Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/hjtzcgWQm3QlNPLhha83tiVXT3E.roa
File: hjtzcgWQm3QlNPLhha83tiVXT3E.roa (raw, json)
Hash identifier: FMyGhAeO/oIV1JHXYUBKGYrqrll/gQTNwCWrKhSKL8Q=
Subject key identifier: 86:3B:73:72:05:90:9B:74:25:34:F2:E1:85:AF:37:B6:25:57:4F:71
Certificate issuer: /CN=a40a081fba8fb33efb46259ef93f6878d70150eb
Certificate serial: 018CCA9A01454077421958189416DD889C96
Authority key identifier: A4:0A:08:1F:BA:8F:B3:3E:FB:46:25:9E:F9:3F:68:78:D7:01:50:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pAoIH7qPsz77RiWe-T9oeNcBUOs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/hjtzcgWQm3QlNPLhha83tiVXT3E.roa
Signing time: Tue 02 Jan 2024 14:35:39 +0000
ROA not before: Tue 02 Jan 2024 14:35:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25238
IP address blocks: 195.234.206.0/23 maxlen: 23
195.234.204.0/23 maxlen: 23
195.234.204.0/22 maxlen: 22
2001:67c:2620::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/pAoIH7qPsz77RiWe-T9oeNcBUOs.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/pAoIH7qPsz77RiWe-T9oeNcBUOs.mft
rsync://rpki.ripe.net/repository/DEFAULT/pAoIH7qPsz77RiWe-T9oeNcBUOs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:9a:01:45:40:77:42:19:58:18:94:16:dd:88:9c:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a40a081fba8fb33efb46259ef93f6878d70150eb
Validity
Not Before: Jan 2 14:35:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=863b737205909b742534f2e185af37b625574f71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:20:15:b3:1b:0d:84:b5:fd:3a:da:c9:ca:0d:
75:10:94:46:39:e0:c0:79:64:76:bf:0e:d2:03:c2:
7e:ba:68:ef:fe:1f:af:6a:51:40:d4:a5:81:28:5b:
88:64:5a:cc:64:19:b0:fc:87:9a:9b:e0:eb:d6:20:
3c:90:28:fc:36:ac:69:92:ab:7c:63:66:3d:1f:66:
25:40:89:4c:d1:00:ad:22:64:b8:5c:2b:74:7f:af:
04:4c:cb:f1:fd:6f:3f:fc:73:ad:bf:62:96:85:0a:
67:c0:a3:c8:7f:1f:02:9a:bb:91:0d:5a:c6:03:c9:
43:a8:49:27:fd:53:ec:2c:fa:f8:1d:e1:a9:90:ea:
dd:2a:38:b1:92:d8:62:d5:a5:a4:52:81:0a:76:4d:
ff:1b:78:b0:d9:8f:3f:dd:6a:7f:5b:37:c5:ee:3b:
94:9e:f6:db:69:de:c0:10:8b:4e:be:59:20:82:aa:
00:b8:2f:07:a1:5e:74:44:ec:76:61:a2:8f:67:8d:
8c:94:95:4a:d2:33:5d:25:a7:78:ee:01:02:a4:2f:
59:1c:fa:c5:18:8a:c5:8a:d4:78:75:54:44:a4:b3:
c4:2b:24:ff:9c:d1:70:5e:fd:ba:7b:d8:74:47:ab:
28:45:8e:66:d8:94:fe:96:fb:ee:4f:cf:fe:b5:72:
35:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:3B:73:72:05:90:9B:74:25:34:F2:E1:85:AF:37:B6:25:57:4F:71
X509v3 Authority Key Identifier:
keyid:A4:0A:08:1F:BA:8F:B3:3E:FB:46:25:9E:F9:3F:68:78:D7:01:50:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pAoIH7qPsz77RiWe-T9oeNcBUOs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/hjtzcgWQm3QlNPLhha83tiVXT3E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/pAoIH7qPsz77RiWe-T9oeNcBUOs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.234.204.0/22
