Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/F-cdflVdpJfULyMH3EO8CgxDpKE.roa
File: F-cdflVdpJfULyMH3EO8CgxDpKE.roa (raw, json)
Hash identifier: N7fnV09mXN+/24PCpkRcRpvyTxSRkZ8qbtGYXDZgJaI=
Subject key identifier: 17:E7:1D:7E:55:5D:A4:97:D4:2F:23:07:DC:43:BC:0A:0C:43:A4:A1
Certificate issuer: /CN=d489a5ddd3002e800999b5c1867f786781baf13d
Certificate serial: 018CC4935B47A6EC5A9EB5F86041FDE6EA03
Authority key identifier: D4:89:A5:DD:D3:00:2E:80:09:99:B5:C1:86:7F:78:67:81:BA:F1:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Iml3dMALoAJmbXBhn94Z4G68T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/F-cdflVdpJfULyMH3EO8CgxDpKE.roa
Signing time: Mon 01 Jan 2024 10:30:40 +0000
ROA not before: Mon 01 Jan 2024 10:30:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3301
IP address blocks: 193.161.239.0/24 maxlen: 24
193.161.236.0/22 maxlen: 22
193.161.236.0/24 maxlen: 24
193.161.238.0/24 maxlen: 24
193.161.237.0/24 maxlen: 24
194.35.82.0/23 maxlen: 23
194.35.83.0/24 maxlen: 24
194.35.82.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/1Iml3dMALoAJmbXBhn94Z4G68T0.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/1Iml3dMALoAJmbXBhn94Z4G68T0.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Iml3dMALoAJmbXBhn94Z4G68T0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:5b:47:a6:ec:5a:9e:b5:f8:60:41:fd:e6:ea:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d489a5ddd3002e800999b5c1867f786781baf13d
Validity
Not Before: Jan 1 10:30:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=17e71d7e555da497d42f2307dc43bc0a0c43a4a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:ac:df:45:12:a2:83:ab:55:92:37:6c:03:9a:
0d:ad:d2:8e:f7:54:66:c0:a4:fb:a6:e9:cb:21:99:
0b:14:19:7c:96:fe:b5:dd:a6:4d:f8:00:19:fb:3c:
43:f1:a7:0f:31:03:af:3e:d9:39:f3:b2:0b:d2:80:
d4:8d:6a:cf:24:8e:95:1f:2e:92:6d:ad:f2:b8:27:
0c:58:25:d4:03:81:c8:62:46:ff:80:12:4c:18:d0:
3e:a1:b5:41:83:12:17:f2:df:22:a2:d8:b5:98:ad:
43:62:0a:b8:20:2a:96:9c:5a:86:b5:3d:a2:30:5c:
93:33:3c:91:79:21:c2:ad:49:07:c9:fb:ce:9a:6b:
47:f2:b4:b5:61:44:10:89:be:00:ca:4f:20:45:e1:
03:eb:7f:cf:89:59:8c:bc:43:b3:b2:e7:a7:62:4d:
7a:51:61:0f:91:e2:7a:a2:53:a5:bb:f9:43:a7:25:
0e:11:5d:1a:47:d7:99:91:e9:c4:02:7b:59:6f:7f:
63:62:7c:9c:60:de:ca:19:6f:e7:1d:74:d2:67:a9:
15:e1:21:74:43:6f:fc:6f:3a:67:7f:6f:66:3c:f8:
f9:a5:e2:20:bf:cc:a2:75:c7:a6:53:1c:9a:e6:e8:
88:36:73:0e:70:5a:63:44:ea:1f:90:b9:77:63:18:
3f:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:E7:1D:7E:55:5D:A4:97:D4:2F:23:07:DC:43:BC:0A:0C:43:A4:A1
X509v3 Authority Key Identifier:
keyid:D4:89:A5:DD:D3:00:2E:80:09:99:B5:C1:86:7F:78:67:81:BA:F1:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Iml3dMALoAJmbXBhn94Z4G68T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/F-cdflVdpJfULyMH3EO8CgxDpKE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/1Iml3dMALoAJmbXBhn94Z4G68T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.161.236.0/22
