Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5986f1-863f-4eec-8551-0a8fe6434bf8/1/ZFOkOwryANr48fciRppCbKPT_9I.roa
File: ZFOkOwryANr48fciRppCbKPT_9I.roa (raw, json)
Hash identifier: M+RqgF/IUqRNDOtOQ3wJdUgWeyPJFE39NqXHf2onjPA=
Subject key identifier: 64:53:A4:3B:0A:F2:00:DA:F8:F1:F7:22:46:9A:42:6C:A3:D3:FF:D2
Certificate issuer: /CN=15cc880f0a12c7b94f71d9b2e5b028a70d1fa34a
Certificate serial: 018CC8DF0FA230F534C6290AA94223B1FDD8
Authority key identifier: 15:CC:88:0F:0A:12:C7:B9:4F:71:D9:B2:E5:B0:28:A7:0D:1F:A3:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FcyIDwoSx7lPcdmy5bAopw0fo0o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/5986f1-863f-4eec-8551-0a8fe6434bf8/1/ZFOkOwryANr48fciRppCbKPT_9I.roa
Signing time: Tue 02 Jan 2024 06:31:50 +0000
ROA not before: Tue 02 Jan 2024 06:31:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35506
IP address blocks: 84.205.192.0/24 maxlen: 24
84.205.193.0/24 maxlen: 24
84.205.194.0/24 maxlen: 24
84.205.195.0/24 maxlen: 24
84.205.196.0/24 maxlen: 24
84.205.197.0/24 maxlen: 24
84.205.198.0/24 maxlen: 24
84.205.199.0/24 maxlen: 24
84.205.200.0/24 maxlen: 24
84.205.201.0/24 maxlen: 24
84.205.202.0/24 maxlen: 24
84.205.203.0/24 maxlen: 24
84.205.204.0/24 maxlen: 24
84.205.205.0/24 maxlen: 24
84.205.206.0/24 maxlen: 24
84.205.207.0/24 maxlen: 24
84.205.212.0/24 maxlen: 24
84.205.212.0/23 maxlen: 23
84.205.213.0/24 maxlen: 24
84.205.215.0/24 maxlen: 24
84.205.216.0/24 maxlen: 24
84.205.217.0/24 maxlen: 24
84.205.218.0/24 maxlen: 24
84.205.219.0/24 maxlen: 24
84.205.214.0/24 maxlen: 24
84.205.220.0/24 maxlen: 24
84.205.221.0/24 maxlen: 24
84.205.222.0/24 maxlen: 24
84.205.223.0/24 maxlen: 24
84.205.224.0/24 maxlen: 24
84.205.225.0/24 maxlen: 24
84.205.226.0/24 maxlen: 24
84.205.227.0/24 maxlen: 24
84.205.228.0/24 maxlen: 24
84.205.229.0/24 maxlen: 24
84.205.230.0/24 maxlen: 24
84.205.231.0/24 maxlen: 24
84.205.232.0/24 maxlen: 24
84.205.233.0/24 maxlen: 24
84.205.234.0/24 maxlen: 24
84.205.235.0/24 maxlen: 24
84.205.236.0/24 maxlen: 24
84.205.237.0/24 maxlen: 24
84.205.238.0/24 maxlen: 24
84.205.239.0/24 maxlen: 24
84.205.240.0/24 maxlen: 24
84.205.243.0/24 maxlen: 24
84.205.244.0/24 maxlen: 24
84.205.245.0/24 maxlen: 24
84.205.246.0/24 maxlen: 24
84.205.241.0/24 maxlen: 24
84.205.242.0/24 maxlen: 24
84.205.247.0/24 maxlen: 24
84.205.248.0/24 maxlen: 24
84.205.249.0/24 maxlen: 24
84.205.250.0/24 maxlen: 24
