Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/86a74e-4db8-4fe9-9802-3bb92687602c/1/xKEcDNpyxj8h6O8lLfpmyKoecAY.roa
File: xKEcDNpyxj8h6O8lLfpmyKoecAY.roa (raw, json)
Hash identifier: bCcHfDuNowle8ht8kipeUNs+eZ3bGyz536SvLVvZYSY=
Subject key identifier: C4:A1:1C:0C:DA:72:C6:3F:21:E8:EF:25:2D:FA:66:C8:AA:1E:70:06
Certificate issuer: /CN=044aacab9a49e143de68979ad156b42dabddde8c
Certificate serial: 018CC6B7D7AD49BFB404F1E970DDC5D59814
Authority key identifier: 04:4A:AC:AB:9A:49:E1:43:DE:68:97:9A:D1:56:B4:2D:AB:DD:DE:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BEqsq5pJ4UPeaJea0Va0Lavd3ow.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/86a74e-4db8-4fe9-9802-3bb92687602c/1/xKEcDNpyxj8h6O8lLfpmyKoecAY.roa
Signing time: Mon 01 Jan 2024 20:29:46 +0000
ROA not before: Mon 01 Jan 2024 20:29:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2259
IP address blocks: 130.79.0.0/16 maxlen: 16
185.155.92.0/22 maxlen: 22
77.72.40.0/21 maxlen: 21
2a07:2e40::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/86a74e-4db8-4fe9-9802-3bb92687602c/1/BEqsq5pJ4UPeaJea0Va0Lavd3ow.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/86a74e-4db8-4fe9-9802-3bb92687602c/1/BEqsq5pJ4UPeaJea0Va0Lavd3ow.mft
rsync://rpki.ripe.net/repository/DEFAULT/BEqsq5pJ4UPeaJea0Va0Lavd3ow.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:d7:ad:49:bf:b4:04:f1:e9:70:dd:c5:d5:98:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=044aacab9a49e143de68979ad156b42dabddde8c
Validity
Not Before: Jan 1 20:29:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c4a11c0cda72c63f21e8ef252dfa66c8aa1e7006
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:98:e4:b4:36:a1:a8:ef:d3:1e:3f:9f:8e:e2:
b9:31:18:9a:90:19:5b:45:e0:d9:4b:f5:6d:a5:46:
33:cb:30:91:a5:31:71:ab:fc:b6:64:6d:23:2f:99:
f0:14:6b:cd:9b:e2:9d:12:42:67:af:d8:08:27:20:
13:bc:51:8c:0d:bf:5e:69:e7:f7:54:3a:e5:b2:2d:
75:81:e3:36:6e:0a:c7:e2:58:c2:11:42:d4:cd:18:
c0:de:65:e8:fa:36:b0:62:b3:71:4c:df:fb:db:17:
61:b3:77:8c:52:73:09:b7:d2:de:4f:2f:a9:2d:25:
51:21:df:93:06:c0:7c:ff:db:98:f3:dd:fe:e1:07:
bb:f3:d5:3f:43:65:df:56:04:10:a8:2b:0b:e7:d6:
6b:9d:d4:f6:88:a9:57:f6:0b:7e:59:8f:c2:e8:25:
c1:c9:b9:71:a5:14:99:66:97:f8:90:95:b8:2d:75:
f8:4b:5a:46:9f:33:49:88:99:bb:91:a6:b5:be:fb:
ec:c3:cc:f3:ee:7b:70:9a:5f:ef:af:7f:5c:39:36:
e5:d8:1a:bd:29:5f:5c:4f:88:94:3d:8b:19:5a:6f:
22:5b:b6:85:d2:4e:d1:5b:40:7b:42:4d:52:a0:15:
6a:66:8f:2b:a9:6a:df:71:5c:28:7d:cf:87:0d:b0:
bd:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:A1:1C:0C:DA:72:C6:3F:21:E8:EF:25:2D:FA:66:C8:AA:1E:70:06
X509v3 Authority Key Identifier:
keyid:04:4A:AC:AB:9A:49:E1:43:DE:68:97:9A:D1:56:B4:2D:AB:DD:DE:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BEqsq5pJ4UPeaJea0Va0Lavd3ow.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/86a74e-4db8-4fe9-9802-3bb92687602c/1/xKEcDNpyxj8h6O8lLfpmyKoecAY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/86a74e-4db8-4fe9-9802-3bb92687602c/1/BEqsq5pJ4UPeaJea0Va0Lavd3ow.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.72.40.0/21
