Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/kRqn1_ljoUrGliEST-iNa6x-p8Y.roa
File: kRqn1_ljoUrGliEST-iNa6x-p8Y.roa (raw, json)
Hash identifier: 2Vk+wW1ygz0v1eegSj0dZ8AZd3jGsF+yhciDKBmBv0Q=
Subject key identifier: 91:1A:A7:D7:F9:63:A1:4A:C6:96:21:12:4F:E8:8D:6B:AC:7E:A7:C6
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 01910512341A32F21F8A4F18D60742C52244
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/kRqn1_ljoUrGliEST-iNa6x-p8Y.roa
Signing time: Tue 30 Jul 2024 19:16:04 +0000
ROA not before: Tue 30 Jul 2024 19:16:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7018
IP address blocks: 151.145.128.0/19 maxlen: 19
158.120.48.0/24 maxlen: 24
158.120.50.0/24 maxlen: 24
158.120.52.0/24 maxlen: 24
158.120.54.0/24 maxlen: 24
158.120.56.0/24 maxlen: 24
158.120.58.0/24 maxlen: 24
158.120.60.0/24 maxlen: 24
158.120.62.0/24 maxlen: 24
170.100.128.0/22 maxlen: 22
170.100.147.0/24 maxlen: 24
170.100.148.0/22 maxlen: 22
170.100.152.0/21 maxlen: 21
170.100.192.0/21 maxlen: 21
170.100.200.0/22 maxlen: 22
170.100.204.0/24 maxlen: 24
170.100.206.0/23 maxlen: 23
192.6.64.0/22 maxlen: 22
192.6.172.0/22 maxlen: 22
192.6.252.0/22 maxlen: 22
192.25.180.0/22 maxlen: 22
192.25.200.0/22 maxlen: 22
192.25.208.0/22 maxlen: 22
192.25.232.0/22 maxlen: 22
192.25.244.0/22 maxlen: 22
192.137.24.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 18:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:05:12:34:1a:32:f2:1f:8a:4f:18:d6:07:42:c5:22:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Jul 30 19:16:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=911aa7d7f963a14ac69621124fe88d6bac7ea7c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:aa:a0:45:90:c9:98:da:b7:36:de:16:2e:4c:
f1:a9:da:af:ee:b6:9b:cd:9c:44:58:74:8b:ed:8f:
ff:d9:0e:20:21:16:9a:0a:2a:85:cc:35:d4:8d:19:
8c:78:5e:7b:94:ca:0f:ac:14:74:de:2f:f3:d5:eb:
c3:52:df:22:b8:37:0b:3c:90:34:0f:27:f0:12:1e:
fe:92:25:a5:1e:e2:88:9f:dc:38:58:0a:41:22:ed:
c8:a3:97:2f:a3:ea:fc:f8:c5:f9:a5:10:c0:3e:39:
ed:48:b9:08:48:ce:c4:69:78:28:88:8f:b6:21:99:
91:c1:d2:9b:39:4a:f8:52:4e:94:b3:58:06:fc:1f:
8d:d4:81:0f:0c:12:f2:72:71:29:f9:67:0c:2a:d2:
7b:00:3b:8e:cc:05:2b:50:33:15:6e:e1:cb:cb:df:
a6:5c:0e:42:c6:06:71:85:ac:c3:c7:09:3e:a5:9d:
58:70:35:17:c6:57:f6:54:14:65:86:19:ff:87:76:
ab:12:48:7b:5c:36:2e:af:c9:be:e2:75:49:bc:ee:
e6:19:0c:46:df:de:83:6f:37:26:f4:32:a4:0f:4a:
28:01:83:3b:15:84:95:eb:bb:05:f9:41:8d:8a:f1:
5a:13:d2:15:94:17:26:4b:39:69:6d:05:2d:c0:b7:
9f:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:1A:A7:D7:F9:63:A1:4A:C6:96:21:12:4F:E8:8D:6B:AC:7E:A7:C6
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/kRqn1_ljoUrGliEST-iNa6x-p8Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.145.128.0/19
158.120.48.0/24
