z7y-zidkbMMq2jco.roa
File: Z8HK86u_Tc2z7y-zidkbMMq2jco.roa (raw, json)
Hash identifier: 9ipzU/iNA87vl6CCfbIc4JupJ5JjdKNFibG14Sk7A3Y=
Subject key identifier: 67:C1:CA:F3:AB:BF:4D:CD:B3:EF:2F:B3:89:D9:1B:30:CA:B6:8D:CA
Certificate issuer: /CN=cd060238d0668d45a041618ac5df767f59a0c4ae
Certificate serial: 019420D616EC8EC00BB770B9BAE6D4742F79
Authority key identifier: CD:06:02:38:D0:66:8D:45:A0:41:61:8A:C5:DF:76:7F:59:A0:C4:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zQYCONBmjUWgQWGKxd92f1mgxK4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/Z8HK86u_Tc2z7y-zidkbMMq2jco.roa
Signing time: Wed 01 Jan 2025 07:48:08 +0000
ROA not before: Wed 01 Jan 2025 07:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201618
IP address blocks: 185.68.220.0/23 maxlen: 23
185.68.220.0/24 maxlen: 24
185.68.221.0/24 maxlen: 24
185.68.222.0/23 maxlen: 23
185.68.222.0/24 maxlen: 24
185.68.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/zQYCONBmjUWgQWGKxd92f1mgxK4.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/zQYCONBmjUWgQWGKxd92f1mgxK4.mft
rsync://rpki.ripe.net/repository/DEFAULT/zQYCONBmjUWgQWGKxd92f1mgxK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:16:ec:8e:c0:0b:b7:70:b9:ba:e6:d4:74:2f:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd060238d0668d45a041618ac5df767f59a0c4ae
Validity
Not Before: Jan 1 07:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=67c1caf3abbf4dcdb3ef2fb389d91b30cab68dca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:2b:c9:c7:f2:b8:53:cc:98:e8:5b:13:d1:2e:
8e:8b:88:55:3c:78:63:4a:12:20:15:7e:34:83:67:
c1:1f:85:9a:cd:c7:f1:2c:d9:6b:c6:7c:c7:cf:b3:
48:7a:6a:ce:22:31:5e:c8:9a:db:49:74:9c:72:94:
55:a7:a6:c4:c2:03:2a:2a:51:30:3e:21:65:2d:6d:
76:91:40:c8:ea:bc:84:72:41:2a:eb:25:72:0d:7d:
fd:4e:29:b6:b5:5b:d9:64:83:ed:93:55:7a:cf:59:
32:b1:7a:5b:2d:97:db:47:6b:43:c4:b6:4d:31:e2:
a5:18:a6:46:e3:53:f3:d9:f4:20:51:87:9b:93:a7:
76:72:63:ee:d4:fd:6e:35:78:57:70:01:cc:3f:d6:
81:bc:75:9c:7e:f5:c4:be:f2:f8:99:d8:97:a8:6f:
00:b5:7f:60:09:23:ff:55:49:c9:31:ce:e3:90:8b:
c6:3d:67:7d:32:90:0a:67:86:e8:3c:8b:fd:14:a3:
2a:8c:61:c0:cc:0b:20:8b:7f:e5:2c:97:68:51:5b:
5b:c3:50:d8:d2:6d:12:ca:2b:14:b6:dc:75:c5:92:
5a:b9:ef:dd:11:14:32:0c:be:ca:5c:ab:09:8c:33:
54:7b:b8:d7:13:99:9b:a2:1e:fe:7e:2b:ab:5e:27:
9a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:C1:CA:F3:AB:BF:4D:CD:B3:EF:2F:B3:89:D9:1B:30:CA:B6:8D:CA
X509v3 Authority Key Identifier:
keyid:CD:06:02:38:D0:66:8D:45:A0:41:61:8A:C5:DF:76:7F:59:A0:C4:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zQYCONBmjUWgQWGKxd92f1mgxK4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/Z8HK86u_Tc2z7y-zidkbMMq2jco.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/zQYCONBmjUWgQWGKxd92f1mgxK4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.68.220.0/22
