Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/33XHxfBHvrq5IIxbrYm2WYO4h0E.roa
File: 33XHxfBHvrq5IIxbrYm2WYO4h0E.roa (raw, json)
Hash identifier: O0R4FF2yMCctMJ8RvO3tv9sPfUcF9RUpqIEMRGDk5/s=
Subject key identifier: DF:75:C7:C5:F0:47:BE:BA:B9:20:8C:5B:AD:89:B6:59:83:B8:87:41
Certificate issuer: /CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Certificate serial: 018CC26D35E1A3BAADC00DDCF1BD7DA7E80A
Authority key identifier: B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/33XHxfBHvrq5IIxbrYm2WYO4h0E.roa
Signing time: Mon 01 Jan 2024 00:29:46 +0000
ROA not before: Mon 01 Jan 2024 00:29:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34530
IP address blocks: 213.222.198.0/24 maxlen: 24
213.222.199.0/24 maxlen: 24
194.126.216.0/24 maxlen: 24
213.222.223.0/24 maxlen: 24
213.222.220.0/22 maxlen: 22
213.222.221.0/24 maxlen: 24
213.222.222.0/24 maxlen: 24
2a03:7580:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.mft
rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 15:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:35:e1:a3:ba:ad:c0:0d:dc:f1:bd:7d:a7:e8:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Validity
Not Before: Jan 1 00:29:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=df75c7c5f047bebab9208c5bad89b65983b88741
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:2f:ac:b2:0d:d5:a3:76:d7:69:ea:f2:8e:de:
e3:f3:b6:ff:92:62:9b:63:88:26:08:f3:6d:6a:c5:
b3:48:b0:c7:d9:42:ba:95:a7:13:9a:bb:0c:0a:98:
87:75:54:08:98:c4:6e:5a:2f:85:42:bc:09:72:ef:
d1:44:fd:f5:b7:91:e1:45:0f:09:9f:5c:81:20:9c:
dc:3c:57:39:8b:9d:01:a9:44:3c:2e:01:54:ea:fa:
91:2b:c8:ce:5e:7d:fe:4c:6c:f3:20:00:f5:1b:f3:
a3:d0:09:f6:fc:6e:0b:06:2a:3f:49:4b:ac:a1:c2:
08:7c:72:61:b0:3b:02:57:21:77:33:ee:98:43:2c:
6c:06:8c:6d:03:77:3d:3a:85:bb:a8:99:37:37:e8:
8d:87:3f:f3:91:a6:8f:b4:b7:82:2c:39:9f:53:cc:
7d:7d:d2:16:64:df:75:33:9d:24:d6:15:d4:c4:03:
8b:f3:cf:02:2e:73:1f:df:61:8f:ed:0d:48:a6:30:
31:37:3d:a5:44:89:f3:f3:21:3a:41:8c:32:c7:95:
15:5a:8b:9b:19:be:3f:2d:7b:c7:3b:f0:6e:a2:0f:
ed:6f:60:39:1a:ae:6d:30:ae:ee:06:80:7e:c5:b3:
77:9c:28:77:02:f0:ca:25:23:68:d8:c2:ad:e3:c0:
31:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:75:C7:C5:F0:47:BE:BA:B9:20:8C:5B:AD:89:B6:59:83:B8:87:41
X509v3 Authority Key Identifier:
keyid:B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/33XHxfBHvrq5IIxbrYm2WYO4h0E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.126.216.0/24
213.222.198.0/23
