Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/uNFnmjiLLIPmjwVmN5svj-8R8FI.roa
File: uNFnmjiLLIPmjwVmN5svj-8R8FI.roa (raw, json)
Hash identifier: u4otIOPtrkKYaKTQc+kmUvGx9PzRNPTbne2QoOIrFNk=
Subject key identifier: B8:D1:67:9A:38:8B:2C:83:E6:8F:05:66:37:9B:2F:8F:EF:11:F0:52
Certificate issuer: /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial: 018CC56E8E77156CC2E034DB5404E4E87EE1
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/uNFnmjiLLIPmjwVmN5svj-8R8FI.roa
Signing time: Mon 01 Jan 2024 14:30:06 +0000
ROA not before: Mon 01 Jan 2024 14:30:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6453
IP address blocks: 213.153.128.0/17 maxlen: 24
92.44.0.0/15 maxlen: 24
151.250.0.0/16 maxlen: 24
85.29.0.0/18 maxlen: 24
176.40.0.0/14 maxlen: 24
82.222.0.0/16 maxlen: 24
212.57.0.0/19 maxlen: 24
176.33.0.0/16 maxlen: 24
195.214.128.0/18 maxlen: 24
2a02:e0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 11:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:8e:77:15:6c:c2:e0:34:db:54:04:e4:e8:7e:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Validity
Not Before: Jan 1 14:30:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b8d1679a388b2c83e68f0566379b2f8fef11f052
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:a8:dd:75:a3:db:18:d3:e9:98:af:eb:8e:df:
ad:83:46:6a:81:27:3a:8a:a7:b7:0b:d9:cf:6f:7b:
d5:31:62:bd:ea:a7:50:2e:d9:a2:ab:06:35:b5:cd:
93:1f:28:6d:71:9e:f5:2a:14:0a:53:15:b4:8b:68:
43:9e:7e:b6:be:93:56:94:24:cb:e2:15:c9:98:98:
62:f9:b6:b5:80:9f:a4:bb:bf:38:09:93:af:6d:0a:
87:54:e6:fe:6a:50:9c:ee:af:12:aa:40:50:32:25:
4c:74:43:2b:ad:91:30:b6:7f:bd:52:80:ec:4b:16:
9e:9e:45:27:fc:e9:a1:ad:69:03:9f:12:69:0e:35:
17:b2:4b:f5:8d:05:56:84:41:57:09:68:c4:d6:e6:
13:28:85:c0:ae:78:75:95:49:23:b2:ec:3c:28:b5:
c9:81:fa:57:4e:40:c9:9b:62:d6:40:b1:82:07:ee:
05:c1:36:8d:ec:4e:14:86:ab:aa:0f:92:8c:51:80:
ea:1b:17:ec:5a:e8:09:4e:f6:c6:46:18:22:1c:70:
c9:02:96:16:c3:53:61:2e:d2:16:06:e0:43:69:bb:
23:33:54:bd:33:7f:64:ff:6e:dd:8a:4d:1a:6f:d9:
c6:c4:87:0b:fd:84:64:44:6b:88:b3:e6:f5:d9:4c:
c4:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:D1:67:9A:38:8B:2C:83:E6:8F:05:66:37:9B:2F:8F:EF:11:F0:52
X509v3 Authority Key Identifier:
keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/uNFnmjiLLIPmjwVmN5svj-8R8FI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.222.0.0/16