Signature Algorithm: sha256WithRSAEncryption
5f:5e:a7:05:d9:70:a5:2a:21:2d:c3:81:d5:b8:c5:36:5b:f9:
4d:5d:77:cc:c8:ce:1b:b9:3e:9e:74:79:43:7e:a3:e2:cc:81:
8e:39:0d:54:4b:6c:c6:91:ca:ca:3f:b3:18:e0:65:6f:2a:3a:
5f:ba:31:6d:54:7f:3f:94:8d:88:3f:03:41:02:a9:ea:85:e9:
02:c5:d3:a0:be:25:81:45:da:9d:f0:54:b8:00:8f:3c:44:2a:
09:73:97:0a:34:a8:54:39:f5:2a:cf:db:58:14:05:1f:0e:f8:
b9:5c:1a:a0:42:e3:13:77:87:ea:f7:c4:f8:9e:d1:16:f0:a3:
55:66:df:e1:0e:f7:55:fd:97:ea:8f:27:52:34:16:9b:e5:4b:
6f:ab:bc:70:3f:4c:24:34:2b:98:c9:ff:37:42:80:3d:28:a2:
5a:87:14:61:9e:e8:05:b1:a7:68:63:3e:cb:0f:8b:25:9a:80:
38:57:8e:e0:f3:48:cf:b6:03:0d:b2:a8:92:af:bf:83:43:b8:
4c:54:70:7e:27:b7:16:74:ac:e6:41:dd:b3:5f:8c:cb:69:e0:
23:ec:80:98:20:a8:12:09:da:e6:23:00:a5:6d:72:b5:30:08:
70:33:b2:52:18:51:ce:59:e2:61:35:94:f1:cf:32:4b:a9:d1:
65:5b:bc:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1hbsjsALt3C5uubUdC95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMDYwMjM4ZDA2NjhkNDVhMDQxNjE4YWM1ZGY3NjdmNTlh
MGM0YWUwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MxY2FmM2FiYmY0ZGNkYjNlZjJmYjM4OWQ5MWIzMGNhYjY4ZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSvJx/K4U8yY6FsT0S6Oi4hVPHhj
ShIgFX40g2fBH4WazcfxLNlrxnzHz7NIemrOIjFeyJrbSXSccpRVp6bEwgMqKlEw
PiFlLW12kUDI6ryEckEq6yVyDX39Tim2tVvZZIPtk1V6z1kysXpbLZfbR2tDxLZN
MeKlGKZG41Pz2fQgUYebk6d2cmPu1P1uNXhXcAHMP9aBvHWcfvXEvvL4mdiXqG8A
tX9gCSP/VUnJMc7jkIvGPWd9MpAKZ4boPIv9FKMqjGHAzAsgi3/lLJdoUVtbw1DY
0m0SyisUttx1xZJaue/dERQyDL7KXKsJjDNUe7jXE5mboh7+fiurXieayQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfByvOrv03Ns+8vs4nZGzDKto3KMB8GA1UdIwQY
MBaAFM0GAjjQZo1FoEFhisXfdn9ZoMSuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelFZQ09OQm1qVVdnUVdHS3hkOTJmMW1neEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NjIwMDYtZjE1OC00ZTVhLWI5NTYt
N2ZiNmVhODk2MzdmLzEvWjhISzg2dV9UYzJ6N3ktemlka2JNTXEyamNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NjIwMDYtZjE1OC00ZTVhLWI5NTYtN2ZiNmVhODk2Mzdm
LzEvelFZQ09OQm1qVVdnUVdHS3hkOTJmMW1neEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUTcMA0G
CSqGSIb3DQEBCwUAA4IBAQBfXqcF2XClKiEtw4HVuMU2W/lNXXfMyM4buT6edHlD
fqPizIGOOQ1US2zGkcrKP7MY4GVvKjpfujFtVH8/lI2IPwNBAqnqhekCxdOgviWB
Rdqd8FS4AI88RCoJc5cKNKhUOfUqz9tYFAUfDvi5XBqgQuMTd4fq98T4ntEW8KNV
Zt/hDvdV/ZfqjydSNBab5Utvq7xwP0wkNCuYyf83QoA9KKJahxRhnugFsadoYz7L
D4slmoA4V47g80jPtgMNsqiSr7+DQ7hMVHB+J7cWdKzmQd2zX4zLaeAj7ICYIKgS
CdrmIwClbXK1MAhwM7JSGFHOWeJhNZTxzzJLqdFlW7yU
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:47:04 2025 by rpki-client