Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/_fKGQgaJezM2GM4k10QyNUNTCuQ.roa
File: _fKGQgaJezM2GM4k10QyNUNTCuQ.roa (raw, json)
Hash identifier: xj9tc3HgRHHOaF9irl6Si2kNvOWfiWuIme8OtwLfZ/s=
Subject key identifier: FD:F2:86:42:06:89:7B:33:36:18:CE:24:D7:44:32:35:43:53:0A:E4
Certificate issuer: /CN=6665dd97665a23b1b183e223822b66b5ae536a2f
Certificate serial: 018CC56EDFDD52F0B7479F726FDFC926FC8C
Authority key identifier: 66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/_fKGQgaJezM2GM4k10QyNUNTCuQ.roa
Signing time: Mon 01 Jan 2024 14:30:26 +0000
ROA not before: Mon 01 Jan 2024 14:30:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 786
IP address blocks: 89.207.208.0/21 maxlen: 21
81.87.0.0/16 maxlen: 24
193.60.0.0/14 maxlen: 24
194.66.0.0/16 maxlen: 24
195.194.0.0/15 maxlen: 24
83.138.32.0/21 maxlen: 21
212.121.192.0/19 maxlen: 19
212.219.0.0/16 maxlen: 24
194.80.0.0/14 maxlen: 24
212.121.0.0/19 maxlen: 19
2001:630::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 09:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:df:dd:52:f0:b7:47:9f:72:6f:df:c9:26:fc:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6665dd97665a23b1b183e223822b66b5ae536a2f
Validity
Not Before: Jan 1 14:30:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fdf2864206897b333618ce24d744323543530ae4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:87:0d:f3:81:13:22:99:68:d9:6a:b7:a6:e6:
94:c0:29:c5:cb:f4:98:48:c0:04:00:10:39:1e:3b:
72:4d:3c:14:01:63:53:c0:8c:a5:87:e2:57:05:61:
57:35:63:dd:a8:67:23:4f:ae:4c:3c:e3:94:07:db:
32:ee:d7:77:17:d1:7a:2e:b8:7e:9f:5e:4f:33:b3:
3c:e3:6d:67:69:0b:41:ec:2f:04:80:51:fb:c8:a6:
e8:5f:91:15:fd:ff:b2:8a:3b:19:6b:50:5c:b1:cb:
73:5f:86:eb:7f:8e:99:e9:fb:c4:04:ae:5d:01:67:
74:f8:49:5c:d6:24:27:ff:a1:a5:ba:0e:39:a7:a4:
22:cc:c6:cb:0e:78:d5:ad:a3:9d:57:59:d8:97:06:
79:f7:2e:1d:7c:44:54:43:4a:5c:50:e8:d5:e9:aa:
9b:d1:0e:12:e5:ef:4f:eb:73:86:dd:87:b2:44:cb:
87:86:f9:ff:b8:36:17:00:40:5c:39:ea:7c:44:64:
a2:f0:c5:5d:37:f3:0b:93:36:01:de:6b:c0:34:e6:
74:e7:c5:6e:ba:a8:d8:39:45:c2:0a:45:2c:ed:49:
66:07:e4:d8:cf:af:82:04:7d:f5:94:92:26:f4:26:
e3:9a:ad:d2:21:f0:16:cb:ef:04:56:93:a4:46:d7:
5c:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:F2:86:42:06:89:7B:33:36:18:CE:24:D7:44:32:35:43:53:0A:E4
X509v3 Authority Key Identifier:
keyid:66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/_fKGQgaJezM2GM4k10QyNUNTCuQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.87.0.0/16
83.138.32.0/21
89.207.208.0/21
193.60.0.0/14
194.66.0.0/16
194.80.0.0/14