84.205.251.0/24 maxlen: 24
84.205.252.0/23 maxlen: 23
84.205.254.0/24 maxlen: 24
84.205.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/5986f1-863f-4eec-8551-0a8fe6434bf8/1/FcyIDwoSx7lPcdmy5bAopw0fo0o.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/5986f1-863f-4eec-8551-0a8fe6434bf8/1/FcyIDwoSx7lPcdmy5bAopw0fo0o.mft
rsync://rpki.ripe.net/repository/DEFAULT/FcyIDwoSx7lPcdmy5bAopw0fo0o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 May 2024 23:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:0f:a2:30:f5:34:c6:29:0a:a9:42:23:b1:fd:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15cc880f0a12c7b94f71d9b2e5b028a70d1fa34a
Validity
Not Before: Jan 2 06:31:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6453a43b0af200daf8f1f722469a426ca3d3ffd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:db:8a:8f:93:21:b8:ad:7b:da:0f:ce:76:9c:
b2:c7:69:24:e0:97:05:91:6e:34:f9:b0:1a:b7:30:
6a:5c:ba:6f:12:25:61:6e:f3:e8:fd:04:ea:22:be:
93:67:f6:69:66:d8:2e:56:1d:31:a4:c3:0b:d0:26:
e0:e7:db:8e:0f:6a:64:9a:00:68:a8:47:7d:8c:0a:
31:6e:2d:cd:bc:70:b5:a1:3a:68:3f:b8:f5:9f:a4:
fc:29:3b:60:cf:2c:5e:ff:e0:dd:03:e0:29:56:75:
32:6c:2a:74:64:22:32:88:45:38:fb:2f:b8:b6:71:
02:24:7a:f1:b3:ac:ea:08:cb:a0:3e:81:58:fb:c3:
af:9d:83:af:e1:93:eb:8a:0c:c4:7e:89:19:f3:92:
b1:80:07:c0:7b:cd:75:9b:6c:35:5d:4b:0f:b5:87:
db:31:dd:96:c9:87:84:aa:8c:24:b8:af:4c:56:31:
fc:58:9a:08:dc:16:8f:ef:3a:c0:c9:56:57:08:64:
5d:7d:1d:45:c5:c1:7f:88:8b:e7:29:b5:9f:67:06:
e5:38:b0:52:5e:cd:0a:0b:29:9f:78:dd:77:24:3d:
d1:a4:7f:3a:50:62:2c:ad:56:d3:23:a4:06:44:f2:
c1:92:c3:e4:f9:50:cf:16:e6:15:a9:42:8d:95:ea:
46:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:53:A4:3B:0A:F2:00:DA:F8:F1:F7:22:46:9A:42:6C:A3:D3:FF:D2
X509v3 Authority Key Identifier:
keyid:15:CC:88:0F:0A:12:C7:B9:4F:71:D9:B2:E5:B0:28:A7:0D:1F:A3:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FcyIDwoSx7lPcdmy5bAopw0fo0o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5986f1-863f-4eec-8551-0a8fe6434bf8/1/ZFOkOwryANr48fciRppCbKPT_9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5986f1-863f-4eec-8551-0a8fe6434bf8/1/FcyIDwoSx7lPcdmy5bAopw0fo0o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.205.192.0/20
84.205.212.0-84.205.255.255
Signature Algorithm: sha256WithRSAEncryption
aa:2a:12:8c:88:53:eb:8a:71:50:4b:40:03:c0:05:2b:0e:fc:
a3:bf:be:e0:17:bb:2e:f7:b0:41:79:85:af:fd:87:6a:42:4b:
