Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/2kzaGzMd7GZ0OtodJsm7VjQyk-A.roa
File: 2kzaGzMd7GZ0OtodJsm7VjQyk-A.roa (raw, json)
Hash identifier: tboPqK5N6JYERZoHs4srI0VgWvojgzA8OwlKwwV3Hkw=
Subject key identifier: DA:4C:DA:1B:33:1D:EC:66:74:3A:DA:1D:26:C9:BB:56:34:32:93:E0
Certificate issuer: /CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Certificate serial: 0191D760774AB7384E7578CB7D2690AC8D76
Authority key identifier: CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/2kzaGzMd7GZ0OtodJsm7VjQyk-A.roa
Signing time: Mon 09 Sep 2024 15:21:49 +0000
ROA not before: Mon 09 Sep 2024 15:21:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9009
IP address blocks: 74.118.124.0/24 maxlen: 24
74.118.125.0/24 maxlen: 24
74.118.126.0/24 maxlen: 24
74.118.127.0/24 maxlen: 24
143.223.96.0/24 maxlen: 24
143.223.97.0/24 maxlen: 24
143.223.98.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.mft
rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 18:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:d7:60:77:4a:b7:38:4e:75:78:cb:7d:26:90:ac:8d:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Validity
Not Before: Sep 9 15:21:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=da4cda1b331dec66743ada1d26c9bb56343293e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:c8:09:9f:cd:11:0a:53:67:bd:e4:27:52:82:
69:9c:00:f9:7b:fb:f0:94:60:0d:f6:e7:39:75:16:
b3:70:49:1b:93:f4:46:86:71:d4:73:66:b7:b1:91:
16:bf:44:e3:44:da:84:67:bc:1e:b5:53:82:27:c6:
8d:e6:f4:3a:b7:0e:00:44:27:88:92:fd:12:c3:92:
7d:f4:71:f7:48:db:f8:85:19:c0:b0:d4:00:88:08:
d4:25:e3:a2:67:80:c0:de:1f:2e:df:31:e8:10:f0:
98:c2:57:6b:2f:a8:b6:20:c1:35:f0:76:b7:81:89:
99:25:86:aa:e0:4e:b5:ee:94:27:46:9b:00:b5:e8:
eb:9e:a3:67:f0:ea:99:0b:b9:37:5c:6d:32:3e:a1:
61:05:a2:95:93:9b:b6:e9:9a:ce:d9:e0:81:82:e9:
ed:f5:a6:12:25:cd:cd:1f:e3:cc:8a:3a:b5:08:81:
a0:f7:1e:ff:f1:13:fd:0b:08:01:7b:27:8c:2e:a9:
50:a4:f7:01:38:92:43:87:37:a6:e2:62:8e:7f:61:
3b:1e:82:1e:f6:74:f0:0e:2d:68:27:d1:65:7b:cd:
2f:7f:71:86:54:74:57:1e:92:8a:3e:73:30:ec:44:
34:5b:f0:ff:cb:4c:df:fa:78:48:df:85:7b:19:86:
be:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:4C:DA:1B:33:1D:EC:66:74:3A:DA:1D:26:C9:BB:56:34:32:93:E0
X509v3 Authority Key Identifier:
keyid:CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/2kzaGzMd7GZ0OtodJsm7VjQyk-A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
74.118.124.0/22
143.223.96.0-143.223.98.255
