Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/8afdda-6c6b-4587-8a21-81eb61f5b71e/1/4rszpkCQobD-ZDI935hx45pMYUQ.roa
File: 4rszpkCQobD-ZDI935hx45pMYUQ.roa (raw, json)
Hash identifier: VRlsi3BPlBkws+3s76+x2d5v/7l4MaH3ncsKjCUNAjY=
Subject key identifier: E2:BB:33:A6:40:90:A1:B0:FE:64:32:3D:DF:98:71:E3:9A:4C:61:44
Certificate issuer: /CN=a26855980b273e5ae57dc1b9eb22e9f5f3a7cdf7
Certificate serial: 018CC8014D9392DDD347A5EF61F759FCD60F
Authority key identifier: A2:68:55:98:0B:27:3E:5A:E5:7D:C1:B9:EB:22:E9:F5:F3:A7:CD:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/omhVmAsnPlrlfcG56yLp9fOnzfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/8afdda-6c6b-4587-8a21-81eb61f5b71e/1/4rszpkCQobD-ZDI935hx45pMYUQ.roa
Signing time: Tue 02 Jan 2024 02:29:37 +0000
ROA not before: Tue 02 Jan 2024 02:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 137
IP address blocks: 193.204.0.0/15 maxlen: 15
192.167.0.0/16 maxlen: 16
193.205.16.0/20 maxlen: 20
212.189.128.0/17 maxlen: 17
90.147.0.0/16 maxlen: 16
192.167.59.0/24 maxlen: 24
185.191.180.0/22 maxlen: 22
193.206.0.0/16 maxlen: 16
138.41.0.0/16 maxlen: 16
2001:760::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/8afdda-6c6b-4587-8a21-81eb61f5b71e/1/omhVmAsnPlrlfcG56yLp9fOnzfc.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/8afdda-6c6b-4587-8a21-81eb61f5b71e/1/omhVmAsnPlrlfcG56yLp9fOnzfc.mft
rsync://rpki.ripe.net/repository/DEFAULT/omhVmAsnPlrlfcG56yLp9fOnzfc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:4d:93:92:dd:d3:47:a5:ef:61:f7:59:fc:d6:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a26855980b273e5ae57dc1b9eb22e9f5f3a7cdf7
Validity
Not Before: Jan 2 02:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e2bb33a64090a1b0fe64323ddf9871e39a4c6144
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:5c:c8:15:63:62:52:9f:ab:5f:53:1b:de:ef:
08:1e:6d:9a:1b:2b:fc:81:7a:67:63:14:29:6c:2c:
e9:69:53:41:32:b7:d5:e5:2c:10:55:b2:9e:5c:67:
7b:45:19:93:99:07:1d:66:45:13:14:65:f2:bd:71:
fc:f0:08:24:28:6d:8f:c1:45:97:a2:00:37:2e:7f:
ec:d2:83:60:94:61:77:f2:2b:e2:8a:5c:b7:b2:2e:
74:e0:64:a3:79:71:8f:e7:a8:06:c0:9c:73:71:59:
42:cd:87:f6:cc:73:72:cc:68:2c:8b:94:0a:8e:05:
bc:c2:26:b9:17:8e:56:68:27:e6:d8:b1:3f:d1:74:
b7:23:46:bc:d0:df:da:cf:74:02:e9:f6:21:ea:0a:
90:ed:dd:1c:45:3b:c2:88:cf:68:ba:f4:f2:6d:af:
e7:76:61:33:46:e4:ec:d0:0d:81:a0:0d:cb:fc:7b:
dd:83:2d:e1:cd:2e:cb:66:e2:4d:00:6e:56:0c:cb:
22:07:c5:1e:d9:95:45:df:66:bd:25:32:bc:03:c1:
88:26:d0:02:43:69:28:50:83:bf:d9:c4:10:40:4d:
88:7d:58:0d:82:db:dd:87:04:1b:e6:24:a3:28:55:
29:86:03:bb:e9:09:9e:f3:b5:dd:ef:b5:dc:e8:74:
d1:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:BB:33:A6:40:90:A1:B0:FE:64:32:3D:DF:98:71:E3:9A:4C:61:44
X509v3 Authority Key Identifier:
keyid:A2:68:55:98:0B:27:3E:5A:E5:7D:C1:B9:EB:22:E9:F5:F3:A7:CD:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/omhVmAsnPlrlfcG56yLp9fOnzfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8afdda-6c6b-4587-8a21-81eb61f5b71e/1/4rszpkCQobD-ZDI935hx45pMYUQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8afdda-6c6b-4587-8a21-81eb61f5b71e/1/omhVmAsnPlrlfcG56yLp9fOnzfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.147.0.0/16