75:12:a9:c9:df:c5:b8:e9:92:0c:71:43:32:11:37:0c:94:b8:
7b:51:6d:7a:94:fa:ba:90:4b:42:52:11:0b:0f:66:52:ca:08:
0f:fb:fc:fb:0d:01:e9:72:7c:09:7c:ec:e9:45:be:2d:88:28:
2a:da:38:55:31:77:b7:9a:ce:2a:4a:bb:6f:49:1b:72:43:c9:
0a:f1:da:03:3e:bc:5e:64:38:3e:0b:71:ff:0b:e2:83:58:24:
29:ad:a7:18:dc:46:1b:59:65:39:9a:5a:8a:e5:4c:06:db:cd:
4c:56:64:3f:34:79:dd:a3:d9:75:10:dd:68:1d:5e:5a:3f:1b:
ea:70:07:17:90:fe:4f:d4:ca:55:7a:d6:ed:17:bf:18:e0:40:
87:99:d6:af:5f:77:bf:9c:d5:e7:c5:a5:58:37:8a:e1:16:dd:
84:f9:44:73:ca:e6:93:ce:e7:13:86:0a:01:13:13:89:bf:62:
99:72:a1:7e:f2:82:5e:a7:7f:3d:d4:85:98:49:40:e2:3b:da:
1f:6a:5d:fe:7a:4c:c6:09:b1:a5:00:be:36:d9:73:b6:a8:2a:
24:5a:5b:31
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzI3w+iMPU0xikKqUIjsf3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Y2M4ODBmMGExMmM3Yjk0ZjcxZDliMmU1YjAyOGE3MGQx
ZmEzNGEwHhcNMjQwMTAyMDYzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDUzYTQzYjBhZjIwMGRhZjhmMWY3MjI0NjlhNDI2Y2EzZDNmZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmduKj5MhuK172g/Odpyyx2kk4JcF
kW40+bAatzBqXLpvEiVhbvPo/QTqIr6TZ/ZpZtguVh0xpMML0Cbg59uOD2pkmgBo
qEd9jAoxbi3NvHC1oTpoP7j1n6T8KTtgzyxe/+DdA+ApVnUybCp0ZCIyiEU4+y+4
tnECJHrxs6zqCMugPoFY+8OvnYOv4ZPrigzEfokZ85KxgAfAe811m2w1XUsPtYfb
Md2WyYeEqowkuK9MVjH8WJoI3BaP7zrAyVZXCGRdfR1FxcF/iIvnKbWfZwblOLBS
Xs0KCymfeN13JD3RpH86UGIsrVbTI6QGRPLBksPk+VDPFuYVqUKNlepGuQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFGRTpDsK8gDa+PH3IkaaQmyj0//SMB8GA1UdIwQY
MBaAFBXMiA8KEse5T3HZsuWwKKcNH6NKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmN5SUR3b1N4N2xQY2RteTViQW9wdzBmbzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81OTg2ZjEtODYzZi00ZWVjLTg1NTEt
MGE4ZmU2NDM0YmY4LzEvWkZPa093cnlBTnI0OGZjaVJwcENiS1BUXzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81OTg2ZjEtODYzZi00ZWVjLTg1NTEtMGE4ZmU2NDM0YmY4
LzEvRmN5SUR3b1N4N2xQY2RteTViQW9wdzBmbzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwQEVM3AMAsD
BAJUzdQDAwFUzDANBgkqhkiG9w0BAQsFAAOCAQEAqioSjIhT64pxUEtAA8AFKw78
o7++4Be7LvewQXmFr/2HakJLdRKpyd/FuOmSDHFDMhE3DJS4e1FtepT6upBLQlIR
Cw9mUsoID/v8+w0B6XJ8CXzs6UW+LYgoKto4VTF3t5rOKkq7b0kbckPJCvHaAz68
XmQ4Pgtx/wvig1gkKa2nGNxGG1llOZpaiuVMBtvNTFZkPzR53aPZdRDdaB1eWj8b
6nAHF5D+T9TKVXrW7Re/GOBAh5nWr193v5zV58WlWDeK4RbdhPlEc8rmk87nE4YK
ARMTib9imXKhfvKCXqd/PdSFmElA4jvaH2pd/npMxgmxpQC+NtlztqgqJFpbMQ==
-----END CERTIFICATE-----
Generated at Fri May 17 08:27:52 2024 by rpki-client on console-fra.rpki-client.org