Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/6a7c93-87b4-4a4c-a21e-41a84f419ac5/1/myXe6rn3BMhUfGFYRMsdHcgSaZs.roa
File: myXe6rn3BMhUfGFYRMsdHcgSaZs.roa (raw, json)
Hash identifier: 1qfNuONcfI2+MIM8ksiAXedTo60VChNrjhVlOMUTnEE=
Subject key identifier: 9B:25:DE:EA:B9:F7:04:C8:54:7C:61:58:44:CB:1D:1D:C8:12:69:9B
Certificate issuer: /CN=d0b904df5eec2216b343016c5cb24bb90a43d3a4
Certificate serial: 018CC8021B4D6FE493E5E1CF74CAE5001B36
Authority key identifier: D0:B9:04:DF:5E:EC:22:16:B3:43:01:6C:5C:B2:4B:B9:0A:43:D3:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0LkE317sIhazQwFsXLJLuQpD06Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/6a7c93-87b4-4a4c-a21e-41a84f419ac5/1/myXe6rn3BMhUfGFYRMsdHcgSaZs.roa
Signing time: Tue 02 Jan 2024 02:30:30 +0000
ROA not before: Tue 02 Jan 2024 02:30:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210139
IP address blocks: 89.190.32.0/21 maxlen: 21
89.190.39.0/24 maxlen: 24
185.73.160.0/22 maxlen: 22
2a05:43c0::/29 maxlen: 29
2a05:43c2::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4f/6a7c93-87b4-4a4c-a21e-41a84f419ac5/1/0LkE317sIhazQwFsXLJLuQpD06Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/4f/6a7c93-87b4-4a4c-a21e-41a84f419ac5/1/0LkE317sIhazQwFsXLJLuQpD06Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/0LkE317sIhazQwFsXLJLuQpD06Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Dec 2024 18:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:02:1b:4d:6f:e4:93:e5:e1:cf:74:ca:e5:00:1b:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0b904df5eec2216b343016c5cb24bb90a43d3a4
Validity
Not Before: Jan 2 02:30:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9b25deeab9f704c8547c615844cb1d1dc812699b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:40:d5:b6:7c:7a:cc:eb:65:77:4a:37:cf:66:
24:9a:47:1a:94:fd:1c:ff:c2:8e:33:fd:7e:2b:65:
5f:be:f4:0e:b0:23:c5:ec:52:7f:9a:07:06:ab:c7:
80:26:93:b5:00:8e:44:98:d3:2a:8a:e9:f5:41:4f:
26:05:50:b8:53:c8:74:6b:ec:ba:11:dc:8b:01:61:
8d:a7:73:6e:cd:a1:92:80:fc:5f:5b:43:3f:bd:e9:
a6:5a:08:49:28:38:15:b2:5e:88:35:fd:02:b1:b5:
a0:95:1c:88:4e:a7:6d:fa:c5:cb:72:1f:10:04:0a:
f1:1a:c8:e9:e4:54:d3:94:7a:fb:bf:de:fa:6b:e5:
03:a3:3e:e1:eb:76:a5:06:2c:21:b7:3c:e6:dc:79:
5c:a6:eb:48:36:ff:d9:13:4c:e7:85:63:b6:19:f1:
f5:7f:5f:25:a2:57:7f:83:42:94:3b:16:2d:d8:86:
b1:60:34:9e:9b:bd:e6:a9:64:31:65:0a:5f:a9:c7:
d1:26:98:55:54:d7:2d:6a:93:0a:5c:d6:ea:dd:8d:
af:54:e5:07:34:5d:e6:a8:49:1c:c7:57:c0:d4:7e:
92:c8:4d:d1:48:cd:cb:fc:11:66:d0:ca:90:71:1c:
d4:32:ff:2d:5d:02:df:44:79:5f:08:b5:fc:05:73:
9e:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:25:DE:EA:B9:F7:04:C8:54:7C:61:58:44:CB:1D:1D:C8:12:69:9B
X509v3 Authority Key Identifier:
keyid:D0:B9:04:DF:5E:EC:22:16:B3:43:01:6C:5C:B2:4B:B9:0A:43:D3:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LkE317sIhazQwFsXLJLuQpD06Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6a7c93-87b4-4a4c-a21e-41a84f419ac5/1/myXe6rn3BMhUfGFYRMsdHcgSaZs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6a7c93-87b4-4a4c-a21e-41a84f419ac5/1/0LkE317sIhazQwFsXLJLuQpD06Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.190.32.0/21
185.73.160.0/22
IPv6:
2a05:43c0::/29
Signature Algorithm: sha256WithRSAEncryption
e0:c2:c5:b6:31:55:6c:8f:48:b0:f7:9a:39:45:2c:34:ad:ac:
73:ba:b6:38:15:b5:f6:cb:62:c2:a6:79:97:ed:0e:d6:63:3e:
03:b6:59:5a:0e:29:bb:62:b2:55:45:a4:8c:1c:cf:a4:a2:9d:
c5:3a:11:7c:c9:98:86:8b:d9:4b:99:53:c1:89:6e:a1:16:98:
ad:4a:d6:d0:e3:4a:f9:4b:14:78:68:69:d4:82:af:d6:bc:87:
ef:33:3a:cb:78:90:9e:57:40:46:1f:7f:a3:a2:50:65:11:60:
3b:3e:f1:f8:7f:21:c2:eb:6f:da:78:2d:6b:78:f7:9e:33:3a:
d5:48:50:4b:5f:0b:19:0b:db:db:dd:93:72:47:3a:ca:39:aa:
79:22:a4:d3:43:55:e3:69:7f:b8:d8:ad:ac:9a:4e:e1:54:37:
8d:98:7f:b1:b7:00:a6:4a:c8:33:a3:6e:2a:9b:b8:68:8e:9c:
24:44:ce:c0:d0:6d:17:c3:af:99:a7:60:4b:4d:87:74:77:95:
8a:3c:11:ea:7c:d9:5e:d8:fc:f9:51:45:cd:0b:20:e4:20:51:
4e:ec:ba:8c:06:45:b6:d5:b4:0b:38:39:76:e0:09:a1:72:fd:
b5:95:45:c0:29:c6:ba:df:d0:b5:11:02:ab:3a:9d:6f:05:8f:
53:dd:a6:22
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAhtNb+ST5eHPdMrlABs2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjkwNGRmNWVlYzIyMTZiMzQzMDE2YzVjYjI0YmI5MGE0
M2QzYTQwHhcNMjQwMTAyMDIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjI1ZGVlYWI5ZjcwNGM4NTQ3YzYxNTg0NGNiMWQxZGM4MTI2OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEDVtnx6zOtld0o3z2YkmkcalP0c
/8KOM/1+K2VfvvQOsCPF7FJ/mgcGq8eAJpO1AI5EmNMqiun1QU8mBVC4U8h0a+y6
EdyLAWGNp3NuzaGSgPxfW0M/vemmWghJKDgVsl6INf0CsbWglRyITqdt+sXLch8Q
BArxGsjp5FTTlHr7v976a+UDoz7h63alBiwhtzzm3HlcputINv/ZE0znhWO2GfH1
f18lold/g0KUOxYt2IaxYDSem73mqWQxZQpfqcfRJphVVNctapMKXNbq3Y2vVOUH
NF3mqEkcx1fA1H6SyE3RSM3L/BFm0MqQcRzUMv8tXQLfRHlfCLX8BXOeiwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJsl3uq59wTIVHxhWETLHR3IEmmbMB8GA1UdIwQY
MBaAFNC5BN9e7CIWs0MBbFyyS7kKQ9OkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExrRTMxN3NJaGF6UXdGc1hMSkx1UXBEMDZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82YTdjOTMtODdiNC00YTRjLWEyMWUt
NDFhODRmNDE5YWM1LzEvbXlYZTZybjNCTWhVZkdGWVJNc2RIY2dTYVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82YTdjOTMtODdiNC00YTRjLWEyMWUtNDFhODRmNDE5YWM1
LzEvMExrRTMxN3NJaGF6UXdGc1hMSkx1UXBEMDZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDWb4gAwQC
uUmgMA0EAgACMAcDBQMqBUPAMA0GCSqGSIb3DQEBCwUAA4IBAQDgwsW2MVVsj0iw
95o5RSw0raxzurY4FbX2y2LCpnmX7Q7WYz4DtllaDim7YrJVRaSMHM+kop3FOhF8
yZiGi9lLmVPBiW6hFpitStbQ40r5SxR4aGnUgq/WvIfvMzrLeJCeV0BGH3+jolBl
EWA7PvH4fyHC62/aeC1rePeeMzrVSFBLXwsZC9vb3ZNyRzrKOap5IqTTQ1XjaX+4
2K2smk7hVDeNmH+xtwCmSsgzo24qm7hojpwkRM7A0G0Xw6+Zp2BLTYd0d5WKPBHq
fNle2Pz5UUXNCyDkIFFO7LqMBkW21bQLODl24Amhcv21lUXAKca639C1EQKrOp1v
BY9T3aYi
-----END CERTIFICATE-----
Generated at Sat Dec 28 02:56:04 2024 by rpki-client on console-ams.rpki-client.org