195.194.0.0/15
212.121.0.0/19
212.121.192.0/19
212.219.0.0/16
IPv6:
2001:630::/32
Signature Algorithm: sha256WithRSAEncryption
ba:a2:e4:52:15:49:ac:b7:9d:31:92:4c:78:61:b9:76:36:50:
6e:d0:56:77:1a:5f:9c:d2:8b:c1:02:ac:2a:e6:c5:4b:f8:d3:
9e:a1:d2:2f:13:0e:e4:e2:ac:3d:b4:78:3d:c0:b4:bf:21:96:
31:7f:13:82:1b:29:72:8a:0e:f3:3d:7d:0f:c1:13:06:32:78:
61:5d:21:f5:f6:c4:66:a8:f8:3c:26:f4:a8:7d:16:81:6f:b7:
21:e3:58:fc:28:ff:d4:da:d6:40:fc:f4:b6:70:28:3b:bd:16:
7f:f4:64:94:59:70:77:53:0a:20:45:19:9d:56:db:84:c3:30:
f1:bc:07:52:0d:77:8f:30:f8:44:0a:77:97:2c:08:78:37:e2:
65:d5:ae:2b:a6:d1:39:23:3b:f7:5f:84:5b:61:da:16:16:43:
3c:c0:5e:a4:b0:53:6b:52:09:19:0e:60:a9:f9:bb:f5:a2:fa:
66:80:fb:29:ef:1c:d8:03:b2:6e:b7:d5:11:a0:ad:a3:b7:35:
b9:3f:bf:12:ec:81:d2:19:b8:81:a1:88:15:6d:21:7c:dc:e2:
07:32:5c:7e:cb:a4:ea:41:7f:3e:39:8b:05:c5:97:c5:19:40:
41:2e:6f:80:22:4a:62:08:6c:eb:31:d8:17:68:8a:15:5d:e7:
1d:27:6f:fc
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzFbt/dUvC3R59yb9/JJvyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjVkZDk3NjY1YTIzYjFiMTgzZTIyMzgyMmI2NmI1YWU1
MzZhMmYwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGYyODY0MjA2ODk3YjMzMzYxOGNlMjRkNzQ0MzIzNTQzNTMwYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4cN84ETIplo2Wq3puaUwCnFy/SY
SMAEABA5HjtyTTwUAWNTwIylh+JXBWFXNWPdqGcjT65MPOOUB9sy7td3F9F6Lrh+
n15PM7M8421naQtB7C8EgFH7yKboX5EV/f+yijsZa1BcsctzX4brf46Z6fvEBK5d
AWd0+Elc1iQn/6Glug45p6QizMbLDnjVraOdV1nYlwZ59y4dfERUQ0pcUOjV6aqb
0Q4S5e9P63OG3YeyRMuHhvn/uDYXAEBcOep8RGSi8MVdN/MLkzYB3mvANOZ058Vu
uqjYOUXCCkUs7UlmB+TYz6+CBH31lJIm9Cbjmq3SIfAWy+8EVpOkRtdcCwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFP3yhkIGiXszNhjOJNdEMjVDUwrkMB8GA1UdIwQY
MBaAFGZl3ZdmWiOxsYPiI4IrZrWuU2ovMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWIt
ZThkNzA3MTdmZjhhLzEvX2ZLR1FnYUplek0yR000azEwUXlOVU5UQ3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWItZThkNzA3MTdmZjhh
LzEvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwMAUVcDBANT
iiADBANZz9ADAwLBPAMDAMJCAwMCwlADAwHDwgMEBdR5AAMEBdR5wAMDANTbMA0E
AgACMAcDBQAgAQYwMA0GCSqGSIb3DQEBCwUAA4IBAQC6ouRSFUmst50xkkx4Ybl2
NlBu0FZ3Gl+c0ovBAqwq5sVL+NOeodIvEw7k4qw9tHg9wLS/IZYxfxOCGylyig7z
PX0PwRMGMnhhXSH19sRmqPg8JvSofRaBb7ch41j8KP/U2tZA/PS2cCg7vRZ/9GSU
WXB3UwogRRmdVtuEwzDxvAdSDXePMPhECneXLAh4N+Jl1a4rptE5Izv3X4RbYdoW
FkM8wF6ksFNrUgkZDmCp+bv1ovpmgPsp7xzYA7Jut9URoK2jtzW5P78S7IHSGbiB
oYgVbSF83OIHMlx+y6TqQX8+OYsFxZfFGUBBLm+AIkpiCGzrMdgXaIoVXecdJ2/8
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:44:57 2024 by rpki-client on console-fra.rpki-client.org