Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/S9g7Vzh1P2FMifJvSn439KZG27g.roa
File: S9g7Vzh1P2FMifJvSn439KZG27g.roa (raw, json)
Hash identifier: v15MkXapqMIIz2ocPmFrHKam9nmEjR38xTT54Tkaxq0=
Subject key identifier: 4B:D8:3B:57:38:75:3F:61:4C:89:F2:6F:4A:7E:37:F4:A6:46:DB:B8
Certificate issuer: /CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Certificate serial: 018CC94E5FF3F92C7D2F53054F6515B807BE
Authority key identifier: 38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/S9g7Vzh1P2FMifJvSn439KZG27g.roa
Signing time: Tue 02 Jan 2024 08:33:25 +0000
ROA not before: Tue 02 Jan 2024 08:33:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201644
IP address blocks: 185.68.89.0/24 maxlen: 24
185.68.90.0/23 maxlen: 23
185.68.90.0/24 maxlen: 24
185.68.91.0/24 maxlen: 24
185.68.88.0/22 maxlen: 22
185.68.88.0/24 maxlen: 24
185.68.88.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.mft
rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 05:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4e:5f:f3:f9:2c:7d:2f:53:05:4f:65:15:b8:07:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Validity
Not Before: Jan 2 08:33:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4bd83b5738753f614c89f26f4a7e37f4a646dbb8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e4:de:e8:c7:ff:fb:a7:44:79:80:63:66:f6:
1a:a4:b5:5b:62:9d:ab:d7:08:b8:04:f2:41:ec:48:
09:89:a2:77:2a:ba:54:68:de:bd:cb:75:63:34:8a:
f2:19:0a:9f:a8:e7:87:d9:18:72:07:6c:42:03:89:
52:d8:ad:f9:b0:a6:0d:3f:e8:0e:99:71:c0:e6:9e:
de:2d:6a:92:71:5d:ee:b8:e3:75:89:09:19:0d:08:
b3:cf:2a:71:df:27:e2:1d:94:67:a9:7e:74:4a:68:
c0:5d:76:bc:57:61:e1:0b:62:1c:21:ed:00:2e:27:
82:64:88:8e:81:76:52:c4:37:34:55:7e:ce:4f:db:
b3:be:01:02:9d:35:d6:44:14:50:59:61:c3:96:7b:
3c:a5:aa:be:7b:11:4e:cd:65:cd:e7:58:87:04:56:
b5:cd:e9:96:86:30:d5:e2:64:20:70:55:29:b9:e5:
a5:b3:a2:31:11:07:eb:b6:4a:1d:86:0c:6e:40:a2:
f3:28:92:0d:3f:97:b4:3c:ca:43:7c:d2:2b:03:ac:
8a:ba:bf:3d:e8:09:5a:0e:bc:1f:d9:f4:20:d5:7f:
5a:4d:89:fa:64:fb:b3:16:e8:1b:21:5d:04:00:55:
58:b5:ad:55:74:4c:ea:ee:51:e1:90:4c:17:fc:fe:
af:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:D8:3B:57:38:75:3F:61:4C:89:F2:6F:4A:7E:37:F4:A6:46:DB:B8
X509v3 Authority Key Identifier:
keyid:38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/S9g7Vzh1P2FMifJvSn439KZG27g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.68.88.0/22
Signature Algorithm: sha256WithRSAEncryption
6e:5b:97:12:40:c8:78:27:04:a7:8e:61:62:88:1c:51:49:07:
40:b4:70:b2:45:58:a9:2e:8e:a7:a1:09:02:c9:31:75:af:e2:
d8:9b:9a:34:27:22:38:da:d6:df:a4:1c:14:27:71:87:8c:6a:
f9:f5:f5:99:a4:3d:4a:af:8b:a7:3f:e5:61:cf:4b:67:61:47:
44:80:3b:be:47:36:a9:02:43:f6:b2:77:9a:20:a5:01:34:eb:
d5:54:9b:30:e2:d8:3f:5e:df:61:3e:4c:44:b8:4a:a1:bf:e8:
50:07:3c:b1:ed:3b:52:da:f6:0c:c4:ce:9a:8a:90:c0:b6:09:
f0:12:4c:0a:ac:3a:bb:98:91:0c:13:c0:52:d1:95:d2:e3:e5:
71:e0:70:69:d5:b8:a0:3b:33:b8:be:c2:6e:de:04:6b:74:44:
23:f3:06:f3:f8:90:ff:3c:a5:9e:78:bf:8f:1b:82:f8:26:9a:
cd:f2:aa:d6:5a:98:30:29:f0:9c:7b:b5:a7:cd:1f:d5:ad:c1:
15:a1:6d:cb:6d:c5:cf:5f:50:be:e0:b5:f1:aa:fd:34:4b:8a:
06:02:92:bf:3d:a3:ef:c9:0d:b0:87:7e:fb:64:34:14:27:75:
7e:0c:fc:48:12:18:2a:ae:a2:94:f7:1a:98:0b:ab:ed:dc:4d:
49:52:e5:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTl/z+Sx9L1MFT2UVuAe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OTBlN2E0NTQ5YTU3MWY2OGI2ODhkYWQ0ZjVjZWQ4ZTUy
OTA2OGIwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQ4M2I1NzM4NzUzZjYxNGM4OWYyNmY0YTdlMzdmNGE2NDZkYmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveTe6Mf/+6dEeYBjZvYapLVbYp2r
1wi4BPJB7EgJiaJ3KrpUaN69y3VjNIryGQqfqOeH2RhyB2xCA4lS2K35sKYNP+gO
mXHA5p7eLWqScV3uuON1iQkZDQizzypx3yfiHZRnqX50SmjAXXa8V2HhC2IcIe0A
LieCZIiOgXZSxDc0VX7OT9uzvgECnTXWRBRQWWHDlns8paq+exFOzWXN51iHBFa1
zemWhjDV4mQgcFUpueWls6IxEQfrtkodhgxuQKLzKJINP5e0PMpDfNIrA6yKur89
6AlaDrwf2fQg1X9aTYn6ZPuzFugbIV0EAFVYta1VdEzq7lHhkEwX/P6vHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvYO1c4dT9hTInyb0p+N/SmRtu4MB8GA1UdIwQY
MBaAFDiQ56RUmlcfaLaI2tT1ztjlKQaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTIt
OTQ4MTJjN2Y0NDllLzEvUzlnN1Z6aDFQMkZNaWZKdlNuNDM5S1pHMjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTItOTQ4MTJjN2Y0NDll
LzEvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuURYMA0G
CSqGSIb3DQEBCwUAA4IBAQBuW5cSQMh4JwSnjmFiiBxRSQdAtHCyRVipLo6noQkC
yTF1r+LYm5o0JyI42tbfpBwUJ3GHjGr59fWZpD1Kr4unP+Vhz0tnYUdEgDu+Rzap
AkP2sneaIKUBNOvVVJsw4tg/Xt9hPkxEuEqhv+hQBzyx7TtS2vYMxM6aipDAtgnw
EkwKrDq7mJEME8BS0ZXS4+Vx4HBp1bigOzO4vsJu3gRrdEQj8wbz+JD/PKWeeL+P
G4L4JprN8qrWWpgwKfCce7WnzR/VrcEVoW3LbcXPX1C+4LXxqv00S4oGApK/PaPv
yQ2wh377ZDQUJ3V+DPxIEhgqrqKU9xqYC6vt3E1JUuXK
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:39:08 2024 by rpki-client on console-ams.rpki-client.org