Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/Tc6sOrZBz8gEnPlSRHquvQaE6KY.roa
File: Tc6sOrZBz8gEnPlSRHquvQaE6KY.roa (raw, json)
Hash identifier: XVBH61L14NlfYZI8gL672VrYdg+bAEoYa+uKnTnIg6Q=
Subject key identifier: 4D:CE:AC:3A:B6:41:CF:C8:04:9C:F9:52:44:7A:AE:BD:06:84:E8:A6
Certificate issuer: /CN=1f688f9857d9e440c1058dc8959e49f8b3183f61
Certificate serial: 018CC3492CD6BE8AFBA9799B9321D3E636A5
Authority key identifier: 1F:68:8F:98:57:D9:E4:40:C1:05:8D:C8:95:9E:49:F8:B3:18:3F:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/Tc6sOrZBz8gEnPlSRHquvQaE6KY.roa
Signing time: Mon 01 Jan 2024 04:30:01 +0000
ROA not before: Mon 01 Jan 2024 04:30:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205581
IP address blocks: 85.209.240.0/24 maxlen: 24
85.209.243.0/24 maxlen: 24
85.209.242.0/24 maxlen: 24
85.209.241.0/24 maxlen: 24
2a0e:b784::/32 maxlen: 32
2a0e:b782::/32 maxlen: 32
2a0e:b780::/32 maxlen: 32
2a0e:b786::/32 maxlen: 32
2a0e:b785::/32 maxlen: 32
2a0e:b783::/32 maxlen: 32
2a0e:b787::/32 maxlen: 32
2a0e:b781::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.crl
rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.mft
rsync://rpki.ripe.net/repository/DEFAULT/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:2c:d6:be:8a:fb:a9:79:9b:93:21:d3:e6:36:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f688f9857d9e440c1058dc8959e49f8b3183f61
Validity
Not Before: Jan 1 04:30:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4dceac3ab641cfc8049cf952447aaebd0684e8a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:2d:7f:73:4c:15:e9:a6:27:34:26:df:d3:99:
e0:69:39:72:1a:d9:9f:e1:a3:57:62:72:70:d4:4f:
f6:7d:be:00:17:fd:81:5a:9e:0d:7d:8f:31:6a:84:
20:ce:33:10:1f:32:a1:a3:cf:b6:c4:c0:24:15:6e:
e3:75:33:93:fb:9a:62:f6:76:73:af:80:f2:7b:32:
a3:77:35:1b:a3:04:14:78:7f:3f:3a:97:ff:1d:5f:
cb:34:66:34:0c:03:0a:5a:f6:ca:22:31:5a:9e:26:
6e:1c:a6:63:2d:06:c7:b7:f1:52:f5:02:a8:27:d7:
5e:6e:ba:e6:4e:de:89:3f:fb:83:4e:d4:ac:c9:36:
b2:b8:a3:1c:ec:5c:be:58:dd:14:31:64:5d:6a:df:
0a:d7:10:6d:11:cf:6f:c4:bf:2f:b1:54:0c:27:87:
06:4d:13:7d:0d:4f:9c:01:5c:cb:15:ee:0e:3a:7a:
8f:a1:2b:32:49:2a:5b:5b:af:36:7e:4a:f0:a3:f7:
0a:68:c5:a0:ca:2f:ef:01:fd:41:6b:db:1c:d3:f2:
b8:31:1c:20:3a:2d:c7:77:42:7e:8a:ff:a3:af:c5:
de:86:0a:4a:2f:54:b7:9d:bc:ae:79:c5:8f:2b:c9:
38:0e:94:bb:cb:02:7b:be:d1:67:97:ee:ff:ae:f4:
94:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:CE:AC:3A:B6:41:CF:C8:04:9C:F9:52:44:7A:AE:BD:06:84:E8:A6
X509v3 Authority Key Identifier:
keyid:1F:68:8F:98:57:D9:E4:40:C1:05:8D:C8:95:9E:49:F8:B3:18:3F:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/Tc6sOrZBz8gEnPlSRHquvQaE6KY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.240.0/22
