Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DW-lfH9kyaNncum7dT7x5rOCbZQ.roa
File: DW-lfH9kyaNncum7dT7x5rOCbZQ.roa (raw, json)
Hash identifier: SvXjgERCKRuWRjA/jBh3BPqEThFSo8nDA0fh30j1eW8=
Subject key identifier: 0D:6F:A5:7C:7F:64:C9:A3:67:72:E9:BB:75:3E:F1:E6:B3:82:6D:94
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018CCA2A6F0D6153C20465C9321303BC1265
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DW-lfH9kyaNncum7dT7x5rOCbZQ.roa
Signing time: Tue 02 Jan 2024 12:33:47 +0000
ROA not before: Tue 02 Jan 2024 12:33:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59598
IP address blocks: 185.215.247.0/24 maxlen: 24
91.132.56.0/24 maxlen: 24
185.212.60.0/22 maxlen: 24
31.25.88.0/23 maxlen: 24
185.217.108.0/22 maxlen: 24
212.107.28.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 07 May 2024 20:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2a:6f:0d:61:53:c2:04:65:c9:32:13:03:bc:12:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 2 12:33:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0d6fa57c7f64c9a36772e9bb753ef1e6b3826d94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:d6:58:55:52:8a:ff:8d:22:15:10:30:08:d1:
23:00:a6:e9:b3:02:66:40:63:d4:cb:d9:71:69:b4:
1e:7e:83:49:92:59:28:9c:3c:9a:a9:0e:2c:f4:aa:
0e:00:f7:06:95:75:2c:ef:60:19:32:02:be:ed:a1:
b9:31:f7:05:56:69:cd:e8:05:ca:56:9c:c7:47:e2:
52:de:9a:2d:36:02:84:bd:fa:2c:f8:00:f0:d0:71:
e1:97:d9:b9:bf:59:32:62:6d:f5:d7:0b:80:ee:48:
d6:4e:4d:02:02:b0:64:62:1e:26:87:c6:50:5e:d6:
e6:d6:a7:8e:3e:bb:8f:39:e0:83:cc:07:d1:25:0e:
bf:cf:e5:11:2b:58:e7:81:c5:bd:d3:b0:db:e8:ed:
fb:5c:b3:4f:0f:85:64:63:12:21:3a:ce:7f:14:fd:
d2:cc:c2:b5:45:13:20:3a:94:8c:72:e2:70:20:43:
62:65:21:a6:0d:16:03:89:ad:b3:48:cc:7b:c4:ec:
83:25:74:d4:3e:00:6d:c1:c1:3a:de:e8:08:77:64:
2f:95:75:25:5c:9a:b8:96:99:4d:81:b2:ee:66:48:
5e:a4:94:c1:27:d7:cb:6f:5f:51:6d:bb:8b:e0:24:
96:b3:fe:eb:f6:1d:c5:0d:36:f6:be:bf:17:c4:d8:
b3:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:6F:A5:7C:7F:64:C9:A3:67:72:E9:BB:75:3E:F1:E6:B3:82:6D:94
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DW-lfH9kyaNncum7dT7x5rOCbZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.25.88.0/23
91.132.56.0/24
185.212.60.0/22
185.215.247.0/24
185.217.108.0/22
212.107.28.0/22
Signature Algorithm: sha256WithRSAEncryption
5c:42:13:9f:0a:8d:df:3c:e0:9a:f7:ee:49:e9:94:da:58:83:
4d:2c:0a:15:36:7b:67:fd:59:cb:ef:0a:f7:2c:74:32:f3:50:
c5:1b:90:53:ba:56:94:e5:fa:67:6a:06:10:8f:7b:73:cd:91:
6b:84:da:12:7c:b3:9b:bd:2b:5c:77:be:41:fe:08:7c:58:d3:
66:ec:37:37:da:c9:b2:c8:bd:09:f4:d6:b2:51:0e:9e:c1:85:
ef:b9:fd:1e:4a:43:9e:a2:f4:51:e5:ad:71:b2:0c:6a:d6:28:
0d:45:46:10:36:38:1f:70:51:42:39:43:83:fc:d1:b1:f1:64:
a4:0c:6b:5f:f6:b9:47:7a:a8:0e:4d:eb:4c:1e:98:cb:38:4c:
41:26:46:d6:68:61:14:42:02:49:11:22:5a:de:5d:91:53:69:
00:7e:db:41:75:04:43:fc:5f:74:07:d5:5a:67:fd:21:c4:d0:
c9:7a:f2:d3:f2:0f:3d:8c:b9:10:89:37:99:b1:7a:2e:5c:b4:
a9:fc:9e:a9:09:f2:4f:02:54:c2:13:1e:53:b6:cd:5a:62:a5:
35:09:c7:7e:d9:c7:ac:cc:97:5e:cb:1e:99:9a:b9:25:d6:ee:
3d:70:c0:87:66:79:a9:7d:7b:f8:7d:3b:08:61:74:f1:50:44:
46:d8:a2:48
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzKKm8NYVPCBGXJMhMDvBJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDZmYTU3YzdmNjRjOWEzNjc3MmU5YmI3NTNlZjFlNmIzODI2ZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9ZYVVKK/40iFRAwCNEjAKbpswJm
QGPUy9lxabQefoNJklkonDyaqQ4s9KoOAPcGlXUs72AZMgK+7aG5MfcFVmnN6AXK
VpzHR+JS3potNgKEvfos+ADw0HHhl9m5v1kyYm311wuA7kjWTk0CArBkYh4mh8ZQ
Xtbm1qeOPruPOeCDzAfRJQ6/z+URK1jngcW907Db6O37XLNPD4VkYxIhOs5/FP3S
zMK1RRMgOpSMcuJwIENiZSGmDRYDia2zSMx7xOyDJXTUPgBtwcE63ugId2QvlXUl
XJq4lplNgbLuZkhepJTBJ9fLb19RbbuL4CSWs/7r9h3FDTb2vr8XxNizkQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFA1vpXx/ZMmjZ3Lpu3U+8eazgm2UMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRFctbGZIOWt5YU5uY3VtN2RUN3g1ck9DYlpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBHxlYAwQA
W4Q4AwQCudQ8AwQAudf3AwQCudlsAwQC1GscMA0GCSqGSIb3DQEBCwUAA4IBAQBc
QhOfCo3fPOCa9+5J6ZTaWINNLAoVNntn/VnL7wr3LHQy81DFG5BTulaU5fpnagYQ
j3tzzZFrhNoSfLObvStcd75B/gh8WNNm7Dc32smyyL0J9NayUQ6ewYXvuf0eSkOe
ovRR5a1xsgxq1igNRUYQNjgfcFFCOUOD/NGx8WSkDGtf9rlHeqgOTetMHpjLOExB
JkbWaGEUQgJJESJa3l2RU2kAfttBdQRD/F90B9VaZ/0hxNDJevLT8g89jLkQiTeZ
sXouXLSp/J6pCfJPAlTCEx5Tts1aYqU1Ccd+2ceszJdeyx6Zmrkl1u49cMCHZnmp
fXv4fTsIYXTxUERG2KJI
-----END CERTIFICATE-----
Generated at Mon May 6 23:50:17 2024 by rpki-client on console-fra.rpki-client.org