Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/XHMhPOvsML-LFbVSH-bDUsPFCWM.roa
File: XHMhPOvsML-LFbVSH-bDUsPFCWM.roa (raw, json)
Hash identifier: 3QEGg7asrWc8hqFvelT28ICq34X6EPdzXzo7fQtCn3M=
Subject key identifier: 5C:73:21:3C:EB:EC:30:BF:8B:15:B5:52:1F:E6:C3:52:C3:C5:09:63
Certificate issuer: /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial: 018CC870001DF8A3C7184B1901F9278D4484
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/XHMhPOvsML-LFbVSH-bDUsPFCWM.roa
Signing time: Tue 02 Jan 2024 04:30:32 +0000
ROA not before: Tue 02 Jan 2024 04:30:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205960
IP address blocks: 91.204.224.0/24 maxlen: 24
2.59.153.0/24 maxlen: 24
91.204.226.0/24 maxlen: 24
91.204.225.0/24 maxlen: 24
91.204.227.0/24 maxlen: 24
185.202.101.0/24 maxlen: 24
193.239.151.0/24 maxlen: 24
45.91.225.0/24 maxlen: 24
194.126.215.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 23:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:70:00:1d:f8:a3:c7:18:4b:19:01:f9:27:8d:44:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
Validity
Not Before: Jan 2 04:30:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c73213cebec30bf8b15b5521fe6c352c3c50963
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:ec:42:36:f3:13:3f:27:3b:36:f5:8b:92:01:
21:22:fe:40:67:b2:87:e4:df:85:85:80:3e:6a:4f:
33:33:21:f0:78:12:d0:1f:68:2b:39:25:2e:80:1c:
46:2c:56:39:21:9e:8b:e8:c1:d1:2b:bb:12:a7:4e:
47:87:68:c4:ae:a3:47:cc:fb:71:fd:88:51:b7:9a:
f2:26:b9:5f:e1:55:10:8f:aa:58:52:3c:08:2d:b4:
98:a2:d9:11:e3:6e:ed:ac:70:5f:b0:1f:f2:74:49:
02:26:85:82:90:0c:dc:c7:39:a5:f7:2b:12:5d:eb:
22:95:b6:2f:60:ee:a2:1d:3e:2d:e5:4a:f2:70:d5:
82:df:5b:21:31:5b:ec:c6:54:f0:34:b7:0b:0c:93:
00:45:84:8e:60:22:f6:17:af:1e:f0:55:2b:1c:eb:
d3:76:01:73:72:0c:b8:a1:64:03:f9:ec:b9:71:42:
e4:95:45:06:f8:47:e0:cb:32:a7:e4:4a:41:85:f0:
86:b5:b1:68:09:4c:f0:d2:af:6f:15:ea:4f:35:8d:
0f:40:35:1d:21:a7:32:6d:63:06:c7:05:45:21:d4:
68:78:18:e9:a9:48:04:6e:b8:ee:11:23:95:f4:5f:
28:48:b2:6f:3e:c7:9e:51:5f:f1:66:64:ef:38:88:
75:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:73:21:3C:EB:EC:30:BF:8B:15:B5:52:1F:E6:C3:52:C3:C5:09:63
X509v3 Authority Key Identifier:
keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/XHMhPOvsML-LFbVSH-bDUsPFCWM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.153.0/24
45.91.225.0/24
91.204.224.0/22
185.202.101.0/24
193.239.151.0/24
194.126.215.0/24
Signature Algorithm: sha256WithRSAEncryption
66:90:24:12:01:2b:35:58:98:eb:95:1a:0b:87:74:cd:c1:a9:
1a:7f:4c:16:b7:31:93:85:96:c5:7e:4d:db:c8:f2:fc:a3:75:
b5:5c:96:7f:f2:42:51:20:4f:65:6b:73:17:60:35:85:22:60:
55:4e:70:10:5e:2f:f8:20:0b:ad:3a:43:68:9e:21:92:6e:42:
fc:43:a8:6b:8d:0f:18:0d:3d:a4:93:b4:b7:56:79:62:e5:78:
68:71:20:ec:d1:77:ae:5a:a4:cf:77:8c:4f:8d:64:dd:40:c4:
1f:d4:04:3e:c3:51:5c:cc:08:5e:7a:a2:d4:9b:89:e0:ed:47:
10:f7:08:7e:8e:bc:88:3a:f9:64:f5:99:b6:af:5d:12:81:9b:
32:a6:86:3b:f3:d9:c2:4a:fe:43:a2:09:de:63:b4:a0:ce:7e:
28:0e:1f:a6:33:74:0c:51:79:6e:26:b7:3b:ee:2f:c9:48:0b:
cb:99:57:57:28:5a:2c:af:fa:73:13:00:8d:f3:14:c0:61:01:
f7:a2:67:66:fd:9f:01:7d:ac:f5:39:52:a4:3f:17:62:ce:4d:
f5:2c:7e:0d:c8:cd:14:6a:37:7c:eb:04:f7:03:e6:6c:8b:ad:
99:63:39:1c:70:7e:fc:8e:d5:b9:54:95:bd:7c:7b:b3:13:d6:
3b:66:21:ed
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzIcAAd+KPHGEsZAfknjUSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwMTAyMDQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzczMjEzY2ViZWMzMGJmOGIxNWI1NTIxZmU2YzM1MmMzYzUwOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoexCNvMTPyc7NvWLkgEhIv5AZ7KH
5N+FhYA+ak8zMyHweBLQH2grOSUugBxGLFY5IZ6L6MHRK7sSp05Hh2jErqNHzPtx
/YhRt5ryJrlf4VUQj6pYUjwILbSYotkR427trHBfsB/ydEkCJoWCkAzcxzml9ysS
XesilbYvYO6iHT4t5UrycNWC31shMVvsxlTwNLcLDJMARYSOYCL2F68e8FUrHOvT
dgFzcgy4oWQD+ey5cULklUUG+EfgyzKn5EpBhfCGtbFoCUzw0q9vFepPNY0PQDUd
IacybWMGxwVFIdRoeBjpqUgEbrjuESOV9F8oSLJvPseeUV/xZmTvOIh1LwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFxzITzr7DC/ixW1Uh/mw1LDxQljMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvWEhNaFBPdnNNTC1MRmJWU0gtYkRVc1BGQ1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAAjuZAwQA
LVvhAwQCW8zgAwQAucplAwQAwe+XAwQAwn7XMA0GCSqGSIb3DQEBCwUAA4IBAQBm
kCQSASs1WJjrlRoLh3TNwakaf0wWtzGThZbFfk3byPL8o3W1XJZ/8kJRIE9la3MX
YDWFImBVTnAQXi/4IAutOkNoniGSbkL8Q6hrjQ8YDT2kk7S3Vnli5XhocSDs0Xeu
WqTPd4xPjWTdQMQf1AQ+w1FczAheeqLUm4ng7UcQ9wh+jryIOvlk9Zm2r10SgZsy
poY789nCSv5DogneY7Sgzn4oDh+mM3QMUXluJrc77i/JSAvLmVdXKFosr/pzEwCN
8xTAYQH3omdm/Z8Bfaz1OVKkPxdizk31LH4NyM0Uajd86wT3A+Zsi62ZYzkccH78
jtW5VJW9fHuzE9Y7ZiHt
-----END CERTIFICATE-----
Generated at Sat Jun 8 03:03:49 2024 by rpki-client on console-ams.rpki-client.org