Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa
File: 1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa (raw, json)
Hash identifier: +ubeeYwRsnNgGeOTpVxbhi6xUirKjUN51QlJ/8/KzyA=
Subject key identifier: F9:7C:F3:04:4D:6E:7B:D3:C1:02:23:B4:CB:70:E7:70:4F:85:A9:04
Certificate issuer: /CN=7094a425595e923c4b53b9c000aa8f19ad923f20
Certificate serial: 018CC425234E864B3E6A84FF4FC698FD17B1
Authority key identifier: 70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa
Signing time: Mon 01 Jan 2024 08:30:17 +0000
ROA not before: Mon 01 Jan 2024 08:30:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3339
IP address blocks: 185.209.120.0/22 maxlen: 22
185.255.104.0/22 maxlen: 22
192.145.40.0/22 maxlen: 22
185.177.168.0/22 maxlen: 22
185.233.76.0/22 maxlen: 22
185.72.12.0/24 maxlen: 24
185.72.12.0/22 maxlen: 22
185.95.56.0/22 maxlen: 22
185.73.188.0/22 maxlen: 22
91.200.244.0/22 maxlen: 22
176.97.224.0/22 maxlen: 22
2a0a:4280::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.mft
rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 23:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:23:4e:86:4b:3e:6a:84:ff:4f:c6:98:fd:17:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7094a425595e923c4b53b9c000aa8f19ad923f20
Validity
Not Before: Jan 1 08:30:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f97cf3044d6e7bd3c10223b4cb70e7704f85a904
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ac:db:ab:85:c0:2f:9d:63:3b:01:f6:59:50:
b9:d1:f4:e8:11:ee:d8:63:9c:8b:79:ab:bc:ed:43:
29:d1:ad:f2:66:64:0a:13:33:e4:3f:97:ae:b6:c5:
82:12:6d:df:8c:a4:d0:9b:ce:72:b9:4d:77:bf:d3:
0e:af:6e:63:cf:e7:9b:5f:57:12:dd:9e:32:80:cf:
46:e9:7d:c6:87:1c:30:27:ea:39:b4:d0:96:b1:35:
dc:af:bb:f4:15:f0:d7:c7:48:fa:d5:ed:ba:2e:90:
14:64:22:c9:33:85:cd:86:d4:c1:82:9f:8c:75:b7:
0d:b1:a2:e6:e1:72:36:24:91:3e:29:e1:32:fd:02:
e2:75:29:08:3f:8d:c7:1f:57:b1:99:ec:3c:0d:f5:
8d:a4:7b:54:8f:28:6e:f1:fd:10:19:d7:44:90:81:
fc:e5:d8:66:85:5e:cc:55:d9:00:b2:9d:99:9a:4f:
c4:81:db:3a:52:ee:a1:c3:08:d6:b4:0f:e1:26:16:
da:d0:3e:4a:6b:38:9a:56:bd:3e:a6:ab:0c:17:9b:
fb:43:4f:e9:4d:fc:d7:33:a0:c1:20:78:7e:a1:4d:
3a:20:cf:91:14:01:e7:15:6a:79:78:85:e8:46:ea:
13:dd:a4:75:ed:c1:52:f5:dc:08:de:3f:e3:3a:26:
ac:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:7C:F3:04:4D:6E:7B:D3:C1:02:23:B4:CB:70:E7:70:4F:85:A9:04
X509v3 Authority Key Identifier:
keyid:70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.244.0/22
176.97.224.0/22
185.72.12.0/22
185.73.188.0/22
185.95.56.0/22
185.177.168.0/22
185.209.120.0/22
185.233.76.0/22
185.255.104.0/22
192.145.40.0/22
IPv6:
2a0a:4280::/29
Signature Algorithm: sha256WithRSAEncryption