138.41.0.0/16
185.191.180.0/22
192.167.0.0/16
193.204.0.0-193.206.255.255
212.189.128.0/17
IPv6:
2001:760::/32
Signature Algorithm: sha256WithRSAEncryption
89:ed:eb:64:93:2f:9a:9d:11:50:ac:04:e4:a8:59:1d:1a:6f:
6c:7c:19:b1:09:03:88:8a:d7:7c:b0:d6:42:6b:a6:d3:a7:60:
35:f9:9d:35:c1:5b:4a:63:b3:fe:f4:09:bf:fa:bc:c2:b9:12:
87:02:9a:9a:22:da:1c:8b:4e:37:c8:ae:c8:52:8b:bd:2b:2d:
9e:26:66:49:b6:de:ff:04:b1:69:c2:a4:38:68:61:53:5d:a8:
8b:aa:9a:b2:1f:d1:dd:7f:01:fc:b2:40:20:82:20:9a:31:e5:
42:b5:e5:ab:d6:68:25:89:8d:75:7c:44:e0:da:4d:a3:1c:39:
0b:45:d6:52:b6:c2:91:cc:6e:6c:b9:70:56:a1:ec:e7:22:7a:
ab:7c:a6:6a:79:a9:84:b4:59:20:0f:c5:eb:10:7e:5b:28:18:
01:5d:11:1d:e1:3c:2c:5e:87:8e:1e:12:3b:59:ed:bc:2f:94:
7f:57:9c:dd:c1:d7:b3:1c:2e:15:9d:86:60:ad:b6:32:87:de:
24:49:54:09:80:d4:25:52:0b:74:86:b8:93:d4:7b:02:c4:64:
f9:dd:64:fa:a3:40:d4:7d:f1:7c:3b:86:96:4b:21:ce:4e:cc:
08:3f:35:d5:06:4f:45:2c:c4:73:56:36:0e:d1:45:f2:30:c0:
fa:6f:aa:32
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzIAU2Tkt3TR6XvYfdZ/NYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNjg1NTk4MGIyNzNlNWFlNTdkYzFiOWViMjJlOWY1ZjNh
N2NkZjcwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmJiMzNhNjQwOTBhMWIwZmU2NDMyM2RkZjk4NzFlMzlhNGM2MTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VzIFWNiUp+rX1Mb3u8IHm2aGyv8
gXpnYxQpbCzpaVNBMrfV5SwQVbKeXGd7RRmTmQcdZkUTFGXyvXH88AgkKG2PwUWX
ogA3Ln/s0oNglGF38iviily3si504GSjeXGP56gGwJxzcVlCzYf2zHNyzGgsi5QK
jgW8wia5F45WaCfm2LE/0XS3I0a80N/az3QC6fYh6gqQ7d0cRTvCiM9ouvTyba/n
dmEzRuTs0A2BoA3L/Hvdgy3hzS7LZuJNAG5WDMsiB8Ue2ZVF32a9JTK8A8GIJtAC
Q2koUIO/2cQQQE2IfVgNgtvdhwQb5iSjKFUphgO76Qme87Xd77Xc6HTRAQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFOK7M6ZAkKGw/mQyPd+YceOaTGFEMB8GA1UdIwQY
MBaAFKJoVZgLJz5a5X3Buesi6fXzp833MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb21oVm1Bc25QbHJsZmNHNTZ5THA5Zk9uemZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi84YWZkZGEtNmM2Yi00NTg3LThhMjEt
ODFlYjYxZjViNzFlLzEvNHJzenBrQ1FvYkQtWkRJOTM1aHg0NXBNWVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi84YWZkZGEtNmM2Yi00NTg3LThhMjEtODFlYjYxZjViNzFl
LzEvb21oVm1Bc25QbHJsZmNHNTZ5THA5Zk9uemZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAtBAIAATAnAwMAWpMDAwCK
KQMEArm/tAMDAMCnMAoDAwLBzAMDAMHOAwQH1L2AMA0EAgACMAcDBQAgAQdgMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ7etkky+anRFQrATkqFkdGm9sfBmxCQOIitd8sNZC
a6bTp2A1+Z01wVtKY7P+9Am/+rzCuRKHApqaItoci043yK7IUou9Ky2eJmZJtt7/
BLFpwqQ4aGFTXaiLqpqyH9HdfwH8skAggiCaMeVCteWr1mgliY11fETg2k2jHDkL
RdZStsKRzG5suXBWoeznInqrfKZqeamEtFkgD8XrEH5bKBgBXREd4TwsXoeOHhI7
We28L5R/V5zdwdezHC4VnYZgrbYyh94kSVQJgNQlUgt0hriT1HsCxGT53WT6o0DU
ffF8O4aWSyHOTswIPzXVBk9FLMRzVjYO0UXyMMD6b6oy
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:19:59 2024 by rpki-client on console-ams.rpki-client.org