Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/oIkCE0DR1olFJIW_ktb4Nf7WoOk.roa
File: oIkCE0DR1olFJIW_ktb4Nf7WoOk.roa (raw, json)
Hash identifier: 6K9gQbJFzPzNtS6cpg9CcCd2TEfqzhll6gxxFA3vDLo=
Subject key identifier: A0:89:02:13:40:D1:D6:89:45:24:85:BF:92:D6:F8:35:FE:D6:A0:E9
Certificate issuer: /CN=0842759a04fcfd9dd386486f04820e4a060397f2
Certificate serial: 0193988408763CA93D9418D1F78C9D910E87
Authority key identifier: 08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/oIkCE0DR1olFJIW_ktb4Nf7WoOk.roa
Signing time: Thu 05 Dec 2024 20:30:09 +0000
ROA not before: Thu 05 Dec 2024 20:30:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35617
IP address blocks: 85.204.42.0/24 maxlen: 24
86.104.135.0/24 maxlen: 24
109.239.240.0/20 maxlen: 20
178.132.88.0/21 maxlen: 21
185.59.132.0/22 maxlen: 22
185.225.128.0/22 maxlen: 22
212.81.60.0/22 maxlen: 22
2a04:e240::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.mft
rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Dec 2024 18:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:98:84:08:76:3c:a9:3d:94:18:d1:f7:8c:9d:91:0e:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0842759a04fcfd9dd386486f04820e4a060397f2
Validity
Not Before: Dec 5 20:30:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a089021340d1d689452485bf92d6f835fed6a0e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:68:15:ca:2c:da:be:72:ce:b4:cd:05:da:f4:
90:50:af:44:39:9e:d2:0e:81:38:0e:d2:4e:15:9a:
aa:c5:52:15:37:7f:c7:01:f1:74:bb:8d:13:5a:e2:
e3:96:7f:ef:d2:41:d1:a8:09:de:bf:69:e3:85:4f:
bc:8d:89:15:58:15:42:2c:38:c0:d1:1c:70:0c:91:
ee:c4:86:ce:64:25:43:92:cc:d7:7d:14:4b:38:ce:
67:58:c5:f4:92:95:ab:3c:c1:ff:77:ab:a9:a1:cf:
b7:1b:06:cb:91:8c:40:de:3d:d6:09:c8:03:a3:34:
90:3b:58:b2:bc:fc:dd:b1:7e:aa:2f:82:04:04:40:
73:0b:75:c6:02:93:9b:71:34:38:e5:71:c0:22:d9:
72:84:a7:4b:ea:4d:93:1b:95:13:ed:1b:23:35:1b:
c3:c4:fb:c6:72:f7:2a:e4:fe:f1:1d:71:21:d3:ee:
06:df:30:be:f3:43:97:4a:a2:30:29:18:25:d5:bf:
9b:e6:ab:4b:1a:87:ee:93:42:11:98:91:d9:45:ec:
89:b5:d2:fe:92:f0:45:88:bf:da:77:b0:04:7d:12:
2e:87:5f:62:fd:cd:39:19:a3:69:3c:47:95:71:3e:
0d:77:5e:62:42:13:5b:c7:77:32:64:fa:b0:98:17:
f6:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:89:02:13:40:D1:D6:89:45:24:85:BF:92:D6:F8:35:FE:D6:A0:E9
X509v3 Authority Key Identifier:
keyid:08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/oIkCE0DR1olFJIW_ktb4Nf7WoOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.42.0/24
86.104.135.0/24
109.239.240.0/20
178.132.88.0/21
185.59.132.0/22
