Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/hMQJ0REVAil8ByHZtiDGC_OTbvo.roa
File: hMQJ0REVAil8ByHZtiDGC_OTbvo.roa (raw, json)
Hash identifier: CElKgM0bSkCPlL8WeeZx+gO42wHgy0V05RvEs8vlGZQ=
Subject key identifier: 84:C4:09:D1:11:15:02:29:7C:07:21:D9:B6:20:C6:0B:F3:93:6E:FA
Certificate issuer: /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial: 018CC26D018F371649587B3ABCB6F8684454
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/hMQJ0REVAil8ByHZtiDGC_OTbvo.roa
Signing time: Mon 01 Jan 2024 00:29:32 +0000
ROA not before: Mon 01 Jan 2024 00:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209709
IP address blocks: 195.69.78.0/24 maxlen: 24
195.69.77.0/24 maxlen: 24
202.170.196.0/22 maxlen: 23
185.170.108.0/22 maxlen: 22
115.124.32.0/22 maxlen: 23
103.243.204.0/22 maxlen: 23
91.247.40.0/21 maxlen: 21
91.247.48.0/22 maxlen: 22
5.182.12.0/22 maxlen: 22
185.99.28.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 16:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:01:8f:37:16:49:58:7b:3a:bc:b6:f8:68:44:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Validity
Not Before: Jan 1 00:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=84c409d1111502297c0721d9b620c60bf3936efa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:3c:3d:32:b0:cf:37:65:30:0f:f4:ba:48:4f:
ef:3b:53:10:a1:f0:ce:67:96:c2:94:24:b1:f8:25:
77:4b:d9:99:9a:92:58:f8:5b:40:c5:61:48:22:99:
46:76:56:2f:54:a7:43:94:cd:37:09:63:b5:39:dd:
c5:0e:0e:c0:a5:f4:2e:b9:d3:cc:2e:be:6d:95:dc:
b9:40:24:d6:d9:ec:b7:e4:52:7f:cb:b7:5c:08:06:
72:6a:be:8e:ab:d3:a6:55:ca:07:53:b9:cb:84:da:
d3:7c:7a:d4:35:57:c6:1f:48:6c:b6:e1:78:21:a2:
de:2f:71:3b:0f:dc:99:a0:3a:e0:b1:cb:dc:32:6f:
a5:07:87:93:07:26:55:f6:3d:3c:6c:7c:e0:cf:51:
c8:89:e0:a5:ca:bc:7c:49:de:9a:a8:a9:9f:1b:05:
24:5b:0f:ba:d3:57:43:59:56:91:c4:45:81:8d:15:
61:7e:cc:c8:39:a9:09:a6:42:bd:16:ea:45:22:28:
7b:df:68:ed:0c:00:2a:a0:dc:c8:57:57:42:83:e9:
cb:c0:46:ed:f6:f8:fd:00:73:63:5e:74:5d:46:90:
b5:ae:c9:d0:4c:0c:d4:42:a9:9e:6b:6c:61:6f:ce:
bb:06:07:60:d4:e4:92:3c:0a:ae:af:6f:45:13:c9:
9d:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:C4:09:D1:11:15:02:29:7C:07:21:D9:B6:20:C6:0B:F3:93:6E:FA
X509v3 Authority Key Identifier:
keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/hMQJ0REVAil8ByHZtiDGC_OTbvo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.12.0/22
91.247.40.0-91.247.51.255
103.243.204.0/22
115.124.32.0/22
185.99.28.0/22
185.170.108.0/22
195.69.77.0-195.69.78.255
202.170.196.0/22
Signature Algorithm: sha256WithRSAEncryption
63:9b:92:7b:dd:e6:e1:5a:11:c3:64:5d:01:2d:5e:06:98:71:
ac:dc:ee:96:89:aa:fe:8b:d1:2f:84:26:7e:ae:bb:49:fa:bf:
d4:a5:2f:4d:df:f5:f7:f9:c9:e6:07:a1:79:e8:83:bd:77:14:
e3:c3:62:1a:3f:91:5a:1a:54:4f:2f:e6:5b:ca:a7:11:7e:91:
5e:6d:8e:93:7e:89:9e:40:3f:d5:89:a9:48:83:8d:7e:d3:c2:
82:8b:3b:1e:d8:01:bd:00:ee:85:76:79:ea:d0:dd:8c:24:40:
11:14:74:6a:90:45:76:17:1d:7d:97:63:e4:5a:93:43:b4:70:
34:20:e9:56:bc:a4:67:05:f3:d0:ee:9b:77:e2:50:58:94:04:
b9:a7:70:96:a6:2c:b7:bb:89:3d:34:4d:39:1c:64:78:79:9e:
23:1e:2c:c9:c0:35:26:0b:a6:42:7c:10:1b:39:80:5e:22:07:
76:99:5b:ec:6c:ba:fd:cf:71:f0:0b:c8:af:85:03:cd:dd:8d:
de:5b:bb:44:c6:26:50:79:0d:80:76:3b:0d:14:82:ab:1e:75:
b6:f6:d2:3b:45:35:4a:fe:c3:91:4e:e7:a2:e9:37:26:1d:df:
88:9d:1a:9c:4d:71:fa:4e:69:53:06:dc:87:6f:d4:a4:93:4a:
3b:4a:6e:f8
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzCbQGPNxZJWHs6vLb4aERUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjQwMTAxMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM0MDlkMTExMTUwMjI5N2MwNzIxZDliNjIwYzYwYmYzOTM2ZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzw9MrDPN2UwD/S6SE/vO1MQofDO
Z5bClCSx+CV3S9mZmpJY+FtAxWFIIplGdlYvVKdDlM03CWO1Od3FDg7ApfQuudPM
Lr5tldy5QCTW2ey35FJ/y7dcCAZyar6Oq9OmVcoHU7nLhNrTfHrUNVfGH0hstuF4
IaLeL3E7D9yZoDrgscvcMm+lB4eTByZV9j08bHzgz1HIieClyrx8Sd6aqKmfGwUk
Ww+601dDWVaRxEWBjRVhfszIOakJpkK9FupFIih732jtDAAqoNzIV1dCg+nLwEbt
9vj9AHNjXnRdRpC1rsnQTAzUQqmea2xhb867Bgdg1OSSPAqur29FE8mdzwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFITECdERFQIpfAch2bYgxgvzk276MB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvaE1RSjBSRVZBaWw4QnlIWnRpREdDX09UYnZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCBbYMMAwD
BANb9ygDBAJb9zADBAJn88wDBAJzfCADBAK5YxwDBAK5qmwwDAMEAMNFTQMEAMNF
TgMEAsqqxDANBgkqhkiG9w0BAQsFAAOCAQEAY5uSe93m4VoRw2RdAS1eBphxrNzu
lomq/ovRL4Qmfq67Sfq/1KUvTd/19/nJ5geheeiDvXcU48NiGj+RWhpUTy/mW8qn
EX6RXm2Ok36JnkA/1YmpSIONftPCgos7HtgBvQDuhXZ56tDdjCRAERR0apBFdhcd
fZdj5FqTQ7RwNCDpVrykZwXz0O6bd+JQWJQEuadwlqYst7uJPTRNORxkeHmeIx4s
ycA1JgumQnwQGzmAXiIHdplb7Gy6/c9x8AvIr4UDzd2N3lu7RMYmUHkNgHY7DRSC
qx51tvbSO0U1Sv7DkU7nouk3Jh3fiJ0anE1x+k5pUwbch2/UpJNKO0pu+A==
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:35:13 2024 by rpki-client on console-ams.rpki-client.org