Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/O8jJLDx2wBEIyqe_ChlorDgmbpY.roa
File: O8jJLDx2wBEIyqe_ChlorDgmbpY.roa (raw, json)
Hash identifier: VbeMWG3z87PhijudkJs35stOP9LFAk+RmusM0BqOw5A=
Subject key identifier: 3B:C8:C9:2C:3C:76:C0:11:08:CA:A7:BF:0A:19:68:AC:38:26:6E:96
Certificate issuer: /CN=b3b6f54ea9b15a8bd4f33825386cb277b03439dd
Certificate serial: 018D6964E4B0A97ECF9BD25622AF669E3CC5
Authority key identifier: B3:B6:F5:4E:A9:B1:5A:8B:D4:F3:38:25:38:6C:B2:77:B0:34:39:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s7b1TqmxWovU8zglOGyyd7A0Od0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/O8jJLDx2wBEIyqe_ChlorDgmbpY.roa
Signing time: Fri 02 Feb 2024 10:37:16 +0000
ROA not before: Fri 02 Feb 2024 10:37:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42184
IP address blocks: 45.82.124.0/22 maxlen: 24
91.190.224.0/21 maxlen: 24
178.251.8.0/21 maxlen: 24
185.64.168.0/22 maxlen: 24
185.143.168.0/22 maxlen: 24
188.64.248.0/21 maxlen: 24
194.15.152.0/22 maxlen: 24
2a02:f08::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/s7b1TqmxWovU8zglOGyyd7A0Od0.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/s7b1TqmxWovU8zglOGyyd7A0Od0.mft
rsync://rpki.ripe.net/repository/DEFAULT/s7b1TqmxWovU8zglOGyyd7A0Od0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 04:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:69:64:e4:b0:a9:7e:cf:9b:d2:56:22:af:66:9e:3c:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b3b6f54ea9b15a8bd4f33825386cb277b03439dd
Validity
Not Before: Feb 2 10:37:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3bc8c92c3c76c01108caa7bf0a1968ac38266e96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ef:55:0c:33:2c:08:06:40:cc:86:b1:cb:be:
af:3e:68:c1:a7:21:d1:34:7c:15:9c:16:61:cf:d1:
51:c9:13:b8:0a:a7:11:a5:b6:9e:c2:c0:85:f7:f0:
05:31:bc:f5:37:d5:e9:ab:40:29:c3:eb:d9:ec:cc:
e7:76:db:33:19:ed:f4:dd:92:bd:f7:96:d8:d0:67:
6d:04:a1:ac:bb:dc:c4:cd:7f:84:90:56:30:c1:9c:
07:5b:2a:0b:2a:7c:05:38:7a:b2:23:ce:62:0c:c9:
a0:72:b7:d3:17:ae:6e:3b:73:90:e4:85:dc:e3:e6:
a2:41:ab:8e:0f:5c:9e:73:a2:ae:ff:23:0f:d2:9a:
0c:e3:64:ac:81:ec:03:19:f4:35:5b:d5:e3:1d:98:
ac:cd:9e:30:27:42:26:c5:eb:fc:df:2b:a5:b4:e0:
7d:d5:52:1d:8f:43:85:28:67:bf:8d:04:05:df:95:
c7:a8:bd:4f:53:b7:29:b9:21:56:d2:51:f1:42:85:
13:30:c4:3d:f9:b7:d8:eb:f5:67:2f:05:c5:c9:60:
e5:8e:80:7e:0d:7a:8e:52:e8:cd:19:06:5f:eb:a9:
e6:05:90:02:c0:fe:35:8a:ec:c4:f0:a5:aa:67:9c:
40:5d:97:a7:83:14:0c:cb:87:a9:3c:2f:f9:29:a4:
c7:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:C8:C9:2C:3C:76:C0:11:08:CA:A7:BF:0A:19:68:AC:38:26:6E:96
X509v3 Authority Key Identifier:
keyid:B3:B6:F5:4E:A9:B1:5A:8B:D4:F3:38:25:38:6C:B2:77:B0:34:39:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7b1TqmxWovU8zglOGyyd7A0Od0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/O8jJLDx2wBEIyqe_ChlorDgmbpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/s7b1TqmxWovU8zglOGyyd7A0Od0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.82.124.0/22
