Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/Icxc8xsiWwmOYif-7NYafcb2TfY.roa
File: Icxc8xsiWwmOYif-7NYafcb2TfY.roa (raw, json)
Hash identifier: D2K3NN2JZqm0OBh+ajQ8tZIcxMK7wtvJLvcak0scpvo=
Subject key identifier: 21:CC:5C:F3:1B:22:5B:09:8E:62:27:FE:EC:D6:1A:7D:C6:F6:4D:F6
Certificate issuer: /CN=0324db1dcf0c2429e121516ae2792fc3253fd3ba
Certificate serial: 018CC26D25C7256AC298DFD9F03989EC3B40
Authority key identifier: 03:24:DB:1D:CF:0C:24:29:E1:21:51:6A:E2:79:2F:C3:25:3F:D3:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/Icxc8xsiWwmOYif-7NYafcb2TfY.roa
Signing time: Mon 01 Jan 2024 00:29:42 +0000
ROA not before: Mon 01 Jan 2024 00:29:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39783
IP address blocks: 185.35.184.0/22 maxlen: 22
46.226.8.0/21 maxlen: 21
193.93.220.0/22 maxlen: 22
91.192.220.0/22 maxlen: 22
62.122.248.0/21 maxlen: 21
185.7.60.0/22 maxlen: 22
91.189.168.0/21 maxlen: 21
91.189.168.0/24 maxlen: 24
2a02:2690::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/AyTbHc8MJCnhIVFq4nkvwyU_07o.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/AyTbHc8MJCnhIVFq4nkvwyU_07o.mft
rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 May 2024 08:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:25:c7:25:6a:c2:98:df:d9:f0:39:89:ec:3b:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0324db1dcf0c2429e121516ae2792fc3253fd3ba
Validity
Not Before: Jan 1 00:29:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=21cc5cf31b225b098e6227feecd61a7dc6f64df6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:2d:2f:87:34:ec:65:84:80:cf:d2:5c:29:cd:
be:87:83:29:00:69:06:6a:f4:de:ad:a5:2b:3f:15:
46:28:28:b3:8d:36:d3:df:64:8b:51:16:c4:c9:5b:
5f:db:c9:61:5a:88:73:32:4f:3b:4a:e9:8b:38:45:
a1:fb:9d:11:11:2d:33:0c:c4:ae:77:c1:b9:aa:36:
9d:67:72:d7:d2:4c:a3:b8:1a:c6:49:6f:5b:fa:44:
02:d1:cf:dc:d7:8b:91:06:73:f3:33:13:45:ed:ee:
b3:ce:39:1a:05:bd:c5:0e:c8:81:c3:3f:79:47:31:
aa:8b:5c:59:fa:5e:8f:ea:c4:68:11:a9:43:d1:16:
95:db:2c:9b:d8:99:11:a8:bf:62:ec:f9:b6:ce:75:
8c:51:8d:ed:ed:cd:94:2c:ba:8e:bd:6a:22:66:c5:
f4:b8:a6:1e:c1:5d:bc:0a:e5:54:f4:6d:fb:d4:a3:
21:1a:99:98:c9:58:48:83:df:c3:54:51:c0:ff:1e:
59:29:6c:5a:c1:1f:6e:69:6c:6e:e5:c8:a3:01:ca:
e5:dc:23:fe:96:53:d1:87:99:8b:57:f2:81:69:73:
63:f1:fb:5d:21:0c:1e:0f:3b:b4:88:f2:e4:57:ee:
e0:54:d6:1e:b5:08:55:a3:18:97:dc:74:e2:1d:c0:
56:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:CC:5C:F3:1B:22:5B:09:8E:62:27:FE:EC:D6:1A:7D:C6:F6:4D:F6
X509v3 Authority Key Identifier:
keyid:03:24:DB:1D:CF:0C:24:29:E1:21:51:6A:E2:79:2F:C3:25:3F:D3:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/Icxc8xsiWwmOYif-7NYafcb2TfY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/AyTbHc8MJCnhIVFq4nkvwyU_07o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.8.0/21
