Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/FD3g9-opiplxcGFg0DLV3mpiLvo.roa
File: FD3g9-opiplxcGFg0DLV3mpiLvo.roa (raw, json)
Hash identifier: Ge+7bD7Oi5u8EDZD+NmabA5wT2nLhyiWKjLIIeupRRE=
Subject key identifier: 14:3D:E0:F7:EA:29:8A:99:71:70:61:60:D0:32:D5:DE:6A:62:2E:FA
Certificate issuer: /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial: 018CC26D359CA0BDEB2B13F578721C01CFBD
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/FD3g9-opiplxcGFg0DLV3mpiLvo.roa
Signing time: Mon 01 Jan 2024 00:29:46 +0000
ROA not before: Mon 01 Jan 2024 00:29:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212849
IP address blocks: 217.150.215.0/24 maxlen: 24
217.150.216.0/22 maxlen: 24
217.150.217.0/24 maxlen: 24
217.150.218.0/24 maxlen: 24
217.150.219.0/24 maxlen: 24
217.150.220.0/24 maxlen: 24
217.150.222.0/24 maxlen: 24
217.150.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 May 2024 07:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:35:9c:a0:bd:eb:2b:13:f5:78:72:1c:01:cf:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Validity
Not Before: Jan 1 00:29:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=143de0f7ea298a9971706160d032d5de6a622efa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:f6:2c:59:68:b6:ad:ab:8f:db:f8:9e:7d:05:
89:7d:ad:3d:60:99:ed:63:14:2d:7d:3c:7d:ca:a0:
c1:43:6b:30:c8:a6:3c:8c:6e:83:44:9f:87:07:55:
f0:41:c4:1a:4f:88:84:58:44:b1:2b:2e:68:39:84:
7a:31:12:41:47:42:5f:28:00:c4:1a:5a:23:b5:f8:
4d:9f:e6:7d:d9:ff:8a:9d:ad:5a:8d:81:a9:49:03:
f3:8c:2b:af:9e:c0:c7:99:1b:ce:d5:03:c1:5d:87:
b8:bf:9a:29:5b:d1:2a:32:ca:1e:09:d4:eb:53:7c:
fe:78:f9:49:60:85:47:fb:1e:b9:7d:b5:52:14:f3:
96:6a:8c:97:18:33:ac:92:9c:23:88:b2:d4:f6:2f:
13:ab:ea:80:23:58:7b:95:4e:6a:43:62:b7:e3:0d:
0a:f9:58:24:d8:e3:a1:a1:af:e3:44:8f:95:ad:f2:
53:cc:f2:07:b0:86:06:3e:de:45:c3:50:e2:dc:99:
d7:7f:df:df:50:12:34:d1:ed:bd:4d:24:dc:a7:24:
15:b3:33:bd:a9:25:cd:04:98:cf:c6:1e:0a:e6:bb:
35:62:a8:76:d9:74:5b:3e:1d:a1:fd:23:70:95:6e:
6b:e7:d1:34:a4:32:4a:05:21:17:f6:dc:eb:58:6b:
7c:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:3D:E0:F7:EA:29:8A:99:71:70:61:60:D0:32:D5:DE:6A:62:2E:FA
X509v3 Authority Key Identifier:
keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/FD3g9-opiplxcGFg0DLV3mpiLvo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.150.215.0-217.150.220.255
217.150.222.0/23
Signature Algorithm: sha256WithRSAEncryption
31:88:13:6d:ef:3a:b5:bb:99:0f:62:74:93:56:f2:dc:e1:0e:
12:f4:d8:7e:9f:3d:2f:ae:b9:34:8b:7b:d0:d3:fe:ca:4d:8d:
58:f9:38:8e:3e:3a:4d:45:4d:d4:64:48:99:f5:19:aa:1e:f5:
f2:44:c4:38:8e:c3:73:88:b9:37:40:47:a6:f9:e7:aa:d9:6a:
fa:02:d6:9f:8e:0d:56:5e:be:40:ff:e9:f6:04:91:c4:a4:7e:
51:f2:13:ab:3a:3e:a2:81:a0:cc:69:d9:22:d7:b2:37:39:f9:
d1:91:5e:c4:2a:5b:56:0e:50:8b:00:c0:67:f7:b7:89:c0:f9:
e5:31:8d:5a:c3:6c:66:f1:89:87:ca:26:48:d9:a0:4e:fd:55:
59:ad:15:b2:14:0e:b4:4e:fd:9e:12:20:c5:22:a9:aa:d5:6a:
11:ae:53:ee:b7:e7:73:b4:0d:cc:fc:5c:28:ea:b8:54:06:2f:
74:d9:43:11:4f:4d:de:1b:b7:81:5d:67:ef:4b:6a:d6:ba:1d:
aa:6d:62:6c:d0:d3:0b:16:df:9e:67:25:e5:cc:83:ff:41:35:
b2:0b:f1:58:81:39:19:ec:70:1a:38:c1:03:a8:23:79:ca:b9:
10:49:40:15:8a:bc:32:0c:99:11:a6:8c:31:eb:91:d6:61:dc:
66:13:21:7a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzCbTWcoL3rKxP1eHIcAc+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDNkZTBmN2VhMjk4YTk5NzE3MDYxNjBkMDMyZDVkZTZhNjIyZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPYsWWi2rauP2/iefQWJfa09YJnt
YxQtfTx9yqDBQ2swyKY8jG6DRJ+HB1XwQcQaT4iEWESxKy5oOYR6MRJBR0JfKADE
GlojtfhNn+Z92f+Kna1ajYGpSQPzjCuvnsDHmRvO1QPBXYe4v5opW9EqMsoeCdTr
U3z+ePlJYIVH+x65fbVSFPOWaoyXGDOskpwjiLLU9i8Tq+qAI1h7lU5qQ2K34w0K
+Vgk2OOhoa/jRI+VrfJTzPIHsIYGPt5Fw1Di3JnXf9/fUBI00e29TSTcpyQVszO9
qSXNBJjPxh4K5rs1Yqh22XRbPh2h/SNwlW5r59E0pDJKBSEX9tzrWGt8oQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBQ94PfqKYqZcXBhYNAy1d5qYi76MB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvRkQzZzktb3BpcGx4Y0dGZzBETFYzbXBpTHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADZltcD
BADZltwDBAHZlt4wDQYJKoZIhvcNAQELBQADggEBADGIE23vOrW7mQ9idJNW8tzh
DhL02H6fPS+uuTSLe9DT/spNjVj5OI4+Ok1FTdRkSJn1Gaoe9fJExDiOw3OIuTdA
R6b556rZavoC1p+ODVZevkD/6fYEkcSkflHyE6s6PqKBoMxp2SLXsjc5+dGRXsQq
W1YOUIsAwGf3t4nA+eUxjVrDbGbxiYfKJkjZoE79VVmtFbIUDrRO/Z4SIMUiqarV
ahGuU+6353O0Dcz8XCjquFQGL3TZQxFPTd4bt4FdZ+9Lata6HaptYmzQ0wsW355n
JeXMg/9BNbIL8ViBORnscBo4wQOoI3nKuRBJQBWKvDIMmRGmjDHrkdZh3GYTIXo=
-----END CERTIFICATE-----
Generated at Fri May 17 10:37:07 2024 by rpki-client on console-fra.rpki-client.org