Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4YZ678VGCn5TLitDTnpaLf_QcWo.roa
File: 4YZ678VGCn5TLitDTnpaLf_QcWo.roa (raw, json)
Hash identifier: GllIYoM7z8h0P+oGARdumljTcTkRMxsSck2jM3LoHA8=
Subject key identifier: E1:86:7A:EF:C5:46:0A:7E:53:2E:2B:43:4E:7A:5A:2D:FF:D0:71:6A
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 018CC9BCA62BF729B0146984AE4867C42BC7
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4YZ678VGCn5TLitDTnpaLf_QcWo.roa
Signing time: Tue 02 Jan 2024 10:33:52 +0000
ROA not before: Tue 02 Jan 2024 10:33:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5650
IP address blocks: 89.117.212.0/24 maxlen: 24
89.117.214.0/24 maxlen: 24
86.38.191.0/24 maxlen: 24
89.117.251.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 04 May 2024 02:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:a6:2b:f7:29:b0:14:69:84:ae:48:67:c4:2b:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Jan 2 10:33:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e1867aefc5460a7e532e2b434e7a5a2dffd0716a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:b3:d9:23:6f:ac:e5:bb:91:83:18:4c:33:de:
19:9b:a3:bd:d8:a3:31:48:53:72:76:5d:21:9b:db:
89:ec:c9:39:d1:9e:6f:25:c4:87:de:53:dc:32:77:
57:92:cd:e5:f7:49:e3:f7:de:b6:3d:ea:54:dc:09:
0e:05:54:bf:20:48:31:56:51:2c:0e:14:1a:ff:9f:
94:f7:b8:f8:db:b7:c9:ad:df:d4:5f:bc:b1:c6:68:
8e:68:58:2c:79:17:ad:03:1d:fc:b1:35:9d:2b:cb:
fd:8d:f1:03:af:c3:17:b2:ea:ee:a2:a0:d4:d2:2e:
e2:f7:73:e6:57:04:86:13:68:d4:35:3b:4d:62:ef:
8b:d1:57:0a:69:30:ec:71:a4:e2:8e:43:7e:8a:63:
21:c0:04:34:e2:6b:f7:a5:e3:c1:3f:b9:3f:94:61:
8d:24:17:8b:81:90:6c:c4:ba:41:38:5b:ca:2f:19:
9d:9a:46:6e:7c:36:b4:a2:07:aa:bb:af:67:39:fa:
2e:48:92:23:51:2c:dd:e6:b6:14:cf:27:63:3e:08:
d0:d1:be:a5:2c:88:c2:90:f8:ae:b1:4d:95:5b:fd:
56:dc:54:f9:ec:97:6d:fc:e5:56:cf:e2:a9:29:e8:
ff:2c:97:6b:1a:93:52:ac:9f:0f:db:4e:a6:ed:93:
34:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:86:7A:EF:C5:46:0A:7E:53:2E:2B:43:4E:7A:5A:2D:FF:D0:71:6A
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4YZ678VGCn5TLitDTnpaLf_QcWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.191.0/24
89.117.212.0/24
89.117.214.0/24
89.117.251.0/24
Signature Algorithm: sha256WithRSAEncryption
25:65:3f:81:b2:77:be:31:ec:f2:c4:a7:0a:ce:4c:09:6c:f9:
2e:fb:1a:3b:2f:9e:92:4a:e1:94:47:4a:58:40:e5:e7:66:80:
4b:7f:69:26:bc:49:62:a6:8f:07:7f:b9:d9:53:de:09:ce:d8:
31:99:fa:a6:5f:5a:d9:38:3e:e3:22:5d:69:0e:c2:2a:1b:ef:
a0:e4:f7:bc:b8:8e:8e:0b:93:f6:e3:a6:da:a8:0f:54:1f:eb:
c2:05:d5:0a:f2:03:03:50:f2:d1:78:fa:47:8e:69:50:bc:cc:
15:50:27:3d:57:50:dd:54:10:6b:84:ba:02:74:10:b6:2d:68:
eb:99:61:6f:9e:d9:83:d2:dd:cc:6f:81:f2:84:e0:f6:ba:33:
04:f0:0a:77:9e:d3:47:ae:a4:46:c8:31:a2:27:0b:da:57:01:
3a:6f:d7:b2:80:dc:01:57:0a:38:91:2f:ee:4d:98:af:f8:17:
2a:23:e0:ae:56:bb:1b:b6:73:f8:cb:15:9e:fc:aa:d3:e9:99:
ca:82:ab:42:19:5d:06:cf:cc:1c:25:75:b6:94:03:8d:5f:b7:
50:21:12:75:28:c4:c3:fe:56:95:40:42:e8:04:ea:69:7b:79:
cc:69:8c:d4:58:2c:c8:10:86:77:b0:26:0f:60:9a:c8:0a:d7:
7e:a0:9d:0f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzJvKYr9ymwFGmErkhnxCvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTg2N2FlZmM1NDYwYTdlNTMyZTJiNDM0ZTdhNWEyZGZmZDA3MTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbPZI2+s5buRgxhMM94Zm6O92KMx
SFNydl0hm9uJ7Mk50Z5vJcSH3lPcMndXks3l90nj9962PepU3AkOBVS/IEgxVlEs
DhQa/5+U97j427fJrd/UX7yxxmiOaFgseRetAx38sTWdK8v9jfEDr8MXsuruoqDU
0i7i93PmVwSGE2jUNTtNYu+L0VcKaTDscaTijkN+imMhwAQ04mv3pePBP7k/lGGN
JBeLgZBsxLpBOFvKLxmdmkZufDa0ogequ69nOfouSJIjUSzd5rYUzydjPgjQ0b6l
LIjCkPiusU2VW/1W3FT57Jdt/OVWz+KpKej/LJdrGpNSrJ8P206m7ZM0XQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOGGeu/FRgp+Uy4rQ056Wi3/0HFqMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvNFlaNjc4VkdDbjVUTGl0RFRucGFMZl9RY1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVia/AwQA
WXXUAwQAWXXWAwQAWXX7MA0GCSqGSIb3DQEBCwUAA4IBAQAlZT+Bsne+MezyxKcK
zkwJbPku+xo7L56SSuGUR0pYQOXnZoBLf2kmvElipo8Hf7nZU94JztgxmfqmX1rZ
OD7jIl1pDsIqG++g5Pe8uI6OC5P246baqA9UH+vCBdUK8gMDUPLRePpHjmlQvMwV
UCc9V1DdVBBrhLoCdBC2LWjrmWFvntmD0t3Mb4HyhOD2ujME8Ap3ntNHrqRGyDGi
JwvaVwE6b9eygNwBVwo4kS/uTZiv+BcqI+CuVrsbtnP4yxWe/KrT6ZnKgqtCGV0G
z8wcJXW2lAONX7dQIRJ1KMTD/laVQELoBOppe3nMaYzUWCzIEIZ3sCYPYJrICtd+
oJ0P
-----END CERTIFICATE-----
Generated at Fri May 3 09:44:35 2024 by rpki-client on console-fra.rpki-client.org