158.120.50.0/24
158.120.52.0/24
158.120.54.0/24
158.120.56.0/24
158.120.58.0/24
158.120.60.0/24
158.120.62.0/24
170.100.128.0/22
170.100.147.0-170.100.159.255
170.100.192.0-170.100.204.255
170.100.206.0/23
192.6.64.0/22
192.6.172.0/22
192.6.252.0/22
192.25.180.0/22
192.25.200.0/22
192.25.208.0/22
192.25.232.0/22
192.25.244.0/22
192.137.24.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:28:c1:0e:98:1e:09:8a:46:7f:a9:f3:4f:c0:f2:1b:57:be:
c9:bf:7e:fb:0b:44:33:dd:8e:61:4e:53:89:8c:cc:d1:6c:a8:
63:56:e3:7c:13:12:b8:1a:ee:fc:f8:45:6e:25:e9:72:24:74:
d6:5e:4f:a5:75:97:0d:d2:b7:c8:fc:1a:77:1d:79:c7:c1:86:
42:44:ab:35:86:5d:36:6e:3e:02:25:f7:d4:b8:77:b9:37:f6:
65:f5:b2:02:2d:81:c3:f3:51:0c:f4:f7:db:99:ff:c9:5a:33:
cb:d2:dc:77:a1:3a:4d:a4:c4:7f:f3:17:20:1c:81:12:0a:7b:
59:ca:07:e8:ba:4f:ed:d1:b2:57:8e:43:8b:90:93:28:fa:1e:
09:70:b2:35:03:d2:7e:43:e5:89:46:0f:87:c0:95:d4:76:fc:
c2:cf:77:08:37:1b:6d:c1:21:b4:4b:89:dd:16:c6:01:61:53:
a7:51:32:49:fd:0e:be:39:80:af:3b:22:92:7d:b8:da:cb:2a:
00:cb:45:50:0d:19:9d:85:bb:2d:9a:e4:a4:c8:e2:5b:56:9d:
4b:e6:b1:f5:59:9d:a9:a1:e8:04:6c:4c:b3:9f:cf:19:b1:ac:
bd:9d:cc:f6:fe:43:38:2f:84:07:56:8a:93:c4:74:bf:ff:ab:
e9:f7:20:4c
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAZEFEjQaMvIfik8Y1gdCxSJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjQwNzMwMTkxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFhYTdkN2Y5NjNhMTRhYzY5NjIxMTI0ZmU4OGQ2YmFjN2VhN2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaqgRZDJmNq3Nt4WLkzxqdqv7rab
zZxEWHSL7Y//2Q4gIRaaCiqFzDXUjRmMeF57lMoPrBR03i/z1evDUt8iuDcLPJA0
DyfwEh7+kiWlHuKIn9w4WApBIu3Io5cvo+r8+MX5pRDAPjntSLkISM7EaXgoiI+2
IZmRwdKbOUr4Uk6Us1gG/B+N1IEPDBLycnEp+WcMKtJ7ADuOzAUrUDMVbuHLy9+m
XA5CxgZxhazDxwk+pZ1YcDUXxlf2VBRlhhn/h3arEkh7XDYur8m+4nVJvO7mGQxG
396Dbzcm9DKkD0ooAYM7FYSV67sF+UGNivFaE9IVlBcmSzlpbQUtwLef0QIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFJEap9f5Y6FKxpYhEk/ojWusfqfGMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEva1JxbjFfbGpvVXJHbGlFU1QtaU5hNngtcDhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjCBmwQCAAEwgZQDBAWX
kYADBACeeDADBACeeDIDBACeeDQDBACeeDYDBACeeDgDBACeeDoDBACeeDwDBACe
eD4DBAKqZIAwDAMEAKpkkwMEBapkgDAMAwQGqmTAAwQAqmTMAwQBqmTOAwQCwAZA
AwQCwAasAwQCwAb8AwQCwBm0AwQCwBnIAwQCwBnQAwQCwBnoAwQCwBn0AwQCwIkY
MA0GCSqGSIb3DQEBCwUAA4IBAQCaKMEOmB4JikZ/qfNPwPIbV77Jv377C0Qz3Y5h
TlOJjMzRbKhjVuN8ExK4Gu78+EVuJelyJHTWXk+ldZcN0rfI/Bp3HXnHwYZCRKs1
hl02bj4CJffUuHe5N/Zl9bICLYHD81EM9Pfbmf/JWjPL0tx3oTpNpMR/8xcgHIES
CntZygfouk/t0bJXjkOLkJMo+h4JcLI1A9J+Q+WJRg+HwJXUdvzCz3cINxttwSG0
S4ndFsYBYVOnUTJJ/Q6+OYCvOyKSfbjayyoAy0VQDRmdhbstmuSkyOJbVp1L5rH1
WZ2poegEbEyzn88Zsay9ncz2/kM4L4QHVoqTxHS//6vp9yBM
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:15:44 2024 by rpki-client on console-ams.rpki-client.org