Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/CzsFJS601jLpyBJ_62VSzo7I43A.roa
File: CzsFJS601jLpyBJ_62VSzo7I43A.roa (raw, json)
Hash identifier: QrmSjUBBwbBc/0OHfpX8SNYUhgZ9NBwJb6+sHhk7lAU=
Subject key identifier: 0B:3B:05:25:2E:B4:D6:32:E9:C8:12:7F:EB:65:52:CE:8E:C8:E3:70
Certificate issuer: /CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
Certificate serial: 018CC4931CECD27BC8F1B92616ED266CBFF1
Authority key identifier: 91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/CzsFJS601jLpyBJ_62VSzo7I43A.roa
Signing time: Mon 01 Jan 2024 10:30:24 +0000
ROA not before: Mon 01 Jan 2024 10:30:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3561
IP address blocks: 82.112.171.0/24 maxlen: 24
82.112.172.0/24 maxlen: 24
82.112.169.0/24 maxlen: 24
82.112.170.0/24 maxlen: 24
82.112.168.0/24 maxlen: 24
82.112.174.0/24 maxlen: 24
82.112.175.0/24 maxlen: 24
185.143.76.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.mft
rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 23:17:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:1c:ec:d2:7b:c8:f1:b9:26:16:ed:26:6c:bf:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
Validity
Not Before: Jan 1 10:30:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0b3b05252eb4d632e9c8127feb6552ce8ec8e370
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:24:5e:91:d1:70:78:6e:e3:b6:ba:64:41:ac:
cd:75:2f:38:27:14:24:87:b7:cc:41:ab:f2:d3:83:
e1:75:ff:4e:b4:bd:35:43:63:7c:d2:d7:08:fa:df:
85:f2:0c:83:29:cc:8f:90:fe:db:52:8f:3f:0d:d9:
81:80:a9:b1:c3:00:60:72:37:94:41:e0:5d:5a:16:
12:ea:cd:c5:d2:d6:2f:47:0a:6c:f1:9d:a6:4f:f6:
cf:80:7b:90:21:53:33:cf:25:41:c4:1a:0c:87:f1:
ac:2d:d4:1d:c2:3b:43:dd:1c:38:43:e6:5c:dd:92:
fb:c3:28:e3:10:fc:73:b9:d2:7d:ed:bf:e6:09:61:
d5:50:b9:92:9b:53:f7:1f:a8:24:6c:df:c1:6e:12:
71:b0:9f:a2:e2:61:e5:8e:d4:a2:12:b3:8c:75:6b:
ec:f9:53:06:80:a7:36:4b:4a:05:48:e4:9b:29:4c:
f9:89:e5:2a:93:02:6f:7b:c3:8e:77:1e:b8:ca:7a:
76:15:1b:8e:69:70:e7:ac:ae:17:03:d5:8a:33:16:
24:ca:a7:c0:6a:0c:49:59:a8:d9:3d:b7:4d:57:34:
10:69:5d:3d:d0:7f:81:17:77:8a:83:74:6f:2f:17:
08:d8:f7:41:2c:df:e6:52:4f:32:bd:75:a0:84:0e:
b9:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:3B:05:25:2E:B4:D6:32:E9:C8:12:7F:EB:65:52:CE:8E:C8:E3:70
X509v3 Authority Key Identifier:
keyid:91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/CzsFJS601jLpyBJ_62VSzo7I43A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.112.168.0-82.112.172.255
82.112.174.0/23
185.143.76.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:ab:1f:e7:32:a2:57:5a:32:7c:dc:db:82:20:b7:d6:03:82:
2b:1f:30:3d:31:cf:01:ab:84:15:f8:6a:10:ab:c4:a3:dd:67:
07:94:88:7d:4c:d0:6d:2c:63:54:4c:23:f6:6c:e7:59:fc:85:
82:b8:81:1f:bb:dc:c6:5b:99:59:d2:09:0a:5b:7f:26:7f:00:
b9:3f:74:80:50:32:24:62:12:01:1d:9e:ea:f3:fb:18:85:99:
f4:c7:67:3c:2b:6a:94:34:cf:1b:6f:62:0c:9a:dd:01:6d:0f:
73:d2:4f:cb:05:22:54:d7:76:4d:bb:d4:a3:2e:0d:0b:06:95:
a6:46:e0:f5:a1:35:f9:75:95:11:2b:aa:16:66:e8:dd:52:d3:
6f:db:92:5d:3c:da:73:b8:ea:44:82:53:f8:b2:b7:ec:43:54:
f8:6d:b1:03:69:7a:a4:86:b3:69:25:d9:6f:c2:33:11:db:a9:
de:74:f3:d4:31:00:6b:6c:cf:ec:d4:f8:98:4c:52:49:55:d6:
3f:14:26:2b:78:74:d6:15:06:a3:a1:77:92:c1:86:51:6a:f1:
33:91:49:15:a8:38:25:da:c6:d4:7d:e7:22:c5:3e:30:4f:db:
1a:37:76:0b:ba:f8:3c:b6:80:23:95:df:0a:ec:ce:9f:29:49:
0d:b5:5a:77
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzEkxzs0nvI8bkmFu0mbL/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzgxYmM5NjlkZTZhZGMzZDFkZGMwZWI4OWJkZWVhY2U5
ODA1Y2QwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjNiMDUyNTJlYjRkNjMyZTljODEyN2ZlYjY1NTJjZThlYzhlMzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCRekdFweG7jtrpkQazNdS84JxQk
h7fMQavy04Phdf9OtL01Q2N80tcI+t+F8gyDKcyPkP7bUo8/DdmBgKmxwwBgcjeU
QeBdWhYS6s3F0tYvRwps8Z2mT/bPgHuQIVMzzyVBxBoMh/GsLdQdwjtD3Rw4Q+Zc
3ZL7wyjjEPxzudJ97b/mCWHVULmSm1P3H6gkbN/BbhJxsJ+i4mHljtSiErOMdWvs
+VMGgKc2S0oFSOSbKUz5ieUqkwJve8OOdx64ynp2FRuOaXDnrK4XA9WKMxYkyqfA
agxJWajZPbdNVzQQaV090H+BF3eKg3RvLxcI2PdBLN/mUk8yvXWghA65UwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAs7BSUutNYy6cgSf+tlUs6OyONwMB8GA1UdIwQY
MBaAFJE4G8lp3mrcPR3cDrib3urOmAXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMt
MjU2ZGE5NWQxMzQ1LzEvQ3pzRkpTNjAxakxweUJKXzYyVlN6bzdJNDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMtMjU2ZGE5NWQxMzQ1
LzEva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBANScKgD
BABScKwDBAFScK4DBAC5j0wwDQYJKoZIhvcNAQELBQADggEBAI6rH+cyoldaMnzc
24Igt9YDgisfMD0xzwGrhBX4ahCrxKPdZweUiH1M0G0sY1RMI/Zs51n8hYK4gR+7
3MZbmVnSCQpbfyZ/ALk/dIBQMiRiEgEdnurz+xiFmfTHZzwrapQ0zxtvYgya3QFt
D3PST8sFIlTXdk271KMuDQsGlaZG4PWhNfl1lRErqhZm6N1S02/bkl082nO46kSC
U/iyt+xDVPhtsQNpeqSGs2kl2W/CMxHbqd5089QxAGtsz+zU+JhMUklV1j8UJit4
dNYVBqOhd5LBhlFq8TORSRWoOCXaxtR95yLFPjBP2xo3dgu6+Dy2gCOV3wrszp8p
SQ21Wnc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:09:01 2024 by rpki-client on console-ams.rpki-client.org