Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/HBzSI31KzcG6MtFGJxAl0JWKjfw.roa
File: HBzSI31KzcG6MtFGJxAl0JWKjfw.roa (raw, json)
Hash identifier: AY2nBHotOf4O7yqsIV9aH/QtOzLUdUAXVNM/GOUDX10=
Subject key identifier: 1C:1C:D2:23:7D:4A:CD:C1:BA:32:D1:46:27:10:25:D0:95:8A:8D:FC
Certificate issuer: /CN=4ecf617af35f3724e7da860ebfbe4ec138ae1800
Certificate serial: 018CC2DAD5282078E5D6AB6AD5880C0A480D
Authority key identifier: 4E:CF:61:7A:F3:5F:37:24:E7:DA:86:0E:BF:BE:4E:C1:38:AE:18:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ts9hevNfNyTn2oYOv75OwTiuGAA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/HBzSI31KzcG6MtFGJxAl0JWKjfw.roa
Signing time: Mon 01 Jan 2024 02:29:30 +0000
ROA not before: Mon 01 Jan 2024 02:29:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35401
IP address blocks: 217.170.112.0/20 maxlen: 24
87.244.56.0/22 maxlen: 24
87.244.54.0/24 maxlen: 24
87.244.55.0/24 maxlen: 24
87.244.52.0/24 maxlen: 24
87.244.53.0/24 maxlen: 24
87.244.63.0/24 maxlen: 24
87.244.62.0/24 maxlen: 24
87.244.60.0/23 maxlen: 24
87.244.0.0/21 maxlen: 24
87.244.16.0/21 maxlen: 24
87.244.32.0/21 maxlen: 24
87.244.40.0/21 maxlen: 24
87.244.48.0/21 maxlen: 24
185.138.160.0/23 maxlen: 23
2a02:26e0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/Ts9hevNfNyTn2oYOv75OwTiuGAA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/Ts9hevNfNyTn2oYOv75OwTiuGAA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ts9hevNfNyTn2oYOv75OwTiuGAA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:da:d5:28:20:78:e5:d6:ab:6a:d5:88:0c:0a:48:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ecf617af35f3724e7da860ebfbe4ec138ae1800
Validity
Not Before: Jan 1 02:29:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1c1cd2237d4acdc1ba32d146271025d0958a8dfc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:15:f2:e2:94:f4:f6:52:4d:0e:41:fd:b3:cf:
30:d4:1e:82:90:6d:34:a3:b4:37:2e:cc:2c:6a:67:
de:71:32:a5:e2:72:3b:66:eb:99:d3:62:32:cf:0d:
23:48:05:7a:ad:0e:83:01:c7:9a:c4:4e:31:fb:ac:
03:0e:de:5c:22:22:98:12:77:db:27:d1:8a:00:f7:
48:68:d7:55:1b:c9:bc:49:09:a6:19:10:eb:94:43:
22:7a:96:b0:c5:53:08:ba:ed:e4:7e:14:05:ef:1e:
c0:b1:a4:c7:64:08:4e:9b:64:b6:31:e0:36:b1:8e:
73:1c:60:5e:a7:c5:5f:f9:27:bc:b4:46:08:a7:7d:
f6:42:a8:2a:d5:46:b3:1f:dd:86:ab:cb:a4:72:fa:
94:9f:db:fb:29:05:10:39:35:5a:e5:c3:5c:b8:97:
b0:d0:d8:09:cf:53:cc:5c:fd:f7:69:f1:a6:84:84:
8c:32:d6:8c:e7:5a:8e:70:fb:8e:cd:e5:51:68:43:
01:f7:d7:4b:ce:b8:2c:8f:a0:7d:08:33:d3:e1:12:
6a:d3:18:2c:06:7b:b9:57:f5:84:01:dc:9a:08:05:
78:93:39:0b:17:83:10:e1:ff:5f:ab:81:fc:c6:48:
67:34:78:e1:dd:df:70:8b:85:da:f1:45:1c:91:55:
d9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:1C:D2:23:7D:4A:CD:C1:BA:32:D1:46:27:10:25:D0:95:8A:8D:FC
X509v3 Authority Key Identifier:
keyid:4E:CF:61:7A:F3:5F:37:24:E7:DA:86:0E:BF:BE:4E:C1:38:AE:18:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9hevNfNyTn2oYOv75OwTiuGAA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/HBzSI31KzcG6MtFGJxAl0JWKjfw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/Ts9hevNfNyTn2oYOv75OwTiuGAA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.244.0.0/21
87.244.16.0/21
87.244.32.0/19
185.138.160.0/23
217.170.112.0/20
IPv6:
2a02:26e0::/32
Signature Algorithm: sha256WithRSAEncryption
34:8c:dd:fd:2f:41:c8:e7:f2:2d:05:20:97:9a:9c:1f:31:91:
d6:9e:0f:ca:2e:55:39:05:cd:5e:21:27:71:bb:77:f6:0d:de:
22:f7:ac:8d:d2:c9:ef:56:d1:b1:e7:4e:55:82:a3:6b:17:de:
c3:5e:2d:0c:67:fa:4b:1e:42:d0:30:19:0e:cb:bf:e2:bc:07:
28:f1:c6:79:d4:ae:0e:46:b1:e8:39:82:81:24:90:2b:6f:5f:
58:2e:1d:c1:d3:c7:82:ea:f8:14:5b:05:e9:9f:28:65:d1:03:
e9:a3:fc:6a:f9:6d:5d:f4:4e:46:23:3f:cd:29:d9:6f:13:b0:
01:0b:52:78:3c:dd:8f:25:35:9d:93:ed:31:35:2f:a2:54:e9:
0b:11:e0:ff:31:66:83:15:b5:3f:0b:d8:ed:40:2c:91:fd:62:
90:87:ab:49:73:61:9d:49:09:c5:54:5b:83:e4:67:d9:19:7e:
4c:00:f8:bc:fd:f4:40:11:96:5a:eb:0e:c9:38:e2:b1:40:2d:
6c:7f:89:79:03:52:3a:e2:64:f6:bd:eb:5c:8a:7c:91:b6:2e:
ef:6f:35:09:80:da:fe:71:f9:61:86:32:6d:ed:fa:10:55:b5:
fd:7f:43:ce:32:70:f2:c1:21:49:f8:7c:6d:47:88:37:ef:55:
01:89:3e:83
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzC2tUoIHjl1qtq1YgMCkgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y2MTdhZjM1ZjM3MjRlN2RhODYwZWJmYmU0ZWMxMzhh
ZTE4MDAwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzFjZDIyMzdkNGFjZGMxYmEzMmQxNDYyNzEwMjVkMDk1OGE4ZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRXy4pT09lJNDkH9s88w1B6CkG00
o7Q3LswsamfecTKl4nI7ZuuZ02Iyzw0jSAV6rQ6DAceaxE4x+6wDDt5cIiKYEnfb
J9GKAPdIaNdVG8m8SQmmGRDrlEMiepawxVMIuu3kfhQF7x7AsaTHZAhOm2S2MeA2
sY5zHGBep8Vf+Se8tEYIp332Qqgq1UazH92Gq8ukcvqUn9v7KQUQOTVa5cNcuJew
0NgJz1PMXP33afGmhISMMtaM51qOcPuOzeVRaEMB99dLzrgsj6B9CDPT4RJq0xgs
Bnu5V/WEAdyaCAV4kzkLF4MQ4f9fq4H8xkhnNHjh3d9wi4Xa8UUckVXZNwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBwc0iN9Ss3BujLRRicQJdCVio38MB8GA1UdIwQY
MBaAFE7PYXrzXzck59qGDr++TsE4rhgAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5aGV2TmZOeVRuMm9ZT3Y3NU93VGl1R0FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi85NzVjNWUtNmIwNS00YTQ3LTllOTEt
MTM2OTkzNjVjM2M3LzEvSEJ6U0kzMUt6Y0c2TXRGR0p4QWwwSldLamZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi85NzVjNWUtNmIwNS00YTQ3LTllOTEtMTM2OTkzNjVjM2M3
LzEvVHM5aGV2TmZOeVRuMm9ZT3Y3NU93VGl1R0FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDV/QAAwQD
V/QQAwQFV/QgAwQBuYqgAwQE2apwMA0EAgACMAcDBQAqAibgMA0GCSqGSIb3DQEB
CwUAA4IBAQA0jN39L0HI5/ItBSCXmpwfMZHWng/KLlU5Bc1eISdxu3f2Dd4i96yN
0snvVtGx505VgqNrF97DXi0MZ/pLHkLQMBkOy7/ivAco8cZ51K4ORrHoOYKBJJAr
b19YLh3B08eC6vgUWwXpnyhl0QPpo/xq+W1d9E5GIz/NKdlvE7ABC1J4PN2PJTWd
k+0xNS+iVOkLEeD/MWaDFbU/C9jtQCyR/WKQh6tJc2GdSQnFVFuD5GfZGX5MAPi8
/fRAEZZa6w7JOOKxQC1sf4l5A1I64mT2vetcinyRti7vbzUJgNr+cflhhjJt7foQ
VbX9f0POMnDywSFJ+HxtR4g371UBiT6D
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:00:40 2024 by rpki-client on console-fra.rpki-client.org