Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/On3nbqCz4gcosFtfN7Kriwu7hOA.roa
File: On3nbqCz4gcosFtfN7Kriwu7hOA.roa (raw, json)
Hash identifier: N7RSVaIFRFEgph6qY8CAbHh5CW5+nfy+LfApAZs9Das=
Subject key identifier: 3A:7D:E7:6E:A0:B3:E2:07:28:B0:5B:5F:37:B2:AB:8B:0B:BB:84:E0
Certificate issuer: /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial: 018FECC903A912EEDA356519E76F441719BF
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/On3nbqCz4gcosFtfN7Kriwu7hOA.roa
Signing time: Thu 06 Jun 2024 09:02:27 +0000
ROA not before: Thu 06 Jun 2024 09:02:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2287
IP address blocks: 90.84.157.0/24 maxlen: 24
90.84.158.0/24 maxlen: 24
90.84.166.0/24 maxlen: 24
90.84.167.0/24 maxlen: 24
2a01:ceff::/48 maxlen: 48
2a01:ceff:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 11:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:ec:c9:03:a9:12:ee:da:35:65:19:e7:6f:44:17:19:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
Validity
Not Before: Jun 6 09:02:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3a7de76ea0b3e20728b05b5f37b2ab8b0bbb84e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:1e:53:0a:9d:75:44:d8:73:88:bb:84:7c:94:
85:ae:a6:77:fe:4c:5f:81:40:8e:28:7a:d3:4c:45:
f1:8d:54:77:a5:48:1e:28:58:0f:7e:f5:67:a1:f3:
18:1d:f3:08:65:c8:3d:d1:08:39:95:e2:75:fa:03:
02:b6:2b:07:6e:e1:fc:77:71:40:7c:c5:be:80:e8:
75:36:e9:d9:a3:a0:39:51:0e:ed:a7:53:ed:82:82:
a9:9e:a1:f2:a9:3a:37:aa:17:8d:4e:84:57:bb:fb:
aa:2c:da:b5:c9:27:df:c2:54:6a:db:98:2f:c0:d1:
bf:6c:4d:c1:d5:5f:12:34:b9:b1:2b:7f:f3:7f:b9:
3b:00:70:db:53:ec:84:85:7b:49:3c:a4:63:76:08:
d0:38:d9:8c:71:2e:e7:0f:e7:bd:89:b2:84:2f:7e:
e3:89:18:2d:e6:c5:38:d6:c0:a5:df:0a:02:49:a7:
32:b2:e8:72:db:02:22:ac:d4:f3:a5:16:52:39:06:
73:df:d0:b2:6d:d9:48:a9:ef:e5:78:37:60:5d:1a:
4f:cc:ee:43:f9:03:42:83:d3:28:0e:29:d9:97:40:
62:33:e5:24:1d:6b:c6:1a:8a:d1:09:67:fe:cf:3d:
50:e4:dc:4b:93:e5:ba:de:e6:8c:a2:be:c7:0d:40:
44:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:7D:E7:6E:A0:B3:E2:07:28:B0:5B:5F:37:B2:AB:8B:0B:BB:84:E0
X509v3 Authority Key Identifier:
keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/On3nbqCz4gcosFtfN7Kriwu7hOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.84.157.0-90.84.158.255
90.84.166.0/23
IPv6:
2a01:ceff::/47
Signature Algorithm: sha256WithRSAEncryption
29:9d:3e:85:42:8b:1c:3d:65:c0:75:d5:74:98:27:2c:25:81:
b7:ab:83:eb:98:8e:20:97:9a:17:b9:ce:ff:8d:cc:69:e0:46:
2c:1c:0c:ff:36:f5:3a:9f:f6:91:d1:f8:22:16:ca:78:eb:ef:
4c:cf:ef:6f:53:c0:9a:34:39:d8:cd:ea:52:3d:7a:a3:a6:f4:
7a:a0:f5:d3:d7:27:08:55:c2:79:c8:07:cd:cc:3b:a9:8f:b1:
81:73:7d:19:71:0e:87:4d:d1:cb:81:d6:0b:0e:cc:5a:22:2e:
59:97:e0:f3:39:c1:4a:30:c2:81:26:de:6f:22:81:17:6a:a7:
60:23:25:e8:7d:57:ef:e3:3c:26:df:f7:d4:6b:c7:5d:9a:1a:
38:91:f9:1e:11:6d:8d:ee:99:9c:a0:f1:b3:5d:f3:fa:7a:60:
f0:89:3c:58:56:6e:37:0d:82:09:09:09:00:37:95:44:1c:62:
6d:06:00:24:99:87:a8:a3:72:87:38:6a:23:9d:2c:04:91:82:
a7:8a:e1:3c:0b:1f:0a:c9:7c:96:b7:90:25:8b:81:ee:67:04:
b3:a9:2e:51:c2:4f:f5:a5:9a:57:f5:68:b6:99:05:0f:78:f6:
76:51:e1:bb:d9:89:3f:1f:aa:dd:a5:65:ce:88:08:45:12:01:
d2:fc:cf:f2
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAY/syQOpEu7aNWUZ529EFxm/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwNjA2MDkwMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdkZTc2ZWEwYjNlMjA3MjhiMDViNWYzN2IyYWI4YjBiYmI4NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx5TCp11RNhziLuEfJSFrqZ3/kxf
gUCOKHrTTEXxjVR3pUgeKFgPfvVnofMYHfMIZcg90Qg5leJ1+gMCtisHbuH8d3FA
fMW+gOh1NunZo6A5UQ7tp1PtgoKpnqHyqTo3qheNToRXu/uqLNq1ySffwlRq25gv
wNG/bE3B1V8SNLmxK3/zf7k7AHDbU+yEhXtJPKRjdgjQONmMcS7nD+e9ibKEL37j
iRgt5sU41sCl3woCSacysuhy2wIirNTzpRZSOQZz39CybdlIqe/leDdgXRpPzO5D
+QNCg9MoDinZl0BiM+UkHWvGGorRCWf+zz1Q5NxLk+W63uaMor7HDUBEXQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFDp9526gs+IHKLBbXzeyq4sLu4TgMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvT24zbmJxQ3o0Z2Nvc0Z0Zk43S3Jpd3U3aE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUMAwDBABaVJ0D
BABaVJ4DBAFaVKYwDwQCAAIwCQMHASoBzv8AADANBgkqhkiG9w0BAQsFAAOCAQEA
KZ0+hUKLHD1lwHXVdJgnLCWBt6uD65iOIJeaF7nO/43MaeBGLBwM/zb1Op/2kdH4
IhbKeOvvTM/vb1PAmjQ52M3qUj16o6b0eqD109cnCFXCecgHzcw7qY+xgXN9GXEO
h03Ry4HWCw7MWiIuWZfg8znBSjDCgSbebyKBF2qnYCMl6H1X7+M8Jt/31GvHXZoa
OJH5HhFtje6ZnKDxs13z+npg8Ik8WFZuNw2CCQkJADeVRBxibQYAJJmHqKNyhzhq
I50sBJGCp4rhPAsfCsl8lreQJYuB7mcEs6kuUcJP9aWaV/VotpkFD3j2dlHhu9mJ
Px+q3aVlzogIRRIB0vzP8g==
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:32:58 2024 by rpki-client on console-ams.rpki-client.org