Signature Algorithm: sha256WithRSAEncryption
33:cf:21:5b:48:a7:f2:2c:6f:ce:7c:f6:2f:26:02:24:45:50:
05:2f:82:bf:6b:5d:96:23:05:62:bd:23:67:ef:7f:07:c3:c1:
b0:45:74:b7:39:b8:7f:f1:29:73:6e:8d:a6:da:67:37:c4:74:
46:30:a5:e9:61:d1:71:b1:d5:08:d3:3c:09:62:dc:58:dc:f4:
95:33:da:28:24:ad:b9:da:f8:7d:91:c8:2c:38:20:31:bd:2c:
b2:36:4e:69:88:3d:85:fd:4b:18:46:9d:09:33:dc:b1:9b:71:
41:02:67:b4:cf:99:15:0a:fa:75:38:08:ee:f1:b5:41:4b:d2:
a0:10:cb:72:86:ea:ca:cc:02:ef:f6:33:73:d7:25:b7:cd:f3:
d0:b8:65:18:a3:3e:ce:ae:06:df:42:0a:74:5c:1e:bb:fe:95:
bc:ce:96:55:6d:67:0b:eb:03:bf:13:a0:23:60:22:15:f0:57:
88:cb:7c:ba:d4:4a:73:c2:0b:d4:58:80:ca:0a:02:d6:f7:dc:
4d:c9:b4:a8:c6:00:c2:a6:22:bc:86:26:a0:1a:6d:a5:94:5a:
ec:f7:23:44:6f:dd:11:f2:dd:45:e6:5e:bd:65:4f:49:81:54:
b0:39:ab:27:5a:b5:86:21:c9:d3:45:ad:69:c4:b3:32:7d:7b:
d4:5e:56:f0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZHXYHdKtzhOdXjLfSaQrI12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNTc2ZDg3NmUxN2U2N2FhM2IxZjFjMTBkYWIzOWRiMjkz
NWUyMmIwHhcNMjQwOTA5MTUyMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTRjZGExYjMzMWRlYzY2NzQzYWRhMWQyNmM5YmI1NjM0MzI5M2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMgJn80RClNnveQnUoJpnAD5e/vw
lGAN9uc5dRazcEkbk/RGhnHUc2a3sZEWv0TjRNqEZ7wetVOCJ8aN5vQ6tw4ARCeI
kv0Sw5J99HH3SNv4hRnAsNQAiAjUJeOiZ4DA3h8u3zHoEPCYwldrL6i2IME18Ha3
gYmZJYaq4E617pQnRpsAtejrnqNn8OqZC7k3XG0yPqFhBaKVk5u26ZrO2eCBgunt
9aYSJc3NH+PMijq1CIGg9x7/8RP9CwgBeyeMLqlQpPcBOJJDhzem4mKOf2E7HoIe
9nTwDi1oJ9Fle80vf3GGVHRXHpKKPnMw7EQ0W/D/y0zf+nhI34V7GYa+KQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNpM2hszHexmdDraHSbJu1Y0MpPgMB8GA1UdIwQY
MBaAFM1XbYduF+Z6o7HxwQ2rOdspNeIrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMt
MWE4MGEyZjdkN2VhLzEvMmt6YUd6TWQ3R1owT3RvZEpzbTdWalF5ay1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMtMWE4MGEyZjdkN2Vh
LzEvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCSnZ8MAwD
BAWP32ADBACP32IwDQYJKoZIhvcNAQELBQADggEBADPPIVtIp/Isb8589i8mAiRF
UAUvgr9rXZYjBWK9I2fvfwfDwbBFdLc5uH/xKXNujabaZzfEdEYwpelh0XGx1QjT
PAli3Fjc9JUz2igkrbna+H2RyCw4IDG9LLI2TmmIPYX9SxhGnQkz3LGbcUECZ7TP
mRUK+nU4CO7xtUFL0qAQy3KG6srMAu/2M3PXJbfN89C4ZRijPs6uBt9CCnRcHrv+
lbzOllVtZwvrA78ToCNgIhXwV4jLfLrUSnPCC9RYgMoKAtb33E3JtKjGAMKmIryG
JqAabaWUWuz3I0Rv3RHy3UXmXr1lT0mBVLA5qydatYYhydNFrWnEszJ9e9ReVvA=
-----END CERTIFICATE-----
Generated at Thu Nov 21 23:55:42 2024 by rpki-client on console-ams.rpki-client.org