Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/CoHZHjMJ9ZJdD_tvRTojYExIEuo.roa
File: CoHZHjMJ9ZJdD_tvRTojYExIEuo.roa (raw, json)
Hash identifier: YvDov9bh7WP8uw0erV/qTnmUInPjvv9Iv4eobQ5va+E=
Subject key identifier: 0A:81:D9:1E:33:09:F5:92:5D:0F:FB:6F:45:3A:23:60:4C:48:12:EA
Certificate issuer: /CN=78d636c505d56af42a414c167d52407d356b3d0b
Certificate serial: 018CC3493A32E1AFA4047E2AB0C1DCA43610
Authority key identifier: 78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/CoHZHjMJ9ZJdD_tvRTojYExIEuo.roa
Signing time: Mon 01 Jan 2024 04:30:05 +0000
ROA not before: Mon 01 Jan 2024 04:30:05 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201011
IP address blocks: 188.65.144.0/21 maxlen: 21
91.204.168.0/22 maxlen: 22
2a00:1aa0::/32 maxlen: 32
2a00:1aa0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.mft
rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 19:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:3a:32:e1:af:a4:04:7e:2a:b0:c1:dc:a4:36:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78d636c505d56af42a414c167d52407d356b3d0b
Validity
Not Before: Jan 1 04:30:05 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0a81d91e3309f5925d0ffb6f453a23604c4812ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:db:33:08:95:cd:7a:a3:29:22:c9:24:91:a9:
f6:29:ae:3a:62:44:8a:da:6b:5f:66:6c:09:db:07:
c4:7c:0f:f7:bd:e6:b7:ba:fb:1f:ab:fe:f4:b3:5f:
06:56:ca:7f:d6:02:f9:00:e4:9c:91:45:99:da:1d:
45:66:c5:71:94:52:09:a4:cc:62:50:17:85:36:9a:
2e:62:9b:0a:9a:37:a3:27:ca:ed:e3:fd:b7:cb:e4:
12:c6:3e:c9:0d:b1:6d:05:aa:52:8c:57:c3:ed:4e:
4b:f7:9e:4c:c9:6b:1c:bf:0f:02:1d:7e:64:00:d7:
64:b0:49:f4:17:13:08:eb:1e:2f:91:02:3d:d3:a8:
79:d5:90:07:d0:c5:be:1c:2e:c3:80:2d:43:79:0b:
7c:1c:a3:67:a8:66:e5:66:70:e6:8c:d3:b7:98:e2:
08:8b:8d:ca:7d:fa:44:ce:2e:74:1b:a8:5b:43:a8:
b2:9f:0d:9a:ea:de:53:3a:bd:e9:bc:a4:c4:b0:58:
55:77:ae:93:22:ea:5d:23:68:21:fc:25:46:0f:d4:
1b:40:7f:17:da:b6:1a:2f:a8:29:c4:01:1e:33:66:
20:41:da:1d:49:44:6f:fe:74:9a:5e:e0:46:c9:8d:
ff:ce:9d:7d:ad:e7:5c:c7:a8:f5:fb:69:2b:d5:6f:
86:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:81:D9:1E:33:09:F5:92:5D:0F:FB:6F:45:3A:23:60:4C:48:12:EA
X509v3 Authority Key Identifier:
keyid:78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/CoHZHjMJ9ZJdD_tvRTojYExIEuo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.204.168.0/22
188.65.144.0/21
IPv6:
2a00:1aa0::/29
