Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/I2Zp3O9GuDESzIwxuBXNNbCUHWA.roa
File: I2Zp3O9GuDESzIwxuBXNNbCUHWA.roa (raw, json)
Hash identifier: i4xbPROXGr1QwiuclNofMJ1nTFliZgNrRGwoO4JJ3bc=
Subject key identifier: 23:66:69:DC:EF:46:B8:31:12:CC:8C:31:B8:15:CD:35:B0:94:1D:60
Certificate issuer: /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial: 018CC794E81C4F26576D185D0CBFB26FEA17
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/I2Zp3O9GuDESzIwxuBXNNbCUHWA.roa
Signing time: Tue 02 Jan 2024 00:31:13 +0000
ROA not before: Tue 02 Jan 2024 00:31:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1239
IP address blocks: 194.28.156.0/24 maxlen: 24
194.28.158.0/24 maxlen: 24
194.104.4.0/24 maxlen: 24
194.104.5.0/24 maxlen: 24
194.104.6.0/24 maxlen: 24
212.69.132.0/24 maxlen: 24
212.69.133.0/24 maxlen: 24
212.69.134.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 10 May 2024 02:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:94:e8:1c:4f:26:57:6d:18:5d:0c:bf:b2:6f:ea:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Validity
Not Before: Jan 2 00:31:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=236669dcef46b83112cc8c31b815cd35b0941d60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:94:28:05:69:ac:13:11:05:30:2f:b9:d8:6d:
01:ef:c7:61:17:8b:6e:6a:f7:df:fb:0c:5d:15:69:
7a:2d:ef:e6:bf:f2:82:5f:91:81:62:ce:77:dc:5c:
16:50:d8:78:6a:74:a3:6a:e3:f2:99:c0:bb:7b:25:
e3:f7:f0:eb:85:24:6d:94:47:16:ed:c6:84:c0:8c:
25:8d:89:f3:ef:49:e9:a9:56:d6:38:04:a9:aa:d1:
63:1c:0c:47:a4:65:6a:97:16:20:58:16:fb:21:ca:
b2:98:08:64:69:2e:5a:e2:86:60:91:a5:6b:28:d5:
e3:48:e0:8e:50:41:68:fb:e2:c3:9e:5f:16:4c:5f:
a1:b7:93:11:22:26:c5:c1:1e:fa:12:93:8a:f1:a0:
c3:f2:10:fc:63:47:03:d7:14:f2:68:14:ac:90:a6:
59:66:2b:50:6e:af:a6:47:4a:59:09:12:95:af:5e:
15:ef:fa:18:9c:21:31:72:d7:70:39:38:3f:ab:45:
29:29:9e:71:2f:fd:02:0b:b6:e8:ca:fa:80:28:28:
74:37:1f:74:ca:d5:fc:9b:c7:a6:40:74:40:d2:e7:
dd:dd:7c:4f:4b:34:90:ea:9c:34:4f:e7:ae:03:24:
d1:8f:d0:28:85:b9:32:05:86:72:d1:0c:1b:bd:55:
90:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:66:69:DC:EF:46:B8:31:12:CC:8C:31:B8:15:CD:35:B0:94:1D:60
X509v3 Authority Key Identifier:
keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/I2Zp3O9GuDESzIwxuBXNNbCUHWA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.28.156.0/24
194.28.158.0/24
194.104.4.0-194.104.6.255
212.69.132.0-212.69.134.255
Signature Algorithm: sha256WithRSAEncryption
84:08:15:a0:88:af:9f:d8:fb:5a:3a:d3:7a:7a:9b:44:1f:f0:
c1:47:0d:cf:ba:44:e7:29:eb:73:40:34:73:5d:f1:45:20:db:
68:36:eb:d9:9d:92:1a:6b:93:41:48:ca:1e:5d:e7:ec:84:59:
a5:3d:ae:ff:e8:fa:b7:8f:10:b9:22:57:f8:a3:d6:dc:03:2d:
c5:29:3f:bb:c3:cf:58:96:bb:0b:f4:23:e4:98:cb:ac:0f:8e:
93:2c:46:91:60:76:a5:c5:f4:f9:bf:33:a4:91:70:99:5e:04:
0c:8d:bb:71:13:df:a9:37:cb:36:c6:0f:c8:69:04:f1:c4:4d:
db:fb:77:99:8d:8a:76:86:b2:cc:16:b5:89:c5:02:61:d2:e6:
83:5b:6a:f2:69:fe:6e:59:e8:8a:90:fb:bf:40:43:56:47:42:
03:13:85:74:a0:73:3d:0e:c5:f8:2a:3a:9a:c0:17:4b:8d:66:
92:12:1e:1c:c9:eb:2f:8c:5b:5d:ba:13:e7:2d:39:13:eb:7d:
04:d2:d9:f2:48:b3:93:d3:34:9b:b0:9e:d1:9f:c1:52:a2:15:
5c:33:ac:97:18:54:66:c1:c0:67:99:c8:cc:83:6b:f7:ee:4e:
78:ce:89:d9:1e:47:3c:fa:d4:b3:77:51:18:1f:5c:48:14:3c:
b2:f2:8f:22
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzHlOgcTyZXbRhdDL+yb+oXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzY2NjlkY2VmNDZiODMxMTJjYzhjMzFiODE1Y2QzNWIwOTQxZDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpQoBWmsExEFMC+52G0B78dhF4tu
avff+wxdFWl6Le/mv/KCX5GBYs533FwWUNh4anSjauPymcC7eyXj9/DrhSRtlEcW
7caEwIwljYnz70npqVbWOASpqtFjHAxHpGVqlxYgWBb7IcqymAhkaS5a4oZgkaVr
KNXjSOCOUEFo++LDnl8WTF+ht5MRIibFwR76EpOK8aDD8hD8Y0cD1xTyaBSskKZZ
ZitQbq+mR0pZCRKVr14V7/oYnCExctdwOTg/q0UpKZ5xL/0CC7boyvqAKCh0Nx90
ytX8m8emQHRA0ufd3XxPSzSQ6pw0T+euAyTRj9AohbkyBYZy0QwbvVWQmQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFCNmadzvRrgxEsyMMbgVzTWwlB1gMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvSTJacDNPOUd1REVTekl3eHVCWE5OYkNVSFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQAwhycAwQA
whyeMAwDBALCaAQDBADCaAYwDAMEAtRFhAMEANRFhjANBgkqhkiG9w0BAQsFAAOC
AQEAhAgVoIivn9j7WjrTenqbRB/wwUcNz7pE5ynrc0A0c13xRSDbaDbr2Z2SGmuT
QUjKHl3n7IRZpT2u/+j6t48QuSJX+KPW3AMtxSk/u8PPWJa7C/Qj5JjLrA+OkyxG
kWB2pcX0+b8zpJFwmV4EDI27cRPfqTfLNsYPyGkE8cRN2/t3mY2KdoayzBa1icUC
YdLmg1tq8mn+blnoipD7v0BDVkdCAxOFdKBzPQ7F+Co6msAXS41mkhIeHMnrL4xb
XboT5y05E+t9BNLZ8kizk9M0m7Ce0Z/BUqIVXDOslxhUZsHAZ5nIzINr9+5OeM6J
2R5HPPrUs3dRGB9cSBQ8svKPIg==
-----END CERTIFICATE-----
Generated at Thu May 9 07:59:29 2024 by rpki-client on console-ams.rpki-client.org