62.122.248.0/21
91.189.168.0/21
91.192.220.0/22
185.7.60.0/22
185.35.184.0/22
193.93.220.0/22
IPv6:
2a02:2690::/32
Signature Algorithm: sha256WithRSAEncryption
60:c2:a2:c7:0a:0f:01:9d:59:38:66:34:13:3c:8a:b9:af:50:
47:40:9f:35:9b:cb:13:ec:7b:a0:ed:7f:9a:e0:f9:7a:48:6c:
f7:86:05:c8:a7:6b:e4:26:4f:f1:46:74:59:0d:d2:f9:3c:dd:
48:76:4c:10:0b:4a:83:75:31:09:5a:d7:e6:65:c5:aa:22:0d:
87:d7:27:48:ae:72:49:cf:a0:a2:ac:e5:c7:16:f7:fc:cc:05:
ab:00:5e:c1:75:55:f6:3f:3e:ed:e6:3b:58:ee:e4:96:7a:10:
6d:87:61:54:5a:2b:ea:ce:31:8d:f8:0f:50:af:99:e2:a2:51:
78:1c:c1:39:0f:f5:06:e9:b6:8c:2f:b5:f7:96:c8:e0:02:fd:
c7:70:b6:c1:4d:3e:4c:df:a9:56:01:26:ee:8f:60:a4:20:28:
8c:d1:5b:3b:d5:ce:2a:98:42:c6:fa:75:eb:2a:57:e3:18:ca:
69:c0:27:62:16:68:63:8d:95:6f:e9:1f:2c:d8:20:9a:2c:1f:
ac:28:51:02:92:4f:62:45:71:a6:e2:49:83:fb:2e:9a:7c:74:
5d:e5:b0:58:d9:af:f8:1e:72:bb:09:05:1e:2d:ee:0e:3d:69:
37:53:65:a0:36:e7:94:18:8a:46:e3:b9:05:d6:17:18:0f:8e:
a6:a1:1c:ac
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzCbSXHJWrCmN/Z8DmJ7DtAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMjRkYjFkY2YwYzI0MjllMTIxNTE2YWUyNzkyZmMzMjUz
ZmQzYmEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWNjNWNmMzFiMjI1YjA5OGU2MjI3ZmVlY2Q2MWE3ZGM2ZjY0ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS0vhzTsZYSAz9JcKc2+h4MpAGkG
avTeraUrPxVGKCizjTbT32SLURbEyVtf28lhWohzMk87SumLOEWh+50RES0zDMSu
d8G5qjadZ3LX0kyjuBrGSW9b+kQC0c/c14uRBnPzMxNF7e6zzjkaBb3FDsiBwz95
RzGqi1xZ+l6P6sRoEalD0RaV2yyb2JkRqL9i7Pm2znWMUY3t7c2ULLqOvWoiZsX0
uKYewV28CuVU9G371KMhGpmYyVhIg9/DVFHA/x5ZKWxawR9uaWxu5cijAcrl3CP+
llPRh5mLV/KBaXNj8ftdIQweDzu0iPLkV+7gVNYetQhVoxiX3HTiHcBWBwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFCHMXPMbIlsJjmIn/uzWGn3G9k32MB8GA1UdIwQY
MBaAFAMk2x3PDCQp4SFRauJ5L8MlP9O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXlUYkhjOE1KQ25oSVZGcTRua3Z3eVVfMDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85MGY5NDItNjUxMS00MDU0LTk0YmUt
NGQyYzRkYTcyMWQ0LzEvSWN4Yzh4c2lXd21PWWlmLTdOWWFmY2IyVGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85MGY5NDItNjUxMS00MDU0LTk0YmUtNGQyYzRkYTcyMWQ0
LzEvQXlUYkhjOE1KQ25oSVZGcTRua3Z3eVVfMDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDLuIIAwQD
Pnr4AwQDW72oAwQCW8DcAwQCuQc8AwQCuSO4AwQCwV3cMA0EAgACMAcDBQAqAiaQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBgwqLHCg8BnVk4ZjQTPIq5r1BHQJ81m8sT7Hug
7X+a4Pl6SGz3hgXIp2vkJk/xRnRZDdL5PN1IdkwQC0qDdTEJWtfmZcWqIg2H1ydI
rnJJz6CirOXHFvf8zAWrAF7BdVX2Pz7t5jtY7uSWehBth2FUWivqzjGN+A9Qr5ni
olF4HME5D/UG6baML7X3lsjgAv3HcLbBTT5M36lWASbuj2CkICiM0Vs71c4qmELG
+nXrKlfjGMppwCdiFmhjjZVv6R8s2CCaLB+sKFECkk9iRXGm4kmD+y6afHRd5bBY
2a/4HnK7CQUeLe4OPWk3U2WgNueUGIpG47kF1hcYD46moRys
-----END CERTIFICATE-----
Generated at Mon May 20 17:35:31 2024 by rpki-client on console-fra.rpki-client.org