Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/ibIUFaytNHTayw1PIzxsCrPx2Yo.roa
File: ibIUFaytNHTayw1PIzxsCrPx2Yo.roa (raw, json)
Hash identifier: 1Zr3of7ejybVHMuiD2Drgm/wh4ZpApK8f+M+DkMdxIM=
Subject key identifier: 89:B2:14:15:AC:AD:34:74:DA:CB:0D:4F:23:3C:6C:0A:B3:F1:D9:8A
Certificate issuer: /CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Certificate serial: 018CC348960D69AC8C84BB1F4D4BD036686A
Authority key identifier: 8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/ibIUFaytNHTayw1PIzxsCrPx2Yo.roa
Signing time: Mon 01 Jan 2024 04:29:23 +0000
ROA not before: Mon 01 Jan 2024 04:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14618
IP address blocks: 2a00:4bc0:2300::/40 maxlen: 48
2a00:4bc0:2100::/40 maxlen: 48
2a00:4bc0:2400::/40 maxlen: 48
2a00:4bc0:2600::/40 maxlen: 48
2a00:4bc0:2000::/44 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 02 May 2024 14:46:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:96:0d:69:ac:8c:84:bb:1f:4d:4b:d0:36:68:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Validity
Not Before: Jan 1 04:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=89b21415acad3474dacb0d4f233c6c0ab3f1d98a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:1f:42:14:d7:5f:3c:46:6f:a4:c3:90:ec:ab:
7e:8b:2c:fa:db:13:55:5f:68:58:7d:f8:f1:56:04:
bc:50:f1:d1:fc:83:f9:e1:6a:4f:eb:c4:d0:af:a3:
e3:55:0b:ba:eb:25:53:9d:99:fb:bf:3b:16:89:cc:
00:bd:a9:2a:60:fe:3f:16:02:b9:f6:1b:5c:6a:7b:
c3:28:1a:5a:da:0c:d7:91:32:83:fc:ea:92:ec:d7:
7a:97:7f:c7:98:b3:57:48:ba:ec:35:83:c8:55:30:
ad:6c:b0:69:30:c5:08:82:cc:bf:6a:33:51:62:df:
d1:97:e2:0e:9f:bf:56:92:35:39:4c:4b:56:47:b9:
3c:d4:65:19:e5:06:ad:95:2e:14:af:19:78:a1:ae:
4e:44:d0:de:03:45:94:fc:2a:30:f5:fc:cd:20:83:
94:65:db:87:e6:90:05:86:cf:bb:9f:ad:8a:c7:ac:
36:07:b6:f9:d6:29:77:a9:29:41:2d:59:80:52:86:
e6:de:ae:45:59:40:ef:ae:df:98:3e:ff:00:be:fa:
12:d0:05:f1:72:0a:36:32:f8:20:ea:a8:42:b5:f4:
34:a1:80:57:ce:c0:4c:ad:07:db:bb:6c:9f:5e:52:
29:a4:c4:21:42:6c:2c:20:22:9a:75:3c:df:ef:50:
1c:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:B2:14:15:AC:AD:34:74:DA:CB:0D:4F:23:3C:6C:0A:B3:F1:D9:8A
X509v3 Authority Key Identifier:
keyid:8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/ibIUFaytNHTayw1PIzxsCrPx2Yo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a00:4bc0:2000::/44
2a00:4bc0:2100::/40
2a00:4bc0:2300::-2a00:4bc0:24ff:ffff:ffff:ffff:ffff:ffff
2a00:4bc0:2600::/40