5f:92:a8:96:ae:97:0e:55:24:fe:f2:56:f5:6c:d1:0f:d0:4f:
70:ea:ed:97:8f:af:3a:63:83:a6:2b:fd:a7:ea:a2:b9:96:06:
33:2f:95:0f:6c:48:4f:ad:a2:1d:44:77:6d:22:2a:b6:55:44:
80:5d:2c:91:69:f3:14:67:0b:75:b5:83:01:0d:79:4e:d6:4d:
c0:81:74:7e:7e:0b:78:1e:fe:c7:54:91:d8:9a:92:f0:df:45:
0c:26:2f:3e:1a:ab:83:a3:35:6f:fb:5c:88:ec:6d:17:8f:45:
71:e3:df:f3:24:1b:68:b9:35:6e:b5:02:58:05:96:e2:6d:1e:
67:03:17:17:ff:69:8e:39:a5:61:65:4e:8b:06:79:a5:a8:2b:
18:20:3f:22:e2:aa:5c:74:55:0e:c8:45:34:10:1f:84:eb:30:
37:a9:64:54:78:8f:ce:06:01:28:a9:4a:44:25:8e:ea:8a:df:
fc:bb:5d:d3:69:c0:5d:ee:9e:26:41:e2:8f:ea:e7:fa:90:a4:
c6:86:a3:8b:ce:f4:3c:37:32:71:6b:7b:0e:ed:ae:85:1b:d3:
4a:a7:96:64:1b:73:58:38:07:80:cc:fe:3f:23:1a:60:93:39:
1d:ab:96:01:b2:4d:ae:11:15:de:0b:b1:bd:c4:75:7a:bd:c5:
84:75:df:f3
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYzEJSNOhks+aoT/T8aY/RexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOTRhNDI1NTk1ZTkyM2M0YjUzYjljMDAwYWE4ZjE5YWQ5
MjNmMjAwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTdjZjMwNDRkNmU3YmQzYzEwMjIzYjRjYjcwZTc3MDRmODVhOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvazbq4XAL51jOwH2WVC50fToEe7Y
Y5yLeau87UMp0a3yZmQKEzPkP5eutsWCEm3fjKTQm85yuU13v9MOr25jz+ebX1cS
3Z4ygM9G6X3GhxwwJ+o5tNCWsTXcr7v0FfDXx0j61e26LpAUZCLJM4XNhtTBgp+M
dbcNsaLm4XI2JJE+KeEy/QLidSkIP43HH1exmew8DfWNpHtUjyhu8f0QGddEkIH8
5dhmhV7MVdkAsp2Zmk/Egds6Uu6hwwjWtA/hJhba0D5KaziaVr0+pqsMF5v7Q0/p
TfzXM6DBIHh+oU06IM+RFAHnFWp5eIXoRuoT3aR17cFS9dwI3j/jOiasdQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPl88wRNbnvTwQIjtMtw53BPhakEMB8GA1UdIwQY
MBaAFHCUpCVZXpI8S1O5wACqjxmtkj8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0pTa0pWbGVranhMVTduQUFLcVBHYTJTUHlBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS85NjMxNzAtNThiZS00NmJiLWE1ZGUt
Nzc3MzczZTYwNTVlLzEvMS1YenpCRTF1ZTlQQkFpTzB5M0RuY0UtRnFRUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvOTYzMTcwLTU4YmUtNDZiYi1hNWRlLTc3NzM3M2U2MDU1
ZS8xL2NKU2tKVmxla2p4TFU3bkFBS3FQR2EyU1B5QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBkBggrBgEFBQcBBwEB/wRVMFMwQgQCAAEwPAMEAlvI9AME
ArBh4AMEArlIDAMEArlJvAMEArlfOAMEArmxqAMEArnReAMEArnpTAMEArn/aAME
AsCRKDANBAIAAjAHAwUDKgpCgDANBgkqhkiG9w0BAQsFAAOCAQEAX5Kolq6XDlUk
/vJW9WzRD9BPcOrtl4+vOmODpiv9p+qiuZYGMy+VD2xIT62iHUR3bSIqtlVEgF0s
kWnzFGcLdbWDAQ15TtZNwIF0fn4LeB7+x1SR2JqS8N9FDCYvPhqrg6M1b/tciOxt
F49FcePf8yQbaLk1brUCWAWW4m0eZwMXF/9pjjmlYWVOiwZ5pagrGCA/IuKqXHRV
DshFNBAfhOswN6lkVHiPzgYBKKlKRCWO6orf/Ltd02nAXe6eJkHij+rn+pCkxoaj
i870PDcycWt7Du2uhRvTSqeWZBtzWDgHgMz+PyMaYJM5HauWAbJNrhEV3guxvcR1
er3FhHXf8w==
-----END CERTIFICATE-----
Generated at Sat Jun 8 06:14:33 2024 by rpki-client on console-ams.rpki-client.org