185.225.128.0/22
212.81.60.0/22
IPv6:
2a04:e240::/29
Signature Algorithm: sha256WithRSAEncryption
90:b8:f8:50:f6:13:75:89:ce:00:f6:c8:4a:2f:5b:b5:04:f0:
ac:51:73:93:5a:66:77:bb:ad:b5:26:98:05:20:15:9f:8f:da:
1f:45:ee:14:8c:fe:ed:b5:57:d1:78:4d:20:e2:9a:18:c9:45:
8c:7a:a4:b6:ec:c5:7a:10:a7:07:a9:07:96:97:60:82:aa:33:
c0:54:27:8d:bf:66:5c:ed:6d:81:49:f8:c2:eb:79:c8:3c:09:
34:51:76:1a:29:17:c0:e6:5e:9d:a8:92:90:e2:94:84:3b:5b:
d3:a3:a2:3b:a6:23:b7:ac:8d:d2:bf:fe:11:56:90:65:60:47:
56:f3:a9:ef:07:37:1e:76:d3:cd:00:06:6b:e8:80:c2:60:c6:
21:e3:77:8d:40:4b:f8:e2:48:9c:b0:97:82:ca:14:5c:ca:30:
65:40:b3:37:3b:e6:1f:da:1f:5f:7e:a1:2e:fa:73:fd:ad:11:
4f:a5:27:cc:4b:8c:80:22:5c:de:5b:ba:09:29:14:26:3e:31:
39:45:55:08:18:9d:c2:f6:9a:07:45:d6:d7:d5:8b:d2:91:4d:
af:de:55:70:50:51:b2:09:e5:5f:21:45:05:0c:c5:49:08:7d:
cd:87:84:c1:7d:11:e7:f2:02:45:e1:b3:2f:a1:36:21:84:3d:
ae:1a:12:e3
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZOYhAh2PKk9lBjR94ydkQ6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDI3NTlhMDRmY2ZkOWRkMzg2NDg2ZjA0ODIwZTRhMDYw
Mzk3ZjIwHhcNMjQxMjA1MjAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDg5MDIxMzQwZDFkNjg5NDUyNDg1YmY5MmQ2ZjgzNWZlZDZhMGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22gVyizavnLOtM0F2vSQUK9EOZ7S
DoE4DtJOFZqqxVIVN3/HAfF0u40TWuLjln/v0kHRqAnev2njhU+8jYkVWBVCLDjA
0RxwDJHuxIbOZCVDkszXfRRLOM5nWMX0kpWrPMH/d6upoc+3GwbLkYxA3j3WCcgD
ozSQO1iyvPzdsX6qL4IEBEBzC3XGApObcTQ45XHAItlyhKdL6k2TG5UT7RsjNRvD
xPvGcvcq5P7xHXEh0+4G3zC+80OXSqIwKRgl1b+b5qtLGofuk0IRmJHZReyJtdL+
kvBFiL/ad7AEfRIuh19i/c05GaNpPEeVcT4Nd15iQhNbx3cyZPqwmBf2JwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKCJAhNA0daJRSSFv5LW+DX+1qDpMB8GA1UdIwQY
MBaAFAhCdZoE/P2d04ZIbwSCDkoGA5fyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEt
NzAyNWUxODgwNjhjLzEvb0lrQ0UwRFIxb2xGSklXX2t0YjROZjdXb09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEtNzAyNWUxODgwNjhj
LzEvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAVcwqAwQA
VmiHAwQEbe/wAwQDsoRYAwQCuTuEAwQCueGAAwQC1FE8MA0EAgACMAcDBQMqBOJA
MA0GCSqGSIb3DQEBCwUAA4IBAQCQuPhQ9hN1ic4A9shKL1u1BPCsUXOTWmZ3u621
JpgFIBWfj9ofRe4UjP7ttVfReE0g4poYyUWMeqS27MV6EKcHqQeWl2CCqjPAVCeN
v2Zc7W2BSfjC63nIPAk0UXYaKRfA5l6dqJKQ4pSEO1vTo6I7piO3rI3Sv/4RVpBl
YEdW86nvBzcedtPNAAZr6IDCYMYh43eNQEv44kicsJeCyhRcyjBlQLM3O+Yf2h9f
fqEu+nP9rRFPpSfMS4yAIlzeW7oJKRQmPjE5RVUIGJ3C9poHRdbX1YvSkU2v3lVw
UFGyCeVfIUUFDMVJCH3Nh4TBfRHn8gJF4bMvoTYhhD2uGhLj
-----END CERTIFICATE-----
Generated at Sat Dec 28 02:58:51 2024 by rpki-client on console-fra.rpki-client.org