194.35.82.0/23
Signature Algorithm: sha256WithRSAEncryption
3c:40:ef:c5:5d:9c:2b:1a:1b:73:9e:7b:77:f8:b3:81:e5:74:
c6:97:54:0b:62:6f:19:71:14:03:57:cc:eb:44:3e:3b:82:8f:
27:0a:47:5f:54:1a:cd:a3:cd:3d:a8:d1:53:d3:c0:40:44:18:
85:2b:c8:fc:2e:ce:3f:36:dc:fb:20:c7:80:a1:42:e9:84:bc:
04:08:9c:ac:6d:2b:ff:c2:55:7e:5e:10:53:1b:36:e5:20:34:
c4:4a:04:af:b0:fe:e1:e3:ea:e9:af:92:cd:10:0a:11:82:dc:
83:95:dd:89:8c:cb:1c:e6:13:6b:7f:16:2e:2a:0b:51:ea:52:
21:c2:cb:ff:d7:79:3d:b3:45:a3:8a:f9:3b:58:d6:30:22:3f:
0c:74:76:3e:e6:b6:84:29:29:9c:79:1e:b3:2c:3b:1f:74:ca:
10:8e:7b:bf:62:80:d3:0b:6f:f1:26:7d:65:dd:e5:21:b7:fe:
ba:cd:ae:e5:0a:ee:00:11:0d:a4:79:76:5e:a0:86:8e:26:37:
87:5f:b4:29:3c:46:9e:26:53:7c:84:66:78:d9:26:ea:ff:fd:
fe:39:27:47:d3:f2:38:17:12:48:8a:18:a7:d3:49:88:47:22:
f1:20:93:05:d5:35:53:4b:a3:9b:a3:de:65:d0:76:9d:d1:5f:
82:dd:02:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk1tHpuxanrX4YEH95uoDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODlhNWRkZDMwMDJlODAwOTk5YjVjMTg2N2Y3ODY3ODFi
YWYxM2QwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2U3MWQ3ZTU1NWRhNDk3ZDQyZjIzMDdkYzQzYmMwYTBjNDNhNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqzfRRKig6tVkjdsA5oNrdKO91Rm
wKT7punLIZkLFBl8lv613aZN+AAZ+zxD8acPMQOvPtk587IL0oDUjWrPJI6VHy6S
ba3yuCcMWCXUA4HIYkb/gBJMGNA+obVBgxIX8t8ioti1mK1DYgq4ICqWnFqGtT2i
MFyTMzyReSHCrUkHyfvOmmtH8rS1YUQQib4Ayk8gReED63/PiVmMvEOzsuenYk16
UWEPkeJ6olOlu/lDpyUOEV0aR9eZkenEAntZb39jYnycYN7KGW/nHXTSZ6kV4SF0
Q2/8bzpnf29mPPj5peIgv8yidcemUxya5uiINnMOcFpjROofkLl3Yxg/UwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBfnHX5VXaSX1C8jB9xDvAoMQ6ShMB8GA1UdIwQY
MBaAFNSJpd3TAC6ACZm1wYZ/eGeBuvE9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUltbDNkTUFMb0FKbWJYQmhuOTRaNEc2OFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iZmQyZDQtNmQ0NS00NGJiLWFlNmIt
NTI1OWVlZGNhMDdjLzEvRi1jZGZsVmRwSmZVTHlNSDNFTzhDZ3hEcEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iZmQyZDQtNmQ0NS00NGJiLWFlNmItNTI1OWVlZGNhMDdj
LzEvMUltbDNkTUFMb0FKbWJYQmhuOTRaNEc2OFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwaHsAwQB
wiNSMA0GCSqGSIb3DQEBCwUAA4IBAQA8QO/FXZwrGhtznnt3+LOB5XTGl1QLYm8Z
cRQDV8zrRD47go8nCkdfVBrNo809qNFT08BARBiFK8j8Ls4/Ntz7IMeAoULphLwE
CJysbSv/wlV+XhBTGzblIDTESgSvsP7h4+rpr5LNEAoRgtyDld2JjMsc5hNrfxYu
KgtR6lIhwsv/13k9s0Wjivk7WNYwIj8MdHY+5raEKSmceR6zLDsfdMoQjnu/YoDT
C2/xJn1l3eUht/66za7lCu4AEQ2keXZeoIaOJjeHX7QpPEaeJlN8hGZ42Sbq//3+
OSdH0/I4FxJIihin00mIRyLxIJMF1TVTS6Obo95l0Had0V+C3QIz
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:09:16 2024 by rpki-client on console-ams.rpki-client.org