Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/afbV6p7LvuvEEyjVSuP-TtnXjNI.roa
File: afbV6p7LvuvEEyjVSuP-TtnXjNI.roa (raw, json)
Hash identifier: fB0GG3sjxq89aZXqrSQW/PX5OHHdGlDl7be2SycqE3o=
Subject key identifier: 69:F6:D5:EA:9E:CB:BE:EB:C4:13:28:D5:4A:E3:FE:4E:D9:D7:8C:D2
Certificate issuer: /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial: 018CC6B78EC5B62E3F4ACC24F78930D269B4
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/afbV6p7LvuvEEyjVSuP-TtnXjNI.roa
Signing time: Mon 01 Jan 2024 20:29:27 +0000
ROA not before: Mon 01 Jan 2024 20:29:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29670
IP address blocks: 193.29.188.0/24 maxlen: 24
217.197.80.0/20 maxlen: 24
192.109.82.0/24 maxlen: 24
192.109.21.0/24 maxlen: 24
192.109.42.0/24 maxlen: 24
185.177.204.0/22 maxlen: 24
2001:67c:1400::/45 maxlen: 48
2a0a:4580::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 03:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:8e:c5:b6:2e:3f:4a:cc:24:f7:89:30:d2:69:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Validity
Not Before: Jan 1 20:29:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=69f6d5ea9ecbbeebc41328d54ae3fe4ed9d78cd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:4c:1f:01:99:64:2b:14:4b:7e:cb:b8:3d:a4:
a5:90:a5:f9:0c:75:9e:86:e6:67:7b:20:3f:78:db:
c9:7e:da:25:0a:89:20:59:e3:8c:8b:db:08:fb:c6:
80:ce:df:38:2b:6d:fc:9e:1f:34:31:ff:d7:c4:15:
36:13:3e:79:57:2c:dd:f6:91:6f:fd:56:f9:66:38:
c9:9c:6b:14:e0:d7:52:81:26:0c:3a:4a:0e:83:cf:
93:fa:f3:b5:be:4b:b5:4c:b8:d9:a4:c0:03:5e:24:
28:21:4f:e0:fd:57:14:91:c7:72:9d:89:06:6c:a2:
36:a4:1b:fc:2b:cd:75:e7:b4:ef:9e:27:ee:19:91:
36:a5:aa:99:fa:ae:25:96:fd:d4:02:09:4a:ac:2e:
92:ad:89:5a:ee:18:ed:41:0d:92:0f:74:d6:7a:03:
57:29:02:34:33:db:81:4b:7d:69:63:9f:ae:26:0f:
67:69:8b:ba:eb:8d:f0:8c:f0:2c:72:87:1d:fd:63:
b3:76:b4:e6:1d:40:40:07:26:6d:e3:c9:3b:34:f4:
2f:82:e3:c5:16:95:ae:85:06:0a:74:b7:50:15:df:
ac:89:ee:74:28:1a:62:ff:2f:b1:13:15:00:cf:d1:
63:16:c5:11:81:27:a2:1d:6a:c7:60:9c:94:14:85:
61:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:F6:D5:EA:9E:CB:BE:EB:C4:13:28:D5:4A:E3:FE:4E:D9:D7:8C:D2
X509v3 Authority Key Identifier:
keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/afbV6p7LvuvEEyjVSuP-TtnXjNI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.177.204.0/22
192.109.21.0/24
192.109.42.0/24
192.109.82.0/24
193.29.188.0/24
217.197.80.0/20
IPv6:
2001:67c:1400::/45
2a0a:4580::/29
Signature Algorithm: sha256WithRSAEncryption
45:12:48:67:e4:42:03:1c:ec:bd:db:b8:0f:a7:01:46:47:2b:
88:fb:ba:d0:54:3f:94:a5:1b:57:8b:c1:e4:b0:96:02:da:52:
cc:2a:15:96:fa:a8:b0:77:cd:3a:02:b6:83:ce:a9:25:e2:e1:
86:6b:24:5b:76:a0:64:03:68:68:50:22:f3:6b:9a:6a:58:59:
8b:7a:39:48:c2:9c:33:0b:2a:ee:36:27:d0:4b:f4:20:42:64:
28:69:65:fc:47:f7:a3:ed:26:02:23:d4:f8:5a:84:7e:19:d7:
20:49:6a:ad:36:0e:2f:4a:54:bb:29:ac:12:bf:3b:03:da:7d:
ce:42:27:28:1f:30:50:79:c3:5b:2f:4a:d1:08:d0:10:4f:f9:
77:3b:98:b9:11:07:9c:e0:24:b4:68:d8:1d:d6:61:09:6f:c3:
9f:12:ee:6c:23:b5:a0:60:1e:3f:b6:46:82:a3:37:b1:ae:6a:
e5:d9:7b:50:d8:cb:30:23:68:67:06:4c:24:a5:85:e4:52:e0:
a3:d2:bb:4e:91:c8:cb:7d:11:60:32:e0:c6:77:e2:fb:79:99:
ce:2a:5b:55:d3:30:02:81:9f:dc:ce:77:1f:3f:f7:25:89:ac:
90:5a:52:5c:e9:b3:2e:46:8f:62:d7:5a:82:82:b6:6e:84:d3:
4d:3e:6c:ed
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYzGt47Fti4/Sswk94kw0mm0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWY2ZDVlYTllY2JiZWViYzQxMzI4ZDU0YWUzZmU0ZWQ5ZDc4Y2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkwfAZlkKxRLfsu4PaSlkKX5DHWe
huZneyA/eNvJftolCokgWeOMi9sI+8aAzt84K238nh80Mf/XxBU2Ez55Vyzd9pFv
/Vb5ZjjJnGsU4NdSgSYMOkoOg8+T+vO1vku1TLjZpMADXiQoIU/g/VcUkcdynYkG
bKI2pBv8K81157TvnifuGZE2paqZ+q4llv3UAglKrC6SrYla7hjtQQ2SD3TWegNX
KQI0M9uBS31pY5+uJg9naYu6643wjPAscocd/WOzdrTmHUBAByZt48k7NPQvguPF
FpWuhQYKdLdQFd+sie50KBpi/y+xExUAz9FjFsURgSeiHWrHYJyUFIVhKwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGn21eqey77rxBMo1Urj/k7Z14zSMB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xL2FmYlY2cDdMdnV2RUV5alZTdVAtVHRuWGpOSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMCoEAgABMCQDBAK5scwD
BADAbRUDBADAbSoDBADAbVIDBADBHbwDBATZxVAwFgQCAAIwEAMHAyABBnwUAAMF
AyoKRYAwDQYJKoZIhvcNAQELBQADggEBAEUSSGfkQgMc7L3buA+nAUZHK4j7utBU
P5SlG1eLweSwlgLaUswqFZb6qLB3zToCtoPOqSXi4YZrJFt2oGQDaGhQIvNrmmpY
WYt6OUjCnDMLKu42J9BL9CBCZChpZfxH96PtJgIj1PhahH4Z1yBJaq02Di9KVLsp
rBK/OwPafc5CJygfMFB5w1svStEI0BBP+Xc7mLkRB5zgJLRo2B3WYQlvw58S7mwj
taBgHj+2RoKjN7GuauXZe1DYyzAjaGcGTCSlheRS4KPSu06RyMt9EWAy4MZ34vt5
mc4qW1XTMAKBn9zOdx8/9yWJrJBaUlzpsy5Gj2LXWoKCtm6E000+bO0=
-----END CERTIFICATE-----