Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/0367d0-fa85-4546-b84c-0278c5dc1491/1/aXmGrshJipNWZ-zQcxb6zzhkn_E.roa
File: aXmGrshJipNWZ-zQcxb6zzhkn_E.roa (raw, json)
Hash identifier: LHvlKpW8+5H9WfEO9z1FRZZn9O9YK7DRQz61w6aA+nE=
Subject key identifier: 69:79:86:AE:C8:49:8A:93:56:67:EC:D0:73:16:FA:CF:38:64:9F:F1
Certificate issuer: /CN=0b8d1bb72791c878550d1b9d8fef564ac3919368
Certificate serial: 018CC9BB3E50A5EA28F1C6E2E5042021B2DF
Authority key identifier: 0B:8D:1B:B7:27:91:C8:78:55:0D:1B:9D:8F:EF:56:4A:C3:91:93:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C40btyeRyHhVDRudj-9WSsORk2g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/0367d0-fa85-4546-b84c-0278c5dc1491/1/aXmGrshJipNWZ-zQcxb6zzhkn_E.roa
Signing time: Tue 02 Jan 2024 10:32:20 +0000
ROA not before: Tue 02 Jan 2024 10:32:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205588
IP address blocks: 185.213.10.0/24 maxlen: 24
185.213.11.0/24 maxlen: 24
185.213.8.0/24 maxlen: 24
185.213.9.0/24 maxlen: 24
2a0d:d580::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/0367d0-fa85-4546-b84c-0278c5dc1491/1/C40btyeRyHhVDRudj-9WSsORk2g.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/0367d0-fa85-4546-b84c-0278c5dc1491/1/C40btyeRyHhVDRudj-9WSsORk2g.mft
rsync://rpki.ripe.net/repository/DEFAULT/C40btyeRyHhVDRudj-9WSsORk2g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 May 2024 23:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:3e:50:a5:ea:28:f1:c6:e2:e5:04:20:21:b2:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b8d1bb72791c878550d1b9d8fef564ac3919368
Validity
Not Before: Jan 2 10:32:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=697986aec8498a935667ecd07316facf38649ff1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d9:78:5d:d0:98:d5:4b:d7:b6:9b:a7:c8:11:
17:b3:8c:28:5a:a1:33:4b:29:90:3f:7e:cb:c4:a2:
57:1f:a5:bc:54:b3:55:c2:21:aa:41:b8:42:dd:8f:
a7:cf:39:a6:cd:84:90:a1:1b:e2:7b:eb:3a:46:48:
26:8d:e5:bb:ce:51:fc:82:13:16:45:9b:49:ac:33:
ef:3b:a7:ac:d6:0c:89:17:26:d6:08:67:b3:6c:0c:
53:8d:7e:2a:e0:39:45:5c:d5:fe:da:a2:09:43:a7:
25:bf:f8:24:3d:ae:51:ea:20:d8:f0:40:93:75:cd:
ca:38:9b:01:f3:fb:1c:80:7d:f3:ac:1c:f9:ee:a3:
1a:8b:62:48:d1:da:ce:86:75:36:a2:be:69:7a:aa:
f9:2f:9d:55:71:43:be:37:3c:57:02:91:fe:27:71:
cd:d6:32:1b:e4:ef:66:41:5f:3b:27:91:c9:98:97:
c5:d7:44:7b:8f:df:b0:d9:a8:81:d8:7e:9e:9c:2b:
cb:55:f4:52:3b:c6:ea:a6:f9:0d:70:81:0b:30:e7:
80:e1:b9:a1:c6:3c:e5:21:62:c8:48:4d:4e:5e:f9:
41:c8:74:d1:ae:2c:ca:d1:45:7d:6d:6a:20:d3:5a:
5a:aa:8f:4a:9e:67:05:05:57:f0:7e:14:e0:2a:aa:
c6:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:79:86:AE:C8:49:8A:93:56:67:EC:D0:73:16:FA:CF:38:64:9F:F1
X509v3 Authority Key Identifier:
keyid:0B:8D:1B:B7:27:91:C8:78:55:0D:1B:9D:8F:EF:56:4A:C3:91:93:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C40btyeRyHhVDRudj-9WSsORk2g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/0367d0-fa85-4546-b84c-0278c5dc1491/1/aXmGrshJipNWZ-zQcxb6zzhkn_E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/0367d0-fa85-4546-b84c-0278c5dc1491/1/C40btyeRyHhVDRudj-9WSsORk2g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.213.8.0/22
IPv6:
2a0d:d580::/32
Signature Algorithm: sha256WithRSAEncryption
33:c2:f3:75:03:95:44:d9:77:94:00:9d:8f:16:e1:b2:c6:98:
8a:83:5d:db:59:69:8e:ad:7d:f0:a5:6b:db:ba:a0:f0:8f:70:
ec:1d:68:73:68:6b:c2:e4:fa:ab:1d:f4:1c:ad:55:98:ca:9f:
3b:16:b7:83:6a:75:aa:a3:cc:0f:d0:dc:48:c0:30:c3:a9:e7:
6b:ba:cb:7b:b3:a0:f4:92:a1:e0:3b:f2:55:61:93:bb:63:43:
fe:5c:05:1d:29:98:41:75:64:de:cc:46:3f:65:48:b3:31:aa:
11:12:4a:33:bc:d5:8c:46:ee:9a:e5:5d:90:2a:b4:c7:a2:20:
c7:c5:aa:44:66:11:5b:b1:07:dd:7e:f6:ed:b0:06:4b:b4:76:
ca:60:18:11:dd:00:b3:fa:fa:5c:79:20:77:13:6e:91:cb:c0:
a1:0f:53:7f:34:d3:b8:dd:64:ac:90:24:f3:c1:9c:be:a0:3e:
fb:e2:5d:98:e8:c5:80:51:f0:69:00:31:44:5f:c7:69:df:3d:
00:6b:4e:10:95:86:94:25:09:cf:4b:df:9b:cf:84:c1:d0:3c:
52:68:48:1c:c5:f4:85:45:c4:6d:03:d0:c6:15:f2:6f:e6:95:
c1:8c:af:61:4e:34:ae:a3:f6:19:a5:ea:fe:8a:f5:9f:5f:39:
e6:cb:7e:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJuz5Qpeoo8cbi5QQgIbLfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiOGQxYmI3Mjc5MWM4Nzg1NTBkMWI5ZDhmZWY1NjRhYzM5
MTkzNjgwHhcNMjQwMTAyMTAzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTc5ODZhZWM4NDk4YTkzNTY2N2VjZDA3MzE2ZmFjZjM4NjQ5ZmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9l4XdCY1UvXtpunyBEXs4woWqEz
SymQP37LxKJXH6W8VLNVwiGqQbhC3Y+nzzmmzYSQoRvie+s6RkgmjeW7zlH8ghMW
RZtJrDPvO6es1gyJFybWCGezbAxTjX4q4DlFXNX+2qIJQ6clv/gkPa5R6iDY8ECT
dc3KOJsB8/scgH3zrBz57qMai2JI0drOhnU2or5peqr5L51VcUO+NzxXApH+J3HN
1jIb5O9mQV87J5HJmJfF10R7j9+w2aiB2H6enCvLVfRSO8bqpvkNcIELMOeA4bmh
xjzlIWLISE1OXvlByHTRrizK0UV9bWog01paqo9KnmcFBVfwfhTgKqrGDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGl5hq7ISYqTVmfs0HMW+s84ZJ/xMB8GA1UdIwQY
MBaAFAuNG7cnkch4VQ0bnY/vVkrDkZNoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzQwYnR5ZVJ5SGhWRFJ1ZGotOVdTc09SazJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8wMzY3ZDAtZmE4NS00NTQ2LWI4NGMt
MDI3OGM1ZGMxNDkxLzEvYVhtR3JzaEppcE5XWi16UWN4YjZ6emhrbl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8wMzY3ZDAtZmE4NS00NTQ2LWI4NGMtMDI3OGM1ZGMxNDkx
LzEvQzQwYnR5ZVJ5SGhWRFJ1ZGotOVdTc09SazJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudUIMA0E
AgACMAcDBQAqDdWAMA0GCSqGSIb3DQEBCwUAA4IBAQAzwvN1A5VE2XeUAJ2PFuGy
xpiKg13bWWmOrX3wpWvbuqDwj3DsHWhzaGvC5PqrHfQcrVWYyp87FreDanWqo8wP
0NxIwDDDqedrust7s6D0kqHgO/JVYZO7Y0P+XAUdKZhBdWTezEY/ZUizMaoREkoz
vNWMRu6a5V2QKrTHoiDHxapEZhFbsQfdfvbtsAZLtHbKYBgR3QCz+vpceSB3E26R
y8ChD1N/NNO43WSskCTzwZy+oD774l2Y6MWAUfBpADFEX8dp3z0Aa04QlYaUJQnP
S9+bz4TB0DxSaEgcxfSFRcRtA9DGFfJv5pXBjK9hTjSuo/YZper+ivWfXznmy34+
-----END CERTIFICATE-----
Generated at Fri May 17 08:24:53 2024 by rpki-client on console-fra.rpki-client.org