Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/lbNFKzdCcY9eqSK3kodRRWmK_V4.roa
File: lbNFKzdCcY9eqSK3kodRRWmK_V4.roa (raw, json)
Hash identifier: 50ijH3kPbjHMed84oyT6t+giijicNo7EBDRbCuMFJyw=
Subject key identifier: 95:B3:45:2B:37:42:71:8F:5E:A9:22:B7:92:87:51:45:69:8A:FD:5E
Certificate issuer: /CN=0f091bdc666b8a59433c68d90e0d8cc37acdce92
Certificate serial: 018CC5DCD480AD723B54560D67DE68E50491
Authority key identifier: 0F:09:1B:DC:66:6B:8A:59:43:3C:68:D9:0E:0D:8C:C3:7A:CD:CE:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Dwkb3GZrillDPGjZDg2Mw3rNzpI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/lbNFKzdCcY9eqSK3kodRRWmK_V4.roa
Signing time: Mon 01 Jan 2024 16:30:32 +0000
ROA not before: Mon 01 Jan 2024 16:30:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198399
IP address blocks: 185.95.224.0/22 maxlen: 24
37.34.72.0/21 maxlen: 24
195.93.168.0/23 maxlen: 24
2a00:c5e0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/Dwkb3GZrillDPGjZDg2Mw3rNzpI.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/Dwkb3GZrillDPGjZDg2Mw3rNzpI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Dwkb3GZrillDPGjZDg2Mw3rNzpI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 May 2024 02:00:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:d4:80:ad:72:3b:54:56:0d:67:de:68:e5:04:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0f091bdc666b8a59433c68d90e0d8cc37acdce92
Validity
Not Before: Jan 1 16:30:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=95b3452b3742718f5ea922b792875145698afd5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:e5:ec:51:b1:c2:7d:c8:2d:fe:b7:ef:4e:5b:
74:42:df:46:a7:8f:26:43:84:45:37:5d:c5:f9:96:
d5:13:a6:5e:7c:d4:e8:4c:a0:2a:91:85:ab:31:8a:
b6:cd:35:f3:ec:99:3e:e1:b5:0a:bf:35:b0:93:59:
c5:3f:28:18:c8:34:2a:43:db:88:84:af:8f:68:2b:
3f:60:75:50:11:c2:f9:ca:a4:f3:22:b8:84:37:0b:
d1:9a:ed:e0:c4:71:94:c7:5b:3a:dd:08:ee:9a:51:
8f:10:12:45:39:f4:8d:fc:6b:82:a5:4b:d3:ba:e6:
4f:35:f2:b5:97:b4:fa:60:3f:49:1c:4f:21:2e:19:
af:e3:58:bf:11:40:92:93:be:23:fc:49:44:15:e0:
6e:8f:ce:90:86:b0:b3:1e:c0:d0:40:0d:1e:ea:e8:
dc:96:c6:19:33:1e:b7:56:3e:fd:7f:2c:b5:6c:8d:
bd:6b:c4:09:65:fd:f8:bf:4d:01:ad:f2:ac:a9:23:
c1:24:c2:55:19:c2:03:fe:32:61:f3:dd:4f:33:ed:
89:f0:ab:46:4d:67:09:c8:8b:a9:cb:e2:7e:b3:ee:
8a:cc:f9:18:17:53:5f:93:10:a1:d4:19:5d:d4:73:
58:28:52:3b:ff:5e:18:8f:51:74:2f:2a:97:8e:de:
dd:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:B3:45:2B:37:42:71:8F:5E:A9:22:B7:92:87:51:45:69:8A:FD:5E
X509v3 Authority Key Identifier:
keyid:0F:09:1B:DC:66:6B:8A:59:43:3C:68:D9:0E:0D:8C:C3:7A:CD:CE:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dwkb3GZrillDPGjZDg2Mw3rNzpI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/lbNFKzdCcY9eqSK3kodRRWmK_V4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/Dwkb3GZrillDPGjZDg2Mw3rNzpI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.34.72.0/21