IPv6:
2001:67c:2620::/48
Signature Algorithm: sha256WithRSAEncryption
89:9b:29:c1:34:ea:9b:f6:bb:8a:44:7a:14:c7:35:fc:4b:1a:
de:89:4b:cf:0c:a3:5a:b7:6b:43:9d:20:41:bc:07:7f:1c:e6:
52:c2:dc:88:c0:58:0f:c7:0a:41:bd:52:7e:b3:76:e9:0c:c9:
0c:36:0b:6b:9e:c4:41:0e:a3:16:a8:84:48:ff:dc:0a:ef:70:
79:41:54:78:29:26:6a:43:f1:da:10:35:4a:33:73:e4:ec:b0:
94:01:e0:47:d5:a8:38:69:8b:fa:6b:66:90:14:47:49:8d:d2:
6d:dd:06:aa:e7:b8:ce:e4:91:70:1a:c1:09:14:d2:a6:23:4a:
4c:07:b8:c2:96:6e:91:fd:2d:5c:78:79:0c:bb:3b:9a:e1:26:
f0:7c:e4:d4:b1:b2:f4:99:7e:0b:94:ba:da:02:89:46:12:fe:
e6:91:6f:ad:58:94:51:a9:92:7d:3b:bd:58:5e:a3:ba:b4:5d:
ef:78:2e:83:88:d2:6d:4b:f0:21:40:c9:5b:8a:a2:6c:2b:b5:
af:a1:34:6b:1f:6b:4d:4a:b4:ca:19:cf:14:ea:de:77:01:e4:
e9:4b:e1:73:c2:67:64:0d:5d:a3:84:db:e4:fd:c7:dc:18:9b:
2c:89:92:26:4b:fe:9d:55:f6:01:c6:f8:1e:6a:8c:e8:a1:6e:
82:5b:a0:84
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmgFFQHdCGVgYlBbdiJyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MGEwODFmYmE4ZmIzM2VmYjQ2MjU5ZWY5M2Y2ODc4ZDcw
MTUwZWIwHhcNMjQwMTAyMTQzNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjNiNzM3MjA1OTA5Yjc0MjUzNGYyZTE4NWFmMzdiNjI1NTc0ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryAVsxsNhLX9OtrJyg11EJRGOeDA
eWR2vw7SA8J+umjv/h+valFA1KWBKFuIZFrMZBmw/Ieam+Dr1iA8kCj8Nqxpkqt8
Y2Y9H2YlQIlM0QCtImS4XCt0f68ETMvx/W8//HOtv2KWhQpnwKPIfx8CmruRDVrG
A8lDqEkn/VPsLPr4HeGpkOrdKjixkthi1aWkUoEKdk3/G3iw2Y8/3Wp/WzfF7juU
nvbbad7AEItOvlkggqoAuC8HoV50ROx2YaKPZ42MlJVK0jNdJad47gECpC9ZHPrF
GIrFitR4dVREpLPEKyT/nNFwXv26e9h0R6soRY5m2JT+lvvuT8/+tXI1OQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIY7c3IFkJt0JTTy4YWvN7YlV09xMB8GA1UdIwQY
MBaAFKQKCB+6j7M++0Ylnvk/aHjXAVDrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEFvSUg3cVBzejc3UmlXZS1UOW9lTmNCVU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9jYjI3YTAtOTRkMi00OWFhLTg1ZWEt
YWU5MWU0NjYyZDkzLzEvaGp0emNnV1FtM1FsTlBMaGhhODN0aVZYVDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9jYjI3YTAtOTRkMi00OWFhLTg1ZWEtYWU5MWU0NjYyZDkz
LzEvcEFvSUg3cVBzejc3UmlXZS1UOW9lTmNCVU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCw+rMMA8E
AgACMAkDBwAgAQZ8JiAwDQYJKoZIhvcNAQELBQADggEBAImbKcE06pv2u4pEehTH
NfxLGt6JS88Mo1q3a0OdIEG8B38c5lLC3IjAWA/HCkG9Un6zdukMyQw2C2uexEEO
oxaohEj/3ArvcHlBVHgpJmpD8doQNUozc+TssJQB4EfVqDhpi/prZpAUR0mN0m3d
BqrnuM7kkXAawQkU0qYjSkwHuMKWbpH9LVx4eQy7O5rhJvB85NSxsvSZfguUutoC
iUYS/uaRb61YlFGpkn07vVheo7q0Xe94LoOI0m1L8CFAyVuKomwrta+hNGsfa01K
tMoZzxTq3ncB5OlL4XPCZ2QNXaOE2+T9x9wYmyyJkiZL/p1V9gHG+B5qjOihboJb
oIQ=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:06 2024 by rpki-client on console-fra.rpki-client.org