130.79.0.0/16
185.155.92.0/22
IPv6:
2a07:2e40::/29
Signature Algorithm: sha256WithRSAEncryption
8b:3e:de:75:c5:a2:53:6b:a3:0c:31:c0:ba:f2:be:3a:03:63:
59:06:06:72:16:32:b2:6a:11:c2:ca:05:6f:81:87:79:38:ac:
03:91:6d:e9:e7:5c:72:34:25:a6:c1:bb:46:32:ff:de:6b:da:
bb:55:67:63:6f:6f:8d:c8:c0:07:e8:35:9e:d8:c0:f2:41:fa:
89:13:af:26:77:cd:c3:9e:ed:b1:8a:88:d1:ba:b4:30:e9:de:
76:07:27:50:3d:22:89:b6:96:b7:08:4e:9a:84:a2:ba:fa:9a:
b1:a2:fa:66:e7:b8:c2:fa:33:0d:ec:e1:ec:ac:a8:1c:ab:30:
2e:f0:f2:03:ee:06:ea:cd:de:32:7c:00:58:44:a6:eb:67:90:
23:cf:f8:64:c9:fd:62:50:7f:d8:54:b1:14:0b:47:96:8f:ff:
36:53:43:91:cf:16:d5:22:06:dd:4b:5a:4e:03:50:13:4e:81:
97:ad:e6:2e:0b:d0:c9:82:43:89:68:e9:07:43:c5:34:67:a7:
54:0a:60:34:96:76:8e:57:42:02:58:b0:cc:e2:ef:ed:b6:e5:
c6:6a:da:48:96:d3:64:21:b8:bd:35:51:5a:15:a7:bd:b4:8c:
a4:59:65:69:53:75:c9:77:7e:a6:64:0a:f8:9d:13:78:6f:7e:
46:66:5f:f5
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzGt9etSb+0BPHpcN3F1ZgUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NGFhY2FiOWE0OWUxNDNkZTY4OTc5YWQxNTZiNDJkYWJk
ZGRlOGMwHhcNMjQwMTAxMjAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGExMWMwY2RhNzJjNjNmMjFlOGVmMjUyZGZhNjZjOGFhMWU3MDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJjktDahqO/THj+fjuK5MRiakBlb
ReDZS/VtpUYzyzCRpTFxq/y2ZG0jL5nwFGvNm+KdEkJnr9gIJyATvFGMDb9eaef3
VDrlsi11geM2bgrH4ljCEULUzRjA3mXo+jawYrNxTN/72xdhs3eMUnMJt9LeTy+p
LSVRId+TBsB8/9uY893+4Qe789U/Q2XfVgQQqCsL59ZrndT2iKlX9gt+WY/C6CXB
yblxpRSZZpf4kJW4LXX4S1pGnzNJiJm7kaa1vvvsw8zz7ntwml/vr39cOTbl2Bq9
KV9cT4iUPYsZWm8iW7aF0k7RW0B7Qk1SoBVqZo8rqWrfcVwofc+HDbC9EwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFMShHAzacsY/IejvJS36ZsiqHnAGMB8GA1UdIwQY
MBaAFARKrKuaSeFD3miXmtFWtC2r3d6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkVxc3E1cEo0VVBlYUplYTBWYTBMYXZkM293LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NmE3NGUtNGRiOC00ZmU5LTk4MDIt
M2JiOTI2ODc2MDJjLzEveEtFY0ROcHl4ajhoNk84bExmcG15S29lY0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NmE3NGUtNGRiOC00ZmU5LTk4MDItM2JiOTI2ODc2MDJj
LzEvQkVxc3E1cEo0VVBlYUplYTBWYTBMYXZkM293LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQDTUgoAwMA
gk8DBAK5m1wwDQQCAAIwBwMFAyoHLkAwDQYJKoZIhvcNAQELBQADggEBAIs+3nXF
olNrowwxwLryvjoDY1kGBnIWMrJqEcLKBW+Bh3k4rAORbennXHI0JabBu0Yy/95r
2rtVZ2Nvb43IwAfoNZ7YwPJB+okTryZ3zcOe7bGKiNG6tDDp3nYHJ1A9Iom2lrcI
TpqEorr6mrGi+mbnuML6Mw3s4eysqByrMC7w8gPuBurN3jJ8AFhEputnkCPP+GTJ
/WJQf9hUsRQLR5aP/zZTQ5HPFtUiBt1LWk4DUBNOgZet5i4L0MmCQ4lo6QdDxTRn
p1QKYDSWdo5XQgJYsMzi7+225cZq2kiW02QhuL01UVoVp720jKRZZWlTdcl3fqZk
CvidE3hvfkZmX/U=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:39:27 2024 by rpki-client on console-fra.rpki-client.org