185.95.224.0/22
195.93.168.0/23
IPv6:
2a00:c5e0::/32
Signature Algorithm: sha256WithRSAEncryption
18:28:b9:80:0e:f5:90:6d:3c:15:cc:fc:07:0b:44:a3:46:46:
10:3e:4d:a5:ca:ff:e9:7b:60:69:cc:19:c1:4f:c3:e0:02:59:
68:96:57:2b:02:a2:7e:eb:35:71:a6:87:b2:50:2d:1a:e3:c3:
19:41:48:20:ed:dd:3b:6d:83:2d:43:c1:72:56:29:35:73:ce:
f1:2f:51:1e:a9:24:39:ec:d0:57:73:19:80:82:a2:9f:52:1e:
92:f4:ab:c5:aa:0e:2c:b1:cd:11:3c:b2:6f:0a:93:61:82:29:
59:66:a8:6a:e2:26:1a:7f:9a:3a:2d:08:ec:7b:b5:94:67:48:
d4:85:71:3b:76:97:a6:0b:75:ae:40:03:ca:3e:be:b4:5b:10:
0e:e3:74:40:8e:41:6b:c0:6c:c2:1c:67:d5:70:a1:7c:d8:c3:
be:a3:89:16:47:dc:1f:4b:5d:0a:7c:9b:3b:35:35:36:d3:07:
7a:ba:65:07:76:07:6b:23:fd:5a:ab:4d:a9:8d:9d:10:da:8c:
2c:02:07:36:6e:8c:74:08:84:fb:a3:97:34:25:9a:50:73:fc:
cb:42:56:a2:43:d3:88:c9:a2:cc:7d:4a:e7:91:02:d3:7a:02:
7e:d7:f6:b3:3a:49:23:e1:99:dc:65:91:47:17:23:98:a5:53:
56:42:0b:21
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzF3NSArXI7VFYNZ95o5QSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMDkxYmRjNjY2YjhhNTk0MzNjNjhkOTBlMGQ4Y2MzN2Fj
ZGNlOTIwHhcNMjQwMTAxMTYzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWIzNDUyYjM3NDI3MThmNWVhOTIyYjc5Mjg3NTE0NTY5OGFmZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOXsUbHCfcgt/rfvTlt0Qt9Gp48m
Q4RFN13F+ZbVE6ZefNToTKAqkYWrMYq2zTXz7Jk+4bUKvzWwk1nFPygYyDQqQ9uI
hK+PaCs/YHVQEcL5yqTzIriENwvRmu3gxHGUx1s63QjumlGPEBJFOfSN/GuCpUvT
uuZPNfK1l7T6YD9JHE8hLhmv41i/EUCSk74j/ElEFeBuj86QhrCzHsDQQA0e6ujc
lsYZMx63Vj79fyy1bI29a8QJZf34v00BrfKsqSPBJMJVGcID/jJh891PM+2J8KtG
TWcJyIupy+J+s+6KzPkYF1NfkxCh1Bld1HNYKFI7/14Yj1F0LyqXjt7dpwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJWzRSs3QnGPXqkit5KHUUVpiv1eMB8GA1UdIwQY
MBaAFA8JG9xma4pZQzxo2Q4NjMN6zc6SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHdrYjNHWnJpbGxEUEdqWkRnMk13M3JOenBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9iNjQwODMtNTUwZS00Y2FmLWJjMjkt
YTM0YThiODA2ODMyLzEvbGJORkt6ZENjWTllcVNLM2tvZFJSV21LX1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9iNjQwODMtNTUwZS00Y2FmLWJjMjktYTM0YThiODA2ODMy
LzEvRHdrYjNHWnJpbGxEUEdqWkRnMk13M3JOenBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJSJIAwQC
uV/gAwQBw12oMA0EAgACMAcDBQAqAMXgMA0GCSqGSIb3DQEBCwUAA4IBAQAYKLmA
DvWQbTwVzPwHC0SjRkYQPk2lyv/pe2BpzBnBT8PgAllollcrAqJ+6zVxpoeyUC0a
48MZQUgg7d07bYMtQ8FyVik1c87xL1EeqSQ57NBXcxmAgqKfUh6S9KvFqg4ssc0R
PLJvCpNhgilZZqhq4iYaf5o6LQjse7WUZ0jUhXE7dpemC3WuQAPKPr60WxAO43RA
jkFrwGzCHGfVcKF82MO+o4kWR9wfS10KfJs7NTU20wd6umUHdgdrI/1aq02pjZ0Q
2owsAgc2box0CIT7o5c0JZpQc/zLQlaiQ9OIyaLMfUrnkQLTegJ+1/azOkkj4Znc
ZZFHFyOYpVNWQgsh
-----END CERTIFICATE-----
Generated at Sun May 19 06:22:56 2024 by rpki-client on console-ams.rpki-client.org