85.29.0.0/18
92.44.0.0/15
151.250.0.0/16
176.33.0.0/16
176.40.0.0/14
195.214.128.0/18
212.57.0.0/19
213.153.128.0/17
IPv6:
2a02:e0::/32
Signature Algorithm: sha256WithRSAEncryption
29:68:1f:12:7c:72:0d:d5:1e:ac:4c:86:11:30:2d:2b:af:e7:
4f:fc:9c:ba:bd:ba:8f:56:05:13:0a:e8:c3:d3:48:89:ac:e7:
9f:4c:97:80:d7:3c:86:f5:ea:4f:05:43:5d:d2:65:6c:93:a7:
b0:08:cf:98:fb:69:54:b2:28:cf:f5:ac:94:7c:e5:00:af:04:
bf:7c:b4:67:d9:52:da:e4:43:5c:89:b9:ed:e2:94:53:23:02:
54:a8:d7:92:50:ee:86:87:71:88:53:2c:92:81:4f:5e:f9:ef:
c1:be:22:ce:26:7a:2c:5c:79:24:e9:05:ab:50:f2:4e:93:b6:
ba:71:04:e5:90:71:6c:f7:b4:cc:c3:66:6c:4c:e6:c7:4d:09:
e1:71:3b:bb:0f:2d:78:38:c3:66:7c:56:29:6d:ff:f8:fd:78:
07:4d:ff:f3:28:a2:bd:49:d6:15:03:17:50:bc:83:21:72:bf:
d8:9a:2a:2a:c8:1d:17:fc:cb:9f:31:69:fa:01:65:1f:21:43:
c1:5e:a3:de:59:f8:70:5c:75:e1:22:05:00:53:bc:f0:f8:88:
6c:87:0a:09:e1:4f:d1:a4:ca:05:17:1e:e7:70:b8:00:22:0d:
74:ef:32:30:61:2c:e7:e1:dc:0e:71:f3:3c:14:87:8f:12:a3:
b5:5c:ea:f0
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzFbo53FWzC4DTbVATk6H7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGQxNjc5YTM4OGIyYzgzZTY4ZjA1NjYzNzliMmY4ZmVmMTFmMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKjddaPbGNPpmK/rjt+tg0ZqgSc6
iqe3C9nPb3vVMWK96qdQLtmiqwY1tc2THyhtcZ71KhQKUxW0i2hDnn62vpNWlCTL
4hXJmJhi+ba1gJ+ku784CZOvbQqHVOb+alCc7q8SqkBQMiVMdEMrrZEwtn+9UoDs
SxaenkUn/OmhrWkDnxJpDjUXskv1jQVWhEFXCWjE1uYTKIXArnh1lUkjsuw8KLXJ
gfpXTkDJm2LWQLGCB+4FwTaN7E4UhquqD5KMUYDqGxfsWugJTvbGRhgiHHDJApYW
w1NhLtIWBuBDabsjM1S9M39k/27dik0ab9nGxIcL/YRkRGuIs+b12UzEdQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFLjRZ5o4iyyD5o8FZjebL4/vEfBSMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvdU5Gbm1qaUxMSVBtandWbU41c3ZqLThSOEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA3BAIAATAxAwMAUt4DBAZV
HQADAwFcLAMDAJf6AwMAsCEDAwKwKAMEBsPWgAMEBdQ5AAMEB9WZgDANBAIAAjAH
AwUAKgIA4DANBgkqhkiG9w0BAQsFAAOCAQEAKWgfEnxyDdUerEyGETAtK6/nT/yc
ur26j1YFEwrow9NIiaznn0yXgNc8hvXqTwVDXdJlbJOnsAjPmPtpVLIoz/WslHzl
AK8Ev3y0Z9lS2uRDXIm57eKUUyMCVKjXklDuhodxiFMskoFPXvnvwb4iziZ6LFx5
JOkFq1DyTpO2unEE5ZBxbPe0zMNmbEzmx00J4XE7uw8teDjDZnxWKW3/+P14B03/
8yiivUnWFQMXULyDIXK/2JoqKsgdF/zLnzFp+gFlHyFDwV6j3ln4cFx14SIFAFO8
8PiIbIcKCeFP0aTKBRce53C4ACINdO8yMGEs5+HcDnHzPBSHjxKjtVzq8A==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:36:53 2024 by rpki-client on console-ams.rpki-client.org