Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/sYgH0wjFN2thOHWrp1N-BQ5TPp8.roa
File: sYgH0wjFN2thOHWrp1N-BQ5TPp8.roa (raw, json)
Hash identifier: Gbf1ca3hbJ/gEUPxruXgOhpvIxenRX5bWNMOdSIPjRI=
Subject key identifier: B1:88:07:D3:08:C5:37:6B:61:38:75:AB:A7:53:7E:05:0E:53:3E:9F
Certificate issuer: /CN=78d636c505d56af42a414c167d52407d356b3d0b
Certificate serial: 019301ECE05710B6371D0BAE9A2F6BA6D18E
Authority key identifier: 78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/sYgH0wjFN2thOHWrp1N-BQ5TPp8.roa
Signing time: Wed 06 Nov 2024 14:42:01 +0000
ROA not before: Wed 06 Nov 2024 14:42:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209480
IP address blocks: 91.204.168.0/22 maxlen: 22
188.65.144.0/21 maxlen: 21
2a00:1aa0::/29 maxlen: 29
2a00:1aa0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.mft
rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 16:12:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:01:ec:e0:57:10:b6:37:1d:0b:ae:9a:2f:6b:a6:d1:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78d636c505d56af42a414c167d52407d356b3d0b
Validity
Not Before: Nov 6 14:42:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b18807d308c5376b613875aba7537e050e533e9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:ae:2a:36:a2:6a:77:a8:8f:84:a7:56:8d:8c:
1d:6a:70:e1:41:60:c5:df:24:35:0f:e8:e0:63:e5:
66:96:d4:27:92:ef:e1:17:8f:1f:f2:4c:7d:93:0b:
5f:2f:5d:86:58:3c:4a:8a:e9:bc:10:af:21:0a:15:
88:b1:e7:3b:33:e4:79:ae:57:9a:cb:41:5f:bd:9b:
69:68:29:16:0e:96:a8:17:51:f2:25:2a:9e:58:82:
d9:6e:96:a0:fd:0b:51:b0:18:08:86:16:4d:39:77:
c0:0d:88:19:ef:64:65:7f:09:9c:18:69:ef:53:5e:
7b:40:78:29:45:ba:e7:93:1f:23:e1:86:ad:80:27:
0e:58:60:46:d5:7d:31:ca:4b:3e:eb:7b:0e:84:4c:
0f:37:c7:bf:0f:98:20:ab:17:53:c2:22:6e:ce:6a:
fe:6e:0d:7e:d2:03:2d:f0:69:d2:a5:43:4e:68:7d:
48:9c:c2:77:66:99:74:75:62:8c:fb:0f:5e:d9:84:
cd:37:c6:e6:64:9d:f6:4d:a1:ee:04:9d:f0:fd:99:
69:36:0e:46:4f:3e:b5:b2:df:d4:02:55:e8:8b:d7:
86:95:86:c5:f1:ce:f1:ad:6a:0f:75:e7:aa:15:20:
ea:82:69:09:9e:89:12:61:37:33:c7:44:2c:6d:72:
22:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:88:07:D3:08:C5:37:6B:61:38:75:AB:A7:53:7E:05:0E:53:3E:9F
X509v3 Authority Key Identifier:
keyid:78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/sYgH0wjFN2thOHWrp1N-BQ5TPp8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.204.168.0/22
188.65.144.0/21
IPv6:
2a00:1aa0::/29