Signature Algorithm: sha256WithRSAEncryption
6b:f3:43:e0:ec:de:26:66:97:bd:dc:38:64:90:e6:1c:5b:22:
8c:be:bf:d9:47:30:f0:e1:d5:6e:20:27:ce:47:1a:43:52:98:
f3:50:63:69:63:c8:f1:47:81:8e:d1:7d:21:ba:42:5e:00:04:
9e:99:16:ab:11:ed:17:23:bc:a3:b0:b8:b9:58:74:78:0e:ed:
71:93:b7:3b:15:02:c4:14:86:62:fd:ff:c7:1e:57:e3:42:8e:
5f:fb:7c:03:fa:e1:64:af:d7:f9:b3:9d:2c:78:60:d9:c0:74:
77:e5:57:1c:93:fe:e5:58:9e:f1:c2:3d:0a:3c:e2:c3:31:d7:
d5:7d:d8:2a:28:a4:52:89:ec:38:fa:41:c3:5d:e0:2d:57:fd:
74:9e:c2:d1:88:b6:d8:b7:f9:d7:a0:ed:ff:ef:bc:12:f4:fd:
d8:3b:a2:85:55:98:be:df:d0:68:26:f6:a7:1e:4b:3a:6e:10:
d1:32:78:15:22:8a:33:0d:8f:6b:6d:88:4b:6a:e2:bb:e7:7c:
18:0e:a4:8f:37:72:64:d7:a8:17:6d:a3:64:ff:b0:3b:0e:0b:
5a:2f:59:f3:fb:d0:2d:c9:d4:b1:2e:fb:f8:f2:12:8f:3a:11:
88:72:29:bb:27:92:d4:ee:ff:09:5f:79:53:cb:c8:ba:27:a2:
25:56:86:2d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSToy4a+kBH4qsMHcpDYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDYzNmM1MDVkNTZhZjQyYTQxNGMxNjdkNTI0MDdkMzU2
YjNkMGIwHhcNMjQwMTAxMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgxZDkxZTMzMDlmNTkyNWQwZmZiNmY0NTNhMjM2MDRjNDgxMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdszCJXNeqMpIskkkan2Ka46YkSK
2mtfZmwJ2wfEfA/3vea3uvsfq/70s18GVsp/1gL5AOSckUWZ2h1FZsVxlFIJpMxi
UBeFNpouYpsKmjejJ8rt4/23y+QSxj7JDbFtBapSjFfD7U5L955MyWscvw8CHX5k
ANdksEn0FxMI6x4vkQI906h51ZAH0MW+HC7DgC1DeQt8HKNnqGblZnDmjNO3mOII
i43KffpEzi50G6hbQ6iynw2a6t5TOr3pvKTEsFhVd66TIupdI2gh/CVGD9QbQH8X
2rYaL6gpxAEeM2YgQdodSURv/nSaXuBGyY3/zp19redcx6j1+2kr1W+GqwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAqB2R4zCfWSXQ/7b0U6I2BMSBLqMB8GA1UdIwQY
MBaAFHjWNsUF1Wr0KkFMFn1SQH01az0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTIt
ZGRjZDRkOTM1MDMwLzEvQ29IWkhqTUo5WkpkRF90dlJUb2pZRXhJRXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTItZGRjZDRkOTM1MDMw
LzEvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8yoAwQD
vEGQMA0EAgACMAcDBQMqABqgMA0GCSqGSIb3DQEBCwUAA4IBAQBr80Pg7N4mZpe9
3DhkkOYcWyKMvr/ZRzDw4dVuICfORxpDUpjzUGNpY8jxR4GO0X0hukJeAASemRar
Ee0XI7yjsLi5WHR4Du1xk7c7FQLEFIZi/f/HHlfjQo5f+3wD+uFkr9f5s50seGDZ
wHR35Vcck/7lWJ7xwj0KPOLDMdfVfdgqKKRSiew4+kHDXeAtV/10nsLRiLbYt/nX
oO3/77wS9P3YO6KFVZi+39BoJvanHks6bhDRMngVIoozDY9rbYhLauK753wYDqSP
N3Jk16gXbaNk/7A7DgtaL1nz+9AtydSxLvv48hKPOhGIcim7J5LU7v8JX3lTy8i6
J6IlVoYt
-----END CERTIFICATE-----
Generated at Sat Jun 8 03:13:13 2024 by rpki-client on console-fra.rpki-client.org