91.190.224.0/21
178.251.8.0/21
185.64.168.0/22
185.143.168.0/22
188.64.248.0/21
194.15.152.0/22
IPv6:
2a02:f08::/32
Signature Algorithm: sha256WithRSAEncryption
a0:02:40:7b:eb:85:53:62:0f:bd:8c:82:5a:07:0c:eb:04:92:
60:97:ff:70:f6:31:d3:fb:0e:10:e7:ab:6d:b5:13:bd:35:a1:
d1:e4:19:0a:62:b8:b1:81:f5:2d:5f:1c:d5:1f:96:f3:80:8b:
f4:e2:0b:3c:e1:bc:b7:87:2a:75:4b:a3:25:91:87:28:78:37:
75:35:6e:3b:48:b9:96:d1:91:1d:13:66:12:28:b5:78:9d:bf:
b9:d8:21:3f:3c:32:9d:e1:c3:2a:17:ce:c2:d7:3a:4f:97:4e:
11:c8:c4:99:8b:c9:b0:1c:39:d1:92:ad:86:7c:83:5a:12:b5:
41:68:87:44:03:72:2f:79:cc:1f:8a:8a:72:bc:e7:e9:f6:f9:
22:1f:a7:29:b2:fa:5e:f4:64:0c:b8:7b:59:0f:3f:2d:66:a5:
79:de:70:b0:90:bd:80:e8:52:ff:53:9a:ae:ac:de:7d:f2:07:
49:fe:12:30:4d:8c:b6:75:88:4f:fd:9e:e5:33:40:6c:f4:b4:
d9:3d:c1:ea:b1:99:e9:2e:5c:c8:9b:b7:25:dd:b3:87:f4:2f:
7f:23:cc:f7:bd:e8:25:03:97:99:ae:4d:01:e5:46:a1:1a:b2:
2e:a5:0b:65:d3:40:bc:b0:fd:ee:b6:26:ce:ca:63:e8:f0:64:
71:9c:95:94
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY1pZOSwqX7Pm9JWIq9mnjzFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjZmNTRlYTliMTVhOGJkNGYzMzgyNTM4NmNiMjc3YjAz
NDM5ZGQwHhcNMjQwMjAyMTAzNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmM4YzkyYzNjNzZjMDExMDhjYWE3YmYwYTE5NjhhYzM4MjY2ZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO9VDDMsCAZAzIaxy76vPmjBpyHR
NHwVnBZhz9FRyRO4CqcRpbaewsCF9/AFMbz1N9Xpq0Apw+vZ7MzndtszGe303ZK9
95bY0GdtBKGsu9zEzX+EkFYwwZwHWyoLKnwFOHqyI85iDMmgcrfTF65uO3OQ5IXc
4+aiQauOD1yec6Ku/yMP0poM42SsgewDGfQ1W9XjHZiszZ4wJ0Imxev83yultOB9
1VIdj0OFKGe/jQQF35XHqL1PU7cpuSFW0lHxQoUTMMQ9+bfY6/VnLwXFyWDljoB+
DXqOUujNGQZf66nmBZACwP41iuzE8KWqZ5xAXZengxQMy4epPC/5KaTH1QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFDvIySw8dsARCMqnvwoZaKw4Jm6WMB8GA1UdIwQY
MBaAFLO29U6psVqL1PM4JThssnewNDndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdiMVRxbXhXb3ZVOHpnbE9HeXlkN0EwT2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84ZGU0YTMtOGQ1YS00NmIxLWE3MzUt
MmY0NmU5MzE3Y2M2LzEvTzhqSkxEeDJ3QkVJeXFlX0NobG9yRGdtYnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84ZGU0YTMtOGQ1YS00NmIxLWE3MzUtMmY0NmU5MzE3Y2M2
LzEvczdiMVRxbXhXb3ZVOHpnbE9HeXlkN0EwT2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLVJ8AwQD
W77gAwQDsvsIAwQCuUCoAwQCuY+oAwQDvED4AwQCwg+YMA0EAgACMAcDBQAqAg8I
MA0GCSqGSIb3DQEBCwUAA4IBAQCgAkB764VTYg+9jIJaBwzrBJJgl/9w9jHT+w4Q
56tttRO9NaHR5BkKYrixgfUtXxzVH5bzgIv04gs84by3hyp1S6MlkYcoeDd1NW47
SLmW0ZEdE2YSKLV4nb+52CE/PDKd4cMqF87C1zpPl04RyMSZi8mwHDnRkq2GfINa
ErVBaIdEA3IvecwfiopyvOfp9vkiH6cpsvpe9GQMuHtZDz8tZqV53nCwkL2A6FL/
U5qurN598gdJ/hIwTYy2dYhP/Z7lM0Bs9LTZPcHqsZnpLlzIm7cl3bOH9C9/I8z3
veglA5eZrk0B5UahGrIupQtl00C8sP3utibOymPo8GRxnJWU
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:23 2024 by rpki-client on console-fra.rpki-client.org