Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/T4K_dT-ljVHEN_FzVR4jcm96mmk.roa
File: T4K_dT-ljVHEN_FzVR4jcm96mmk.roa (raw, json)
Hash identifier: 8SRCKP6dEYU0WRBMawWFraV7kVhzu7ZiHdbqWFDKV2k=
Subject key identifier: 4F:82:BF:75:3F:A5:8D:51:C4:37:F1:73:55:1E:23:72:6F:7A:9A:69
Certificate issuer: /CN=477f4b6ec4347157c4d13ef0e7abe1290a0bf57c
Certificate serial: 018CC26D33EDC680AA24097B841EEDE7D369
Authority key identifier: 47:7F:4B:6E:C4:34:71:57:C4:D1:3E:F0:E7:AB:E1:29:0A:0B:F5:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/T4K_dT-ljVHEN_FzVR4jcm96mmk.roa
Signing time: Mon 01 Jan 2024 00:29:45 +0000
ROA not before: Mon 01 Jan 2024 00:29:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34087
IP address blocks: 152.65.32.0/19 maxlen: 19
89.151.224.0/19 maxlen: 19
185.161.56.0/23 maxlen: 23
185.161.56.0/22 maxlen: 22
152.65.64.0/19 maxlen: 19
178.164.64.0/19 maxlen: 19
94.246.0.0/18 maxlen: 18
178.164.96.0/19 maxlen: 19
152.65.0.0/19 maxlen: 19
89.151.192.0/19 maxlen: 19
178.164.0.0/17 maxlen: 17
178.164.0.0/19 maxlen: 19
84.52.224.0/19 maxlen: 19
84.16.192.0/19 maxlen: 19
217.168.80.0/20 maxlen: 20
178.164.32.0/19 maxlen: 19
148.252.64.0/19 maxlen: 19
148.252.64.0/18 maxlen: 18
152.65.96.0/19 maxlen: 19
84.52.192.0/18 maxlen: 18
148.252.96.0/19 maxlen: 19
85.89.0.0/19 maxlen: 19
2a01:560::/29 maxlen: 29
2a01:560::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/R39LbsQ0cVfE0T7w56vhKQoL9Xw.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/R39LbsQ0cVfE0T7w56vhKQoL9Xw.mft
rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:33:ed:c6:80:aa:24:09:7b:84:1e:ed:e7:d3:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=477f4b6ec4347157c4d13ef0e7abe1290a0bf57c
Validity
Not Before: Jan 1 00:29:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4f82bf753fa58d51c437f173551e23726f7a9a69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:fb:b0:66:35:9b:b8:de:fe:cf:9c:83:6a:44:
bd:8b:f0:a3:e0:56:3f:f1:6a:96:aa:48:86:f0:f2:
e8:29:07:45:e1:dc:36:23:3f:5d:fb:9e:d5:72:1d:
aa:a2:ed:7d:aa:49:23:cf:10:09:a6:70:a1:7f:d6:
22:11:54:0f:96:23:52:ec:25:9b:91:fb:ca:7a:a5:
07:bc:6f:f6:e7:a6:f5:08:ee:84:41:49:26:f6:6f:
be:1f:47:71:24:6a:88:47:f1:bf:f4:c1:8b:b6:74:
ff:d9:37:76:32:64:0e:3d:49:e8:25:64:5f:1c:ed:
48:4f:d3:ff:85:e4:07:f0:a3:f1:03:d4:3f:7d:de:
39:f4:bf:b5:5f:6d:a3:9a:dd:11:3f:34:85:11:51:
8a:4b:65:9e:cd:c6:38:65:75:49:9f:90:d3:e8:0b:
bb:2b:df:f4:b9:d9:55:8a:5d:f6:97:b2:15:2d:5d:
1d:5a:f8:40:45:4c:ea:d7:6f:e3:c4:75:c5:b3:ff:
d0:6a:cc:a9:3f:3f:85:5d:b8:1e:c4:eb:9d:ef:ff:
e8:92:5d:e2:c0:13:56:35:e3:b5:51:fe:04:b1:83:
75:3d:4f:28:c2:92:5c:1f:6d:2f:3f:ab:39:68:a7:
55:14:11:25:24:f0:e1:ca:79:a5:74:a0:0b:87:6d:
45:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:82:BF:75:3F:A5:8D:51:C4:37:F1:73:55:1E:23:72:6F:7A:9A:69
X509v3 Authority Key Identifier:
keyid:47:7F:4B:6E:C4:34:71:57:C4:D1:3E:F0:E7:AB:E1:29:0A:0B:F5:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/T4K_dT-ljVHEN_FzVR4jcm96mmk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/R39LbsQ0cVfE0T7w56vhKQoL9Xw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.16.192.0/19
84.52.192.0/18
85.89.0.0/19
89.151.192.0/18
94.246.0.0/18
148.252.64.0/18
152.65.0.0/17
178.164.0.0/17
185.161.56.0/22
217.168.80.0/20
IPv6:
2a01:560::/29
Signature Algorithm: sha256WithRSAEncryption
23:44:22:34:c4:f7:21:70:9e:57:e8:4a:c3:70:c0:69:2c:1b:
0d:62:15:15:2d:27:37:9a:56:76:4a:a2:08:0e:e6:e8:eb:1f:
9e:34:7d:53:57:b6:22:3f:d4:1f:cc:48:ed:95:2c:e4:0a:6f:
2d:f1:ea:3b:07:16:2f:26:0e:10:30:8e:e5:e1:89:82:97:f5:
ff:95:48:86:8a:e0:7a:1d:ff:b1:0c:52:19:5a:a9:61:46:a4:
59:cd:44:61:64:ae:5c:b7:67:9e:7e:98:b9:f4:4b:3d:6b:b4:
23:ed:59:f0:7a:76:6b:72:ec:9d:e2:d9:25:f5:37:8b:54:f7:
2e:f1:ab:a9:e9:00:9a:fa:7f:d3:09:52:11:0d:7e:09:b8:23:
9a:f2:87:4a:c4:0c:bf:e1:8a:79:f0:bf:0f:e7:e0:81:b1:71:
52:20:62:29:ca:74:54:38:44:75:f1:be:c0:59:80:66:15:d9:
5a:b6:2c:00:16:30:b0:44:e7:ae:a1:52:df:43:dc:f9:71:da:
eb:ed:cc:7c:fb:be:fe:48:26:56:22:fd:56:ec:dc:c5:76:75:
a4:d1:ee:22:01:64:d7:32:f9:cb:fb:19:d5:71:8e:8f:90:c2:
f4:0e:9e:5f:6a:49:e7:a0:11:d7:8d:e2:a4:b7:ec:00:f4:ad:
c7:88:85:94
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzCbTPtxoCqJAl7hB7t59NpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3N2Y0YjZlYzQzNDcxNTdjNGQxM2VmMGU3YWJlMTI5MGEw
YmY1N2MwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjgyYmY3NTNmYTU4ZDUxYzQzN2YxNzM1NTFlMjM3MjZmN2E5YTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvuwZjWbuN7+z5yDakS9i/Cj4FY/
8WqWqkiG8PLoKQdF4dw2Iz9d+57Vch2qou19qkkjzxAJpnChf9YiEVQPliNS7CWb
kfvKeqUHvG/256b1CO6EQUkm9m++H0dxJGqIR/G/9MGLtnT/2Td2MmQOPUnoJWRf
HO1IT9P/heQH8KPxA9Q/fd459L+1X22jmt0RPzSFEVGKS2WezcY4ZXVJn5DT6Au7
K9/0udlVil32l7IVLV0dWvhARUzq12/jxHXFs//QasypPz+FXbgexOud7//okl3i
wBNWNeO1Uf4EsYN1PU8owpJcH20vP6s5aKdVFBElJPDhynmldKALh21FHQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFE+Cv3U/pY1RxDfxc1UeI3JvepppMB8GA1UdIwQY
MBaAFEd/S27ENHFXxNE+8Oer4SkKC/V8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjM5TGJzUTBjVmZFMFQ3dzU2dmhLUW9MOVh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zOTNlMTYtODk4ZS00NWQ4LTlkNzIt
ZDhiZDI1MGI2NGY5LzEvVDRLX2RULWxqVkhFTl9GelZSNGpjbTk2bW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zOTNlMTYtODk4ZS00NWQ4LTlkNzItZDhiZDI1MGI2NGY5
LzEvUjM5TGJzUTBjVmZFMFQ3dzU2dmhLUW9MOVh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQFVBDAAwQG
VDTAAwQFVVkAAwQGWZfAAwQGXvYAAwQGlPxAAwQHmEEAAwQHsqQAAwQCuaE4AwQE
2ahQMA0EAgACMAcDBQMqAQVgMA0GCSqGSIb3DQEBCwUAA4IBAQAjRCI0xPchcJ5X
6ErDcMBpLBsNYhUVLSc3mlZ2SqIIDubo6x+eNH1TV7YiP9QfzEjtlSzkCm8t8eo7
BxYvJg4QMI7l4YmCl/X/lUiGiuB6Hf+xDFIZWqlhRqRZzURhZK5ct2eefpi59Es9
a7Qj7VnwenZrcuyd4tkl9TeLVPcu8aup6QCa+n/TCVIRDX4JuCOa8odKxAy/4Yp5
8L8P5+CBsXFSIGIpynRUOER18b7AWYBmFdlatiwAFjCwROeuoVLfQ9z5cdrr7cx8
+77+SCZWIv1W7NzFdnWk0e4iAWTXMvnL+xnVcY6PkML0Dp5faknnoBHXjeKkt+wA
9K3HiIWU
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:07:31 2024 by rpki-client on console-ams.rpki-client.org