Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Zj3A_BUC9CB-xht_VIoh4BFeujU.roa
File: Zj3A_BUC9CB-xht_VIoh4BFeujU.roa (raw, json)
Hash identifier: 84EcRw3+/2FQqsIJ6jbo026iVQpvo8WsxjruxFl/+tk=
Subject key identifier: 66:3D:C0:FC:15:02:F4:20:7E:C6:1B:7F:54:8A:21:E0:11:5E:BA:35
Certificate issuer: /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial: 018F53DBAD4E8A62E5A35CCF40B31CAA65BD
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Zj3A_BUC9CB-xht_VIoh4BFeujU.roa
Signing time: Tue 07 May 2024 16:20:56 +0000
ROA not before: Tue 07 May 2024 16:20:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208905
IP address blocks: 85.130.240.0/22 maxlen: 24
85.130.244.0/23 maxlen: 24
85.130.248.0/21 maxlen: 24
109.67.184.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:53:db:ad:4e:8a:62:e5:a3:5c:cf:40:b3:1c:aa:65:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Validity
Not Before: May 7 16:20:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=663dc0fc1502f4207ec61b7f548a21e0115eba35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:41:84:07:5d:13:27:fa:de:e0:00:26:ca:62:
4b:63:66:99:51:ee:ea:66:88:86:70:8e:58:2c:9c:
d6:c8:47:c5:6f:d7:d6:76:82:79:7f:7a:96:84:0f:
79:10:60:03:fd:e6:7c:af:bc:33:7d:a4:09:8c:4c:
97:cf:f0:5f:63:58:7d:4f:2d:93:48:1e:0b:05:dc:
cb:02:91:a1:7a:ff:0d:0b:af:71:ec:cd:da:7e:d1:
5c:34:e8:f9:c3:bd:62:d2:89:4f:56:46:cf:25:a0:
87:87:d3:2a:f6:bf:5e:ae:80:6d:28:1f:44:05:68:
96:20:40:87:a1:b4:e7:61:2c:9f:29:80:6f:39:0b:
c2:2c:1d:4e:40:bd:8a:02:85:90:3c:a2:9f:be:14:
e2:6f:90:0b:ce:5e:cd:74:cd:a7:b4:53:77:4c:d6:
45:8f:5b:e5:43:2f:13:01:57:4b:bb:96:9a:89:a6:
5b:15:ce:22:93:46:c4:57:0f:54:c9:4e:c3:16:0b:
ab:b4:36:80:46:3b:c1:b0:e0:99:61:8c:a6:1b:bd:
29:eb:9f:1b:88:76:c5:23:f7:93:a3:3e:4f:e3:4f:
5c:4b:04:68:46:61:ea:47:ad:45:78:83:c2:93:c8:
cb:f6:a9:61:27:35:e9:69:bd:98:a3:fb:cd:a0:38:
6a:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:3D:C0:FC:15:02:F4:20:7E:C6:1B:7F:54:8A:21:E0:11:5E:BA:35
X509v3 Authority Key Identifier:
keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Zj3A_BUC9CB-xht_VIoh4BFeujU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.130.240.0-85.130.245.255
85.130.248.0/21
109.67.184.0/21
Signature Algorithm: sha256WithRSAEncryption
68:c8:d7:7a:37:1b:ed:52:d2:a4:5d:9b:af:1e:a4:80:48:0d:
50:c1:35:2b:66:38:45:52:82:e1:52:6a:a3:bd:0e:fd:9f:09:
f0:ed:f9:69:e8:03:38:1c:ea:a7:8c:99:05:65:37:f9:cf:bd:
9a:ce:af:13:ae:61:a8:d5:8f:7e:37:79:6d:2e:55:e1:a1:fe:
b1:4c:ef:51:d1:2f:dc:20:bc:46:26:f4:97:d7:76:67:fe:6f:
93:b0:16:5f:ca:da:48:f6:b0:d2:3f:03:7b:7e:0b:b5:88:16:
77:c9:ba:6f:e4:88:5a:c9:6a:4d:d0:28:89:31:71:63:f6:77:
f1:a9:09:31:b9:37:98:8b:b6:40:d2:23:84:b5:80:80:f0:08:
ea:6c:95:f2:87:79:ba:db:2e:ad:16:8c:ac:bc:d8:f7:f3:da:
16:67:9d:fd:cc:09:c7:35:21:56:f8:f5:8e:97:75:d4:20:f9:
45:c3:7b:33:f0:8e:6f:ed:e3:30:67:a0:a5:f3:b1:b7:f3:8c:
ce:8f:e3:a3:8f:7e:f4:4a:a9:86:39:60:90:9b:6c:71:27:c1:
22:96:b5:ad:7c:57:3c:a0:88:2c:d0:40:f4:41:60:41:42:fd:
3f:c5:bf:79:b8:a2:b8:f4:c6:58:6d:57:dd:e2:a0:3d:59:ad:
e1:67:09:16
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY9T261OimLlo1zPQLMcqmW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjQwNTA3MTYyMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjNkYzBmYzE1MDJmNDIwN2VjNjFiN2Y1NDhhMjFlMDExNWViYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEGEB10TJ/re4AAmymJLY2aZUe7q
ZoiGcI5YLJzWyEfFb9fWdoJ5f3qWhA95EGAD/eZ8r7wzfaQJjEyXz/BfY1h9Ty2T
SB4LBdzLApGhev8NC69x7M3aftFcNOj5w71i0olPVkbPJaCHh9Mq9r9eroBtKB9E
BWiWIECHobTnYSyfKYBvOQvCLB1OQL2KAoWQPKKfvhTib5ALzl7NdM2ntFN3TNZF
j1vlQy8TAVdLu5aaiaZbFc4ik0bEVw9UyU7DFgurtDaARjvBsOCZYYymG70p658b
iHbFI/eToz5P409cSwRoRmHqR61FeIPCk8jL9qlhJzXpab2Yo/vNoDhqZwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGY9wPwVAvQgfsYbf1SKIeARXro1MB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvWmozQV9CVUM5Q0IteGh0X1ZJb2g0QkZldWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBARVgvAD
BAFVgvQDBANVgvgDBANtQ7gwDQYJKoZIhvcNAQELBQADggEBAGjI13o3G+1S0qRd
m68epIBIDVDBNStmOEVSguFSaqO9Dv2fCfDt+WnoAzgc6qeMmQVlN/nPvZrOrxOu
YajVj343eW0uVeGh/rFM71HRL9wgvEYm9JfXdmf+b5OwFl/K2kj2sNI/A3t+C7WI
FnfJum/kiFrJak3QKIkxcWP2d/GpCTG5N5iLtkDSI4S1gIDwCOpslfKHebrbLq0W
jKy82Pfz2hZnnf3MCcc1IVb49Y6XddQg+UXDezPwjm/t4zBnoKXzsbfzjM6P46OP
fvRKqYY5YJCbbHEnwSKWta18VzygiCzQQPRBYEFC/T/Fv3m4orj0xlhtV93ioD1Z
reFnCRY=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:11:07 2024 by rpki-client on console-fra.rpki-client.org