Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/O9tnLQJquPb7x0Nf27V4HJoKllY.roa
File: O9tnLQJquPb7x0Nf27V4HJoKllY.roa (raw, json)
Hash identifier: kYnRAV3t3s7BELjQzBUE7xOv2zkIt57NlsD567+7ZAM=
Subject key identifier: 3B:DB:67:2D:02:6A:B8:F6:FB:C7:43:5F:DB:B5:78:1C:9A:0A:96:56
Certificate issuer: /CN=cfeace714c29568ef197007b141d12758cc415d5
Certificate serial: 018CCA993E58CF4FD1DA7C123DBF542FDB4E
Authority key identifier: CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/O9tnLQJquPb7x0Nf27V4HJoKllY.roa
Signing time: Tue 02 Jan 2024 14:34:49 +0000
ROA not before: Tue 02 Jan 2024 14:34:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1257
IP address blocks: 195.78.36.0/24 maxlen: 24
188.65.152.0/21 maxlen: 24
185.56.212.0/22 maxlen: 24
185.57.168.0/22 maxlen: 24
193.254.192.0/23 maxlen: 24
193.138.74.0/24 maxlen: 24
193.41.118.0/23 maxlen: 24
2a01:4400::/32 maxlen: 48
2a02:5120::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.crl
rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.mft
rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 29 Jun 2024 16:01:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:99:3e:58:cf:4f:d1:da:7c:12:3d:bf:54:2f:db:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfeace714c29568ef197007b141d12758cc415d5
Validity
Not Before: Jan 2 14:34:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3bdb672d026ab8f6fbc7435fdbb5781c9a0a9656
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:5a:20:95:b9:8c:9d:44:51:98:56:13:52:92:
b2:a6:21:d5:c4:f1:eb:b1:23:a1:ec:2c:66:22:fb:
8a:ab:73:d2:1d:c1:c2:99:72:6b:95:a8:72:21:b4:
7b:2c:ea:ea:10:a1:87:81:6b:46:fb:fb:46:3b:c7:
5b:86:0d:c3:fd:ad:15:ac:6b:8b:99:52:43:7f:08:
a3:a8:8e:46:68:9a:73:a2:e6:83:5d:4b:70:c3:8f:
c2:de:12:9e:fb:12:43:83