Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wFIX8dNFRVZYPn944XAGU0uPm0c.roa
File: wFIX8dNFRVZYPn944XAGU0uPm0c.roa (raw, json)
Hash identifier: ucH/4dd1CWcow0jmgLhMvEuxo9sasiBbhNp98lehXXY=
Subject key identifier: C0:52:17:F1:D3:45:45:56:58:3E:7F:78:E1:70:06:53:4B:8F:9B:47
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 018EA9A7DC05EBBCBA080B61542ADB579C90
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wFIX8dNFRVZYPn944XAGU0uPm0c.roa
Signing time: Thu 04 Apr 2024 15:08:54 +0000
ROA not before: Thu 04 Apr 2024 15:08:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7018
IP address blocks: 104.222.190.0/24 maxlen: 24
104.243.199.0/24 maxlen: 24
104.243.200.0/24 maxlen: 24
104.243.201.0/24 maxlen: 24
104.243.202.0/24 maxlen: 24
104.243.204.0/24 maxlen: 24
104.249.32.0/22 maxlen: 24
216.173.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 26 Apr 2024 14:10:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a9:a7:dc:05:eb:bc:ba:08:0b:61:54:2a:db:57:9c:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Apr 4 15:08:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c05217f1d3454556583e7f78e17006534b8f9b47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:48:00:38:b4:75:f1:c3:3e:29:ba:e2:a7:b3:
c9:9f:0b:0b:f6:9f:58:26:1c:22:21:91:84:42:51:
04:ca:78:ef:b7:f0:e2:02:a8:e6:23:d6:c4:7c:6a:
5c:6d:35:4e:fe:22:cf:54:7c:f2:bf:99:af:05:e8:
8c:07:0c:8f:29:6a:77:b8:88:96:b9:ee:f3:39:43:
6a:6a:44:1d:76:16:b2:7e:98:a4:3d:90:6d:72:1c:
ca:a5:ab:b8:89:98:98:df:00:21:4d:76:25:b7:97:
66:8d:ff:1a:54:a7:3e:e6:6a:b2:42:cd:c0:58:2c:
3e:2c:a8:2d:31:10:23:f3:e2:c9:8b:f6:c8:4b:23:
e2:a1:8f:4f:2c:0f:54:04:f9:c6:aa:f6:9b:8d:35:
d0:b5:21:ed:98:12:5c:8d:9d:51:75:5d:37:a6:7f:
3c:1c:b1:7b:8c:99:5c:de:72:83:e1:b2:10:11:9b:
e2:ce:ea:a9:84:58:6d:88:44:7b:f3:d1:26:a3:94:
8a:8a:cb:0a:40:0a:55:62:e1:1e:34:3a:f9:e5:9d:
d2:9c:7a:f6:06:60:06:a1:92:c6:a7:5a:42:f6:db:
cb:79:2a:bf:3c:8f:e5:3f:e8:b1:46:ff:75:ad:be:
0e:27:e8:3c:26:2b:05:cc:c3:d5:f4:ae:b4:22:f3:
7b:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:52:17:F1:D3:45:45:56:58:3E:7F:78:E1:70:06:53:4B:8F:9B:47
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wFIX8dNFRVZYPn944XAGU0uPm0c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.222.190.0/24
104.243.199.0-104.243.202.255
104.243.204.0/24
104.249.32.0/22
216.173.87.0/24
Signature Algorithm: sha256WithRSAEncryption
82:14:95:ec:5b:b0:b0:1b:6a:26:d9:f4:15:dd:17:06:7b:bb:
18:ef:76:e4:8e:3c:20:24:18:c3:55:fa:c0:0e:b3:29:96:e5:
74:8b:35:10:58:ac:82:af:e9:fd:6b:29:16:ef:1f:90:c0:f6:
90:69:1e:a2:77:84:d2:17:ea:82:bc:6b:fc:dc:13:e6:23:b2:
86:72:b1:30:69:71:c7:51:c5:31:28:61:59:db:3c:80:4e:68:
ff:19:29:c5:25:ab:84:12:d0:f0:a6:90:85:bd:0b:19:12:8a:
0c:b4:55:82:8f:79:9a:da:fa:c0:57:4e:25:43:d1:5c:94:53:
c7:10:49:14:f2:cc:f7:e7:5c:6c:fa:ab:8d:a4:e8:75:97:e8:
c9:56:0f:e3:29:8a:ae:51:d0:48:e5:68:82:b9:aa:7b:e9:a9:
33:45:82:62:2c:46:f6:9a:54:61:03:05:aa:00:02:18:5f:35:
a6:41:f7:9a:b0:9b:5d:4a:5c:17:e7:35:e2:9d:4f:72:cc:fd:
71:81:36:43:73:cb:0a:84:58:78:62:d0:6c:cb:5b:45:39:b8:
a9:de:91:b8:fc:ef:b3:79:32:fd:32:85:8a:a4:b6:3e:80:92:
25:be:9d:89:57:7a:49:de:4d:bd:09:20:db:cc:7d:13:25:0b:
8b:35:d1:fe
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAY6pp9wF67y6CAthVCrbV5yQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNDA0MTUwODU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDUyMTdmMWQzNDU0NTU2NTgzZTdmNzhlMTcwMDY1MzRiOGY5YjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEgAOLR18cM+Kbrip7PJnwsL9p9Y
JhwiIZGEQlEEynjvt/DiAqjmI9bEfGpcbTVO/iLPVHzyv5mvBeiMBwyPKWp3uIiW
ue7zOUNqakQddhayfpikPZBtchzKpau4iZiY3wAhTXYlt5dmjf8aVKc+5mqyQs3A
WCw+LKgtMRAj8+LJi/bISyPioY9PLA9UBPnGqvabjTXQtSHtmBJcjZ1RdV03pn88
HLF7jJlc3nKD4bIQEZvizuqphFhtiER789Emo5SKissKQApVYuEeNDr55Z3SnHr2
BmAGoZLGp1pC9tvLeSq/PI/lP+ixRv91rb4OJ+g8JisFzMPV9K60IvN76QIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFMBSF/HTRUVWWD5/eOFwBlNLj5tHMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvd0ZJWDhkTkZSVlpZUG45NDRYQUdVMHVQbTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAaN6+MAwD
BABo88cDBABo88oDBABo88wDBAJo+SADBADYrVcwDQYJKoZIhvcNAQELBQADggEB
AIIUlexbsLAbaibZ9BXdFwZ7uxjvduSOPCAkGMNV+sAOsymW5XSLNRBYrIKv6f1r
KRbvH5DA9pBpHqJ3hNIX6oK8a/zcE+YjsoZysTBpccdRxTEoYVnbPIBOaP8ZKcUl
q4QS0PCmkIW9CxkSigy0VYKPeZra+sBXTiVD0VyUU8cQSRTyzPfnXGz6q42k6HWX
6MlWD+Mpiq5R0EjlaIK5qnvpqTNFgmIsRvaaVGEDBaoAAhhfNaZB95qwm11KXBfn
NeKdT3LM/XGBNkNzywqEWHhi0GzLW0U5uKnekbj877N5Mv0yhYqktj6AkiW+nYlX
ekneTb0JINvMfRMlC4s10f4=
-----END CERTIFICATE-----
Generated at Thu Apr 25 23:04:56 2024 by rpki-client on console-fra.rpki-client.org