Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/3a1094-9b70-4251-b68f-7267073761d4/1/XYwJZcdrBKBkcSS96Q6ZTnfRWfI.roa
File: XYwJZcdrBKBkcSS96Q6ZTnfRWfI.roa (raw, json)
Hash identifier: oIbqBB2h4j9CFeiFC566cIb9hs392U3Pu2b1H3pZ5/U=
Subject key identifier: 5D:8C:09:65:C7:6B:04:A0:64:71:24:BD:E9:0E:99:4E:77:D1:59:F2
Certificate issuer: /CN=3b230442feae9fc26b8bd887faa0ed0275827a58
Certificate serial: 018CC26D0C6A8AEBFBDE295A7B781025E777
Authority key identifier: 3B:23:04:42:FE:AE:9F:C2:6B:8B:D8:87:FA:A0:ED:02:75:82:7A:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OyMEQv6un8Jri9iH-qDtAnWCelg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/3a1094-9b70-4251-b68f-7267073761d4/1/XYwJZcdrBKBkcSS96Q6ZTnfRWfI.roa
Signing time: Mon 01 Jan 2024 00:29:35 +0000
ROA not before: Mon 01 Jan 2024 00:29:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3320
IP address blocks: 109.237.176.0/20 maxlen: 20
80.187.160.0/20 maxlen: 20
193.254.160.0/20 maxlen: 20
31.224.0.0/11 maxlen: 11
193.254.128.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/3a1094-9b70-4251-b68f-7267073761d4/1/OyMEQv6un8Jri9iH-qDtAnWCelg.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/3a1094-9b70-4251-b68f-7267073761d4/1/OyMEQv6un8Jri9iH-qDtAnWCelg.mft
rsync://rpki.ripe.net/repository/DEFAULT/OyMEQv6un8Jri9iH-qDtAnWCelg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 14 May 2024 13:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:0c:6a:8a:eb:fb:de:29:5a:7b:78:10:25:e7:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b230442feae9fc26b8bd887faa0ed0275827a58
Validity
Not Before: Jan 1 00:29:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5d8c0965c76b04a0647124bde90e994e77d159f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:3e:4a:93:8a:13:51:3d:05:87:59:54:71:cd:
b1:a6:d5:41:8b:19:ea:57:f9:05:c3:38:9b:7a:44:
ed:53:7e:98:8d:91:14:ff:6b:5b:2e:2c:7d:c8:37:
32:a7:50:1b:ed:57:9e:17:d4:16:3e:d3:20:b7:28:
f4:5f:a0:50:a9:c8:58:02:7e:b6:ba:df:8d:b3:3a:
71:7a:77:b2:89:03:c9:a4:7e:b9:70:57:72:88:77:
52:7e:80:59:71:21:ba:c6:6a:1a:8b:f8:3d:42:2b:
d9:33:df:98:76:68:3b:1f:c3:6a:6e:fc:72:06:da:
0e:13:64:98:f1:17:79:ff:37:fb:95:b8:d0:70:90:
5a:40:1c:d6:99:fc:79:33:06:b2:87:3d:af:72:76:
fe:b2:6b:d1:f4:31:a9:97:2a:bf:9c:57:ff:02:d1:
4a:85:dd:3e:22:33:18:9d:4f:74:90:1b:6d:36:4d:
5f:99:20:64:fc:f4:e7:2e:e6:14:31:cc:d0:cf:b6:
36:10:99:46:38:1b:40:c1:1f:04:97:ec:97:6e:61:
9f:dc:6f:04:4f:d7:22:dc:08:f9:33:13:34:72:a4:
76:a6:d5:4f:4a:ed:23:b0:ad:74:42:96:04:44:ef:
87:5b:4e:76:e5:d4:67:ca:b0:f4:61:c7:9b:99:3e:
ef:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:8C:09:65:C7:6B:04:A0:64:71:24:BD:E9:0E:99:4E:77:D1:59:F2
X509v3 Authority Key Identifier:
keyid:3B:23:04:42:FE:AE:9F:C2:6B:8B:D8:87:FA:A0:ED:02:75:82:7A:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OyMEQv6un8Jri9iH-qDtAnWCelg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3a1094-9b70-4251-b68f-7267073761d4/1/XYwJZcdrBKBkcSS96Q6ZTnfRWfI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3a1094-9b70-4251-b68f-7267073761d4/1/OyMEQv6un8Jri9iH-qDtAnWCelg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.224.0.0/11
80.187.160.0/20
109.237.176.0/20
193.254.128.0-193.254.175.255
Signature Algorithm: sha256WithRSAEncryption
14:5e:68:c6:89:32:bc:f2:e2:c2:4d:3f:15:ca:29:65:e4:78:
0a:e5:c1:00:1e:eb:11:21:86:b5:df:ea:38:09:ca:f0:c2:d9:
4d:5b:ae:41:73:2a:f6:85:ed:97:c2:87:81:44:2c:e5:d5:f0:
54:ae:5e:8f:1a:1d:cd:84:1a:9c:14:94:a1:93:1d:9f:43:83:
c2:91:12:24:38:4e:95:b8:4c:40:ef:7a:41:f2:c2:87:24:9c:
22:ae:58:18:33:20:3d:5e:74:16:fc:6b:6f:bb:fa:49:cc:77:
64:5d:d2:38:85:2a:b6:a8:f4:66:58:25:93:27:79:d9:a1:94:
4a:dd:73:df:da:45:a8:11:ae:7d:b9:f2:85:e4:6b:5e:e4:94:
99:67:82:0c:21:a0:50:e3:20:10:0c:93:c2:a9:f3:18:21:eb:
d7:8a:45:d3:22:7e:4c:34:19:b4:72:f0:43:ae:71:48:5d:3e:
33:d6:d6:21:c1:59:46:9c:73:03:8d:50:f6:90:28:2d:73:b4:
8f:74:94:6f:2e:2c:b1:30:2f:ad:1a:83:de:64:02:6f:cf:77:
2f:b5:2d:1a:04:ec:a0:92:4a:08:6f:e0:7e:24:b8:d5:ab:09:
9e:a6:e6:04:9d:d9:d8:27:81:ee:d1:22:17:5b:92:38:62:68:
92:4a:a4:bb
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzCbQxqiuv73ilae3gQJed3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMjMwNDQyZmVhZTlmYzI2YjhiZDg4N2ZhYTBlZDAyNzU4
MjdhNTgwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDhjMDk2NWM3NmIwNGEwNjQ3MTI0YmRlOTBlOTk0ZTc3ZDE1OWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiT5Kk4oTUT0Fh1lUcc2xptVBixnq
V/kFwzibekTtU36YjZEU/2tbLix9yDcyp1Ab7VeeF9QWPtMgtyj0X6BQqchYAn62
ut+NszpxeneyiQPJpH65cFdyiHdSfoBZcSG6xmoai/g9QivZM9+Ydmg7H8Nqbvxy
BtoOE2SY8Rd5/zf7lbjQcJBaQBzWmfx5Mwayhz2vcnb+smvR9DGplyq/nFf/AtFK
hd0+IjMYnU90kBttNk1fmSBk/PTnLuYUMczQz7Y2EJlGOBtAwR8El+yXbmGf3G8E
T9ci3Aj5MxM0cqR2ptVPSu0jsK10QpYERO+HW0525dRnyrD0YcebmT7vFwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFF2MCWXHawSgZHEkvekOmU530VnyMB8GA1UdIwQY
MBaAFDsjBEL+rp/Ca4vYh/qg7QJ1gnpYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3lNRVF2NnVuOEpyaTlpSC1xRHRBbldDZWxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8zYTEwOTQtOWI3MC00MjUxLWI2OGYt
NzI2NzA3Mzc2MWQ0LzEvWFl3SlpjZHJCS0JrY1NTOTZRNlpUbmZSV2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8zYTEwOTQtOWI3MC00MjUxLWI2OGYtNzI2NzA3Mzc2MWQ0
LzEvT3lNRVF2NnVuOEpyaTlpSC1xRHRBbldDZWxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfAwMFH+ADBARQ
u6ADBARt7bAwDAMEB8H+gAMEBMH+oDANBgkqhkiG9w0BAQsFAAOCAQEAFF5oxoky
vPLiwk0/FcopZeR4CuXBAB7rESGGtd/qOAnK8MLZTVuuQXMq9oXtl8KHgUQs5dXw
VK5ejxodzYQanBSUoZMdn0ODwpESJDhOlbhMQO96QfLChyScIq5YGDMgPV50Fvxr
b7v6Scx3ZF3SOIUqtqj0Zlglkyd52aGUSt1z39pFqBGufbnyheRrXuSUmWeCDCGg
UOMgEAyTwqnzGCHr14pF0yJ+TDQZtHLwQ65xSF0+M9bWIcFZRpxzA41Q9pAoLXO0
j3SUby4ssTAvrRqD3mQCb893L7UtGgTsoJJKCG/gfiS41asJnqbmBJ3Z2CeB7tEi
F1uSOGJokkqkuw==
-----END CERTIFICATE-----
Generated at Mon May 13 17:40:30 2024 by rpki-client on console-ams.rpki-client.org