Signature Algorithm: sha256WithRSAEncryption
45:ec:db:f9:51:64:83:00:90:0a:e2:48:ee:32:a2:16:d1:f9:
af:3b:d4:fe:29:ce:cb:44:2b:ca:0b:42:b2:3a:f2:dd:71:f6:
84:bb:3a:ec:b7:6e:a7:23:00:08:93:1d:a1:6b:09:b1:d3:34:
6b:c7:1c:f0:15:c0:0b:34:fb:ac:c2:98:5d:8d:5d:2f:a0:f2:
a2:57:76:dc:a2:7f:4d:1b:64:15:48:37:dd:88:cd:0d:dd:d7:
0d:9f:43:1c:3d:0d:a7:df:7b:d7:e4:ae:af:06:c5:a7:0c:8c:
b8:c4:b8:73:3a:5e:8a:9c:70:0d:45:6a:13:0c:f8:45:66:dd:
6b:23:6f:e7:02:99:4a:88:66:2c:24:ba:fa:29:80:67:84:10:
e6:ca:be:b9:7a:c8:16:75:27:46:26:76:12:fd:da:31:ee:c2:
3a:8f:e4:3c:96:e8:8d:56:73:1e:68:04:b5:6a:b0:72:5b:26:
2f:2f:8b:1c:16:f5:0c:34:a3:e2:de:1e:59:26:a2:2c:df:fc:
1b:5b:c8:67:40:d3:73:3b:06:69:df:e6:b6:a0:b7:6c:71:23:
cc:c8:81:cb:1f:02:2b:7a:1e:1f:f3:16:6b:62:ca:5c:df:fa:
1a:a3:ff:76:b9:bd:96:7e:a4:01:ad:47:20:81:e9:92:d3:db:
43:b7:d1:19
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZMB7OBXELY3HQuumi9rptGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDYzNmM1MDVkNTZhZjQyYTQxNGMxNjdkNTI0MDdkMzU2
YjNkMGIwHhcNMjQxMTA2MTQ0MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTg4MDdkMzA4YzUzNzZiNjEzODc1YWJhNzUzN2UwNTBlNTMzZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza4qNqJqd6iPhKdWjYwdanDhQWDF
3yQ1D+jgY+VmltQnku/hF48f8kx9kwtfL12GWDxKium8EK8hChWIsec7M+R5rlea
y0FfvZtpaCkWDpaoF1HyJSqeWILZbpag/QtRsBgIhhZNOXfADYgZ72RlfwmcGGnv
U157QHgpRbrnkx8j4YatgCcOWGBG1X0xyks+63sOhEwPN8e/D5ggqxdTwiJuzmr+
bg1+0gMt8GnSpUNOaH1InMJ3Zpl0dWKM+w9e2YTNN8bmZJ32TaHuBJ3w/ZlpNg5G
Tz61st/UAlXoi9eGlYbF8c7xrWoPdeeqFSDqgmkJnokSYTczx0QsbXIi8wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLGIB9MIxTdrYTh1q6dTfgUOUz6fMB8GA1UdIwQY
MBaAFHjWNsUF1Wr0KkFMFn1SQH01az0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTIt
ZGRjZDRkOTM1MDMwLzEvc1lnSDB3akZOMnRoT0hXcnAxTi1CUTVUUHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTItZGRjZDRkOTM1MDMw
LzEvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8yoAwQD
vEGQMA0EAgACMAcDBQMqABqgMA0GCSqGSIb3DQEBCwUAA4IBAQBF7Nv5UWSDAJAK
4kjuMqIW0fmvO9T+Kc7LRCvKC0KyOvLdcfaEuzrst26nIwAIkx2hawmx0zRrxxzw
FcALNPuswphdjV0voPKiV3bcon9NG2QVSDfdiM0N3dcNn0McPQ2n33vX5K6vBsWn
DIy4xLhzOl6KnHANRWoTDPhFZt1rI2/nAplKiGYsJLr6KYBnhBDmyr65esgWdSdG
JnYS/dox7sI6j+Q8luiNVnMeaAS1arByWyYvL4scFvUMNKPi3h5ZJqIs3/wbW8hn
QNNzOwZp3+a2oLdscSPMyIHLHwIreh4f8xZrYspc3/oao/92ub2WfqQBrUcggemS
09tDt9EZ
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:38:02 2024 by rpki-client on console-ams.rpki-client.org