IPv6:
2a0e:b780::/29
Signature Algorithm: sha256WithRSAEncryption
7d:98:c3:a0:60:ed:5b:a3:f1:1a:dd:65:f3:18:a4:f3:7f:56:
73:26:da:7e:98:a8:01:15:9e:7b:db:8f:be:af:f9:23:f8:da:
97:d9:1e:1f:ec:82:0d:6d:4a:06:93:70:8a:de:fb:7c:51:27:
65:6a:18:41:48:ed:91:7d:eb:c5:79:6f:9c:79:16:27:f7:78:
3a:ad:d8:ea:9b:93:9c:ae:40:70:5c:47:d4:11:72:40:74:a4:
c9:ee:c1:fb:6c:e2:e8:98:42:a0:ae:93:70:f7:71:fd:76:0f:
29:3f:71:f7:aa:89:1e:91:72:43:7d:3d:be:4f:85:b0:19:ad:
a2:0c:c8:a4:c4:05:fa:a8:17:ee:1e:9f:7c:45:5e:84:45:cd:
b7:bc:6d:30:3b:b4:86:ad:55:de:de:c1:cb:32:66:57:3b:af:
d8:e4:e6:40:ce:4b:db:5e:81:aa:c8:40:74:51:82:c6:77:35:
7f:af:39:e3:cf:ab:56:44:6a:4d:7c:57:9d:53:a3:20:62:a2:
48:65:7d:6a:7a:6d:1f:e2:5d:78:2d:c1:35:ed:78:fc:ad:ed:
4a:7d:3c:9b:a6:7e:64:7c:ff:10:30:4b:55:cd:9e:86:29:ac:
b1:d9:4d:44:10:4e:bf:7c:d3:0e:62:89:a1:15:83:a3:f0:4d:
a7:3d:35:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSSzWvor7qXmbkyHT5jalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjg4Zjk4NTdkOWU0NDBjMTA1OGRjODk1OWU0OWY4YjMx
ODNmNjEwHhcNMjQwMTAxMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGNlYWMzYWI2NDFjZmM4MDQ5Y2Y5NTI0NDdhYWViZDA2ODRlOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny1/c0wV6aYnNCbf05ngaTlyGtmf
4aNXYnJw1E/2fb4AF/2BWp4NfY8xaoQgzjMQHzKho8+2xMAkFW7jdTOT+5pi9nZz
r4DyezKjdzUbowQUeH8/Opf/HV/LNGY0DAMKWvbKIjFaniZuHKZjLQbHt/FS9QKo
J9debrrmTt6JP/uDTtSsyTayuKMc7Fy+WN0UMWRdat8K1xBtEc9vxL8vsVQMJ4cG
TRN9DU+cAVzLFe4OOnqPoSsySSpbW682fkrwo/cKaMWgyi/vAf1Ba9sc0/K4MRwg
Oi3Hd0J+iv+jr8XehgpKL1S3nbyuecWPK8k4DpS7ywJ7vtFnl+7/rvSUKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE3OrDq2Qc/IBJz5UkR6rr0GhOimMB8GA1UdIwQY
MBaAFB9oj5hX2eRAwQWNyJWeSfizGD9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJpUG1GZlo1RURCQlkzSWxaNUotTE1ZUDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8wNTc3ODAtNTJlOC00Nzc3LThhMjUt
MDIxYzJlMDczNWIxLzEvVGM2c09yWkJ6OGdFblBsU1JIcXV2UWFFNktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8wNTc3ODAtNTJlOC00Nzc3LThhMjUtMDIxYzJlMDczNWIx
LzEvSDJpUG1GZlo1RURCQlkzSWxaNUotTE1ZUDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdHwMA0E
AgACMAcDBQMqDreAMA0GCSqGSIb3DQEBCwUAA4IBAQB9mMOgYO1bo/Ea3WXzGKTz
f1ZzJtp+mKgBFZ5724++r/kj+NqX2R4f7IINbUoGk3CK3vt8USdlahhBSO2RfevF
eW+ceRYn93g6rdjqm5OcrkBwXEfUEXJAdKTJ7sH7bOLomEKgrpNw93H9dg8pP3H3
qokekXJDfT2+T4WwGa2iDMikxAX6qBfuHp98RV6ERc23vG0wO7SGrVXe3sHLMmZX
O6/Y5OZAzkvbXoGqyEB0UYLGdzV/rznjz6tWRGpNfFedU6MgYqJIZX1qem0f4l14
LcE17Xj8re1KfTybpn5kfP8QMEtVzZ6GKayx2U1EEE6/fNMOYomhFYOj8E2nPTVs
-----END CERTIFICATE-----
Generated at Sat Nov 23 14:52:19 2024 by rpki-client on console-ams.rpki-client.org