Signature Algorithm: sha256WithRSAEncryption
88:c0:a9:ce:4d:e3:30:d6:ed:aa:e7:0d:4b:cb:c2:cd:91:c2:
be:97:ca:02:8a:a2:ab:72:da:c0:79:11:91:de:fa:d8:d0:d5:
f1:83:94:1d:73:70:8e:da:37:f3:82:72:12:d7:f2:c6:0f:f1:
f5:c8:69:04:82:79:fc:08:06:a3:81:c1:93:36:fd:a0:d8:eb:
b5:a4:b8:26:32:77:7e:b4:36:ce:9d:66:ed:b5:c5:28:24:8c:
dc:07:69:70:3e:cb:d5:a0:63:3e:f8:ba:a6:fb:00:7d:d9:5c:
24:6f:00:a9:b1:87:90:46:32:aa:85:56:1b:ec:66:7b:1b:23:
7b:b0:44:25:bc:53:d0:a1:65:10:97:00:85:2c:44:c7:72:ee:
0b:69:1f:b3:66:87:95:0c:65:35:03:94:27:da:d2:5a:b8:14:
21:39:e5:48:29:c8:e7:14:7d:47:8a:28:c2:52:d7:d4:d3:b1:
22:de:91:b4:e5:35:17:e0:6d:69:5d:70:2f:2a:66:18:25:77:
30:28:51:09:09:5a:b7:45:f1:be:33:ad:f6:4e:2f:91:6c:af:
8d:98:54:c8:a7:72:4f:c5:bd:6c:f8:b2:89:38:84:88:b6:cd:
b9:78:4c:31:85:29:ba:9f:ee:85:30:2e:f9:e0:79:43:98:bf:
c0:be:4a:91
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYzDSJYNaayMhLsfTUvQNmhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMjgyNGM2MTM1N2RjMzQ0YmJkZjM1YjgzNTc3NDU5Yjlk
M2ZjNDQwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIyMTQxNWFjYWQzNDc0ZGFjYjBkNGYyMzNjNmMwYWIzZjFkOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiR9CFNdfPEZvpMOQ7Kt+iyz62xNV
X2hYffjxVgS8UPHR/IP54WpP68TQr6PjVQu66yVTnZn7vzsWicwAvakqYP4/FgK5
9htcanvDKBpa2gzXkTKD/OqS7Nd6l3/HmLNXSLrsNYPIVTCtbLBpMMUIgsy/ajNR
Yt/Rl+IOn79WkjU5TEtWR7k81GUZ5QatlS4Urxl4oa5ORNDeA0WU/Cow9fzNIIOU
ZduH5pAFhs+7n62Kx6w2B7b51il3qSlBLVmAUobm3q5FWUDvrt+YPv8AvvoS0AXx
cgo2Mvgg6qhCtfQ0oYBXzsBMrQfbu2yfXlIppMQhQmwsICKadTzf71ActwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFImyFBWsrTR02ssNTyM8bAqz8dmKMB8GA1UdIwQY
MBaAFI8oJMYTV9w0S73zW4NXdFm50/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzIt
M2FlNzExYWYwMzRiLzEvaWJJVUZheXROSFRheXcxUEl6eHNDclB4MllvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzItM2FlNzExYWYwMzRi
LzEvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAxBAIAAjArAwcEKgBLwCAA
AwYAKgBLwCEwEAMGACoAS8AjAwYAKgBLwCQDBgAqAEvAJjANBgkqhkiG9w0BAQsF
AAOCAQEAiMCpzk3jMNbtqucNS8vCzZHCvpfKAoqiq3LawHkRkd762NDV8YOUHXNw
jto384JyEtfyxg/x9chpBIJ5/AgGo4HBkzb9oNjrtaS4JjJ3frQ2zp1m7bXFKCSM
3AdpcD7L1aBjPvi6pvsAfdlcJG8AqbGHkEYyqoVWG+xmexsje7BEJbxT0KFlEJcA
hSxEx3LuC2kfs2aHlQxlNQOUJ9rSWrgUITnlSCnI5xR9R4oowlLX1NOxIt6RtOU1
F+BtaV1wLypmGCV3MChRCQlat0XxvjOt9k4vkWyvjZhUyKdyT8W9bPiyiTiEiLbN
uXhMMYUpup/uhTAu+eB5Q5i/wL5KkQ==
-----END CERTIFICATE-----
Generated at Wed May 1 21:11:06 2024 by rpki-client on console-ams.rpki-client.org