Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/rTIV-9QIVtUcwALSt8aooQQdy8c.roa
File: rTIV-9QIVtUcwALSt8aooQQdy8c.roa (raw, json)
Hash identifier: JD5B5ZYwCWHbqGM/57QlyU1Z5R0nMEklTDhejC9ss88=
Subject key identifier: AD:32:15:FB:D4:08:56:D5:1C:C0:02:D2:B7:C6:A8:A1:04:1D:CB:C7
Certificate issuer: /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial: 018F1B220C5E20EAE454319C85045A3F3640
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/rTIV-9QIVtUcwALSt8aooQQdy8c.roa
Signing time: Fri 26 Apr 2024 15:59:27 +0000
ROA not before: Fri 26 Apr 2024 15:59:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1299
IP address blocks: 46.245.176.0/21 maxlen: 24
86.105.222.0/23 maxlen: 24
89.38.36.0/23 maxlen: 24
91.90.144.0/20 maxlen: 24
91.230.172.0/22 maxlen: 24
109.70.216.0/21 maxlen: 24
185.187.64.0/22 maxlen: 24
2a00:14e0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 16 May 2024 10:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:1b:22:0c:5e:20:ea:e4:54:31:9c:85:04:5a:3f:36:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Validity
Not Before: Apr 26 15:59:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ad3215fbd40856d51cc002d2b7c6a8a1041dcbc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:cd:76:43:19:3f:17:75:fd:a7:fa:b2:85:15:
0e:ba:61:90:38:af:cc:bc:85:ca:c9:29:80:a2:06:
42:15:41:ba:e4:82:68:3b:a5:10:be:6d:d4:c7:90:
7a:e1:9c:ea:55:33:25:d1:bd:cc:bb:da:d7:c0:dc:
af:46:12:f1:47:f1:19:bb:d4:32:8c:de:7a:33:af:
6c:fe:36:34:3c:f2:24:63:e8:92:ef:5b:bb:c6:6c:
3a:60:1d:61:88:e2:76:24:bc:47:21:98:a8:74:94:
a2:b0:2d:ab:30:32:36:59:45:2f:b7:68:d4:57:5e:
df:86:46:8b:59:1b:77:c1:66:e3:0b:0c:df:06:39:
24:b1:11:35:00:83:0a:a5:78:4f:25:f6:4c:17:ea:
6e:5e:06:08:1f:7c:db:8a:6d:6a:f9:33:fc:4a:84:
9b:71:a7:4a:d4:5c:c0:12:2b:f4:77:b8:b7:14:e5:
6d:be:8b:c4:e7:ca:04:3c:8d:58:65:b5:5f:e1:0d:
23:39:68:79:b8:53:c7:8e:a0:5d:bb:25:7b:fd:65:
47:de:a4:95:f2:e7:a1:f3:96:f9:e9:61:5e:e4:11:
bc:9f:4e:6c:de:a7:1f:ce:eb:6d:42:65:9a:e5:72:
6b:7d:e3:4d:65:85:0c:99:2e:d7:ec:c1:5b:93:4a:
2a:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:32:15:FB:D4:08:56:D5:1C:C0:02:D2:B7:C6:A8:A1:04:1D:CB:C7
X509v3 Authority Key Identifier:
keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/rTIV-9QIVtUcwALSt8aooQQdy8c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.245.176.0/21
86.105.222.0/23
89.38.36.0/23
91.90.144.0/20
91.230.172.0/22
109.70.216.0/21
185.187.64.0/22
IPv6:
2a00:14e0::/29
Signature Algorithm: sha256WithRSAEncryption
29:f6:72:60:1e:6b:dd:d3:14:ae:4a:22:94:80:a9:2b:de:b2:
1a:db:8d:93:75:41:59:5c:39:3d:17:8f:f7:b2:af:bc:84:53:
a7:b2:44:7f:3d:42:03:a7:b6:5c:bc:1c:36:3f:1e:2b:1c:f1:
d0:ef:5d:14:85:8e:7b:3b:c8:3e:db:55:71:7c:9b:ac:24:a1:
b1:dc:05:e8:a7:d9:a3:b1:02:eb:0c:d0:46:74:2e:46:66:58:
f7:44:fc:c5:c7:10:11:2f:48:ed:73:b8:f9:7f:d1:ff:06:ae:
69:9e:85:46:b3:a8:2f:fc:8f:da:38:5d:1c:e0:ca:33:38:5b:
5d:0e:8d:df:1f:84:28:c6:0b:1c:2c:3d:6b:83:00:b4:9d:01:
6f:96:62:28:74:65:7a:d5:00:be:5e:ff:9c:01:1a:ae:b7:cb:
73:49:c0:a0:6e:46:e6:e9:7b:2e:19:34:c4:08:7d:da:a2:3b:
6f:ff:1f:90:5d:c5:fd:86:39:84:0b:37:85:8d:e1:59:5c:bf:
78:5a:67:3f:f4:5e:6c:cd:c1:a3:ec:22:43:0b:ee:c7:ee:e9:
41:d2:7a:cc:87:4a:13:bb:3a:7e:f8:64:f2:03:97:aa:35:cf:
7c:02:7c:9a:c6:59:dd:43:1f:cc:0b:53:ee:da:ff:64:80:cb:
ce:4c:12:17
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY8bIgxeIOrkVDGchQRaPzZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwNDI2MTU1OTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDMyMTVmYmQ0MDg1NmQ1MWNjMDAyZDJiN2M2YThhMTA0MWRjYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc12Qxk/F3X9p/qyhRUOumGQOK/M
vIXKySmAogZCFUG65IJoO6UQvm3Ux5B64ZzqVTMl0b3Mu9rXwNyvRhLxR/EZu9Qy
jN56M69s/jY0PPIkY+iS71u7xmw6YB1hiOJ2JLxHIZiodJSisC2rMDI2WUUvt2jU
V17fhkaLWRt3wWbjCwzfBjkksRE1AIMKpXhPJfZMF+puXgYIH3zbim1q+TP8SoSb
cadK1FzAEiv0d7i3FOVtvovE58oEPI1YZbVf4Q0jOWh5uFPHjqBduyV7/WVH3qSV
8ueh85b56WFe5BG8n05s3qcfzuttQmWa5XJrfeNNZYUMmS7X7MFbk0oq9wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFK0yFfvUCFbVHMAC0rfGqKEEHcvHMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvclRJVi05UUlWdFVjd0FMU3Q4YW9vUVFkeThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDLvWwAwQB
VmneAwQBWSYkAwQEW1qQAwQCW+asAwQDbUbYAwQCubtAMA0EAgACMAcDBQMqABTg
MA0GCSqGSIb3DQEBCwUAA4IBAQAp9nJgHmvd0xSuSiKUgKkr3rIa242TdUFZXDk9
F4/3sq+8hFOnskR/PUIDp7ZcvBw2Px4rHPHQ710UhY57O8g+21VxfJusJKGx3AXo
p9mjsQLrDNBGdC5GZlj3RPzFxxARL0jtc7j5f9H/Bq5pnoVGs6gv/I/aOF0c4Moz
OFtdDo3fH4QoxgscLD1rgwC0nQFvlmIodGV61QC+Xv+cARqut8tzScCgbkbm6Xsu
GTTECH3aojtv/x+QXcX9hjmECzeFjeFZXL94Wmc/9F5szcGj7CJDC+7H7ulB0nrM
h0oTuzp++GTyA5eqNc98AnyaxlndQx/MC1Pu2v9kgMvOTBIX
-----END CERTIFICATE-----
Generated at Wed May 15 16:23:47 2024 by rpki-client on console-ams.rpki-client.org