Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9d606e-08a6-4f4a-b980-b5abf440e893/1/iZZ4ouetDhEfftvUxbTFsd6oE3M.roa
File: iZZ4ouetDhEfftvUxbTFsd6oE3M.roa (raw, json)
Hash identifier: pHf+NSt9Rio/bTiOgtwP2/90zlCcYZDC5NfU3KVNepA=
Subject key identifier: 89:96:78:A2:E7:AD:0E:11:1F:7E:DB:D4:C5:B4:C5:B1:DE:A8:13:73
Certificate issuer: /CN=fb1a810e3ab1964b44ecb3778340b266dbda1126
Certificate serial: 018EE80D8CB13EA3CA9B830DC7C46939BC79
Authority key identifier: FB:1A:81:0E:3A:B1:96:4B:44:EC:B3:77:83:40:B2:66:DB:DA:11:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-xqBDjqxlktE7LN3g0CyZtvaESY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/9d606e-08a6-4f4a-b980-b5abf440e893/1/iZZ4ouetDhEfftvUxbTFsd6oE3M.roa
Signing time: Tue 16 Apr 2024 17:56:25 +0000
ROA not before: Tue 16 Apr 2024 17:56:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8075
IP address blocks: 192.40.76.0/24 maxlen: 24
192.40.77.0/24 maxlen: 24
192.40.78.0/24 maxlen: 24
192.40.79.0/24 maxlen: 24
2a06:f044::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/9d606e-08a6-4f4a-b980-b5abf440e893/1/1-xqBDjqxlktE7LN3g0CyZtvaESY.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/9d606e-08a6-4f4a-b980-b5abf440e893/1/1-xqBDjqxlktE7LN3g0CyZtvaESY.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-xqBDjqxlktE7LN3g0CyZtvaESY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 May 2024 02:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e8:0d:8c:b1:3e:a3:ca:9b:83:0d:c7:c4:69:39:bc:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb1a810e3ab1964b44ecb3778340b266dbda1126
Validity
Not Before: Apr 16 17:56:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=899678a2e7ad0e111f7edbd4c5b4c5b1dea81373
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:66:7e:c6:d9:1c:15:fe:8d:aa:bf:d8:08:7e:
3e:1a:d0:f0:72:8f:a0:0f:4a:b6:5a:cd:20:65:e8:
9d:71:e3:3d:8b:0e:e4:f2:d1:c2:05:89:3c:04:81:
d4:8e:ea:29:75:00:37:fc:c9:3a:7e:2a:c2:a5:1e:
99:dd:69:99:7b:e9:c4:b9:3c:b6:f1:7f:b1:b7:d0:
f6:14:f7:31:95:5a:8b:3d:71:fa:fe:10:f2:8f:a8:
9e:51:a8:09:69:21:5d:d0:ee:3b:e1:c1:51:21:8d:
41:e4:d5:08:aa:87:c9:7e:13:79:d7:6a:16:d2:b1:
fe:ca:aa:0a:67:c9:8d:7e:9a:7c:3e:55:d7:0c:8f:
58:97:31:20:87:8b:13:7b:7c:7c:dd:8c:1b:01:06:
36:4b:df:3f:01:3f:b8:f1:38:aa:37:db:17:bd:03:
67:8b:54:5d:a3:91:8f:28:3b:10:9e:09:e5:d6:1c:
08:2a:76:34:4b:ba:67:ea:fa:d2:ee:78:87:36:a6:
14:fd:27:38:70:b6:1e:88:e9:9d:1f:87:4d:0d:7b:
9b:24:5f:be:4d:e2:d6:bb:3a:b3:ef:33:ec:93:84:
37:ef:fc:4f:98:19:a6:7c:f6:62:c0:72:39:48:45:
1c:0c:48:6d:f5:96:f9:b4:3a:84:79:46:cd:b3:7a:
75:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:96:78:A2:E7:AD:0E:11:1F:7E:DB:D4:C5:B4:C5:B1:DE:A8:13:73
X509v3 Authority Key Identifier:
keyid:FB:1A:81:0E:3A:B1:96:4B:44:EC:B3:77:83:40:B2:66:DB:DA:11:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-xqBDjqxlktE7LN3g0CyZtvaESY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9d606e-08a6-4f4a-b980-b5abf440e893/1/iZZ4ouetDhEfftvUxbTFsd6oE3M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9d606e-08a6-4f4a-b980-b5abf440e893/1/1-xqBDjqxlktE7LN3g0CyZtvaESY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.40.76.0/22
IPv6:
2a06:f044::/48
Signature Algorithm: sha256WithRSAEncryption
b3:9f:14:15:40:34:fd:ce:83:26:ea:e1:c3:68:e2:70:de:71:
d0:fb:e4:1a:c1:35:5a:f5:6e:1e:01:0a:56:9e:1f:e1:72:fa:
6c:fa:54:b3:17:e6:f4:c9:39:21:5f:18:f1:44:c0:95:26:79:
e9:5d:f8:80:ac:73:e4:aa:ef:50:0d:d5:ab:86:2f:37:c1:a2:
fc:95:d7:e3:ac:f1:0c:35:01:a6:76:fb:0a:aa:34:4b:87:3a:
7a:da:1a:09:dd:33:5d:46:c4:c0:f0:3b:54:c3:7d:95:2a:ea:
a1:e6:3a:38:ec:a0:5a:7d:4c:00:49:e9:41:48:42:4e:3c:ce:
79:7c:27:9f:68:29:de:88:ff:f5:93:04:64:41:79:51:96:47:
23:79:99:26:b1:91:b2:8a:27:b4:25:89:c1:3a:69:1c:db:13:
cc:4a:f0:05:e6:49:99:0b:d6:bd:ae:85:1b:05:0c:43:47:ab:
82:ed:a7:e8:48:40:32:94:2e:db:67:8a:da:8e:97:e6:8d:e2:
c4:48:57:4d:e9:93:9f:db:af:78:e2:1c:06:b0:ae:ee:1b:a2:
a0:b3:85:6b:11:fc:47:a4:c7:8a:27:2b:92:f3:a5:6f:b9:37:
0d:4c:4c:8f:e6:56:e7:68:d3:92:76:53:cd:80:b7:eb:b1:22:
e4:dc:5f:01
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAY7oDYyxPqPKm4MNx8RpObx5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMWE4MTBlM2FiMTk2NGI0NGVjYjM3NzgzNDBiMjY2ZGJk
YTExMjYwHhcNMjQwNDE2MTc1NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTk2NzhhMmU3YWQwZTExMWY3ZWRiZDRjNWI0YzViMWRlYTgxMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWZ+xtkcFf6Nqr/YCH4+GtDwco+g
D0q2Ws0gZeidceM9iw7k8tHCBYk8BIHUjuopdQA3/Mk6firCpR6Z3WmZe+nEuTy2
8X+xt9D2FPcxlVqLPXH6/hDyj6ieUagJaSFd0O474cFRIY1B5NUIqofJfhN512oW
0rH+yqoKZ8mNfpp8PlXXDI9YlzEgh4sTe3x83YwbAQY2S98/AT+48TiqN9sXvQNn
i1Rdo5GPKDsQngnl1hwIKnY0S7pn6vrS7niHNqYU/Sc4cLYeiOmdH4dNDXubJF++
TeLWuzqz7zPsk4Q37/xPmBmmfPZiwHI5SEUcDEht9Zb5tDqEeUbNs3p15wIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFImWeKLnrQ4RH37b1MW0xbHeqBNzMB8GA1UdIwQY
MBaAFPsagQ46sZZLROyzd4NAsmbb2hEmMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS14cUJEanF4bGt0RTdMTjNnMEN5WnR2YUVTWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzAvOWQ2MDZlLTA4YTYtNGY0YS1iOTgw
LWI1YWJmNDQwZTg5My8xL2laWjRvdWV0RGhFZmZ0dlV4YlRGc2Q2b0UzTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzAvOWQ2MDZlLTA4YTYtNGY0YS1iOTgwLWI1YWJmNDQwZTg5
My8xLzEteHFCRGpxeGxrdEU3TE4zZzBDeVp0dmFFU1kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBALAKEww
DwQCAAIwCQMHACoG8EQAADANBgkqhkiG9w0BAQsFAAOCAQEAs58UFUA0/c6DJurh
w2jicN5x0PvkGsE1WvVuHgEKVp4f4XL6bPpUsxfm9Mk5IV8Y8UTAlSZ56V34gKxz
5KrvUA3Vq4YvN8Gi/JXX46zxDDUBpnb7Cqo0S4c6etoaCd0zXUbEwPA7VMN9lSrq
oeY6OOygWn1MAEnpQUhCTjzOeXwnn2gp3oj/9ZMEZEF5UZZHI3mZJrGRsoontCWJ
wTppHNsTzErwBeZJmQvWva6FGwUMQ0ergu2n6EhAMpQu22eK2o6X5o3ixEhXTemT
n9uveOIcBrCu7huioLOFaxH8R6THiicrkvOlb7k3DUxMj+ZW52jTknZTzYC367Ei
5NxfAQ==
-----END CERTIFICATE-----
Generated at Sat May 18 07:23:23 2024 by rpki-client on console-fra.rpki-client.org