213.222.220.0/22
IPv6:
2a03:7580:4000::/40
Signature Algorithm: sha256WithRSAEncryption
9e:10:43:31:ce:76:e1:b8:ed:46:3d:52:79:33:cb:65:43:d0:
83:85:28:dc:22:11:d2:5b:a4:80:87:1f:9e:dc:b2:d9:e4:fc:
fa:09:02:2f:d5:27:17:12:87:05:31:fe:14:10:18:89:7b:61:
89:0d:a5:2b:12:01:6c:0b:d7:1d:58:c7:d4:a9:0a:25:ec:d6:
f3:17:72:29:09:bf:a2:af:5a:23:d6:3a:bb:c0:99:22:f8:a2:
df:ec:16:c7:1b:98:89:ac:2c:68:29:77:2e:e6:2d:1d:2b:ca:
16:34:fa:0c:31:06:ea:d6:3f:82:a4:38:07:2a:df:b6:c6:27:
b5:c9:4c:24:26:02:38:67:59:32:bc:29:9f:01:66:d1:ee:02:
1e:dd:13:78:99:2d:dc:7d:cf:db:be:b1:60:51:59:62:a7:59:
d2:8f:9e:cc:54:97:bf:1b:1b:ff:1e:bb:80:5e:f1:05:a0:7c:
ba:e1:7d:7b:a1:4c:10:c3:05:5d:92:6c:f6:78:15:56:1b:9e:
36:31:47:52:81:8f:38:4b:eb:bb:81:78:0a:5a:52:ac:e6:fe:
c5:a5:7b:6b:3d:a8:51:4e:8b:f7:97:a0:7c:d0:50:ae:9b:11:
b1:fb:ce:7a:4e:81:d7:52:ef:16:de:85:29:40:e0:74:69:8d:
d5:24:35:eb
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzCbTXho7qtwA3c8b19p+gKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDdlZDE0YjhkNTFhMjBiYWVjN2I2NjBmMDhhODBjZGNm
ODE3YmYwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjc1YzdjNWYwNDdiZWJhYjkyMDhjNWJhZDg5YjY1OTgzYjg4NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzC+ssg3Vo3bXaeryjt7j87b/kmKb
Y4gmCPNtasWzSLDH2UK6lacTmrsMCpiHdVQImMRuWi+FQrwJcu/RRP31t5HhRQ8J
n1yBIJzcPFc5i50BqUQ8LgFU6vqRK8jOXn3+TGzzIAD1G/Oj0An2/G4LBio/SUus
ocIIfHJhsDsCVyF3M+6YQyxsBoxtA3c9OoW7qJk3N+iNhz/zkaaPtLeCLDmfU8x9
fdIWZN91M50k1hXUxAOL888CLnMf32GP7Q1IpjAxNz2lRInz8yE6QYwyx5UVWoub
Gb4/LXvHO/Buog/tb2A5Gq5tMK7uBoB+xbN3nCh3AvDKJSNo2MKt48Ax6wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFN91x8XwR766uSCMW62JtlmDuIdBMB8GA1UdIwQY
MBaAFLTX7RS41Roguux7Zg8IqAzc+Be/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2Mt
N2QwNDIzYmRhNzRjLzEvMzNYSHhmQkh2cnE1SUl4YnJZbTJXWU80aDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2MtN2QwNDIzYmRhNzRj
LzEvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQAwn7YAwQB
1d7GAwQC1d7cMA4EAgACMAgDBgAqA3WAQDANBgkqhkiG9w0BAQsFAAOCAQEAnhBD
Mc524bjtRj1SeTPLZUPQg4Uo3CIR0lukgIcfntyy2eT8+gkCL9UnFxKHBTH+FBAY
iXthiQ2lKxIBbAvXHVjH1KkKJezW8xdyKQm/oq9aI9Y6u8CZIvii3+wWxxuYiaws
aCl3LuYtHSvKFjT6DDEG6tY/gqQ4ByrftsYntclMJCYCOGdZMrwpnwFm0e4CHt0T
eJkt3H3P276xYFFZYqdZ0o+ezFSXvxsb/x67gF7xBaB8uuF9e6FMEMMFXZJs9ngV
VhueNjFHUoGPOEvru4F4ClpSrOb+xaV7az2oUU6L95egfNBQrpsRsfvOek6B11Lv
Ft6FKUDgdGmN1SQ16w==
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:40:58 2024 by rpki-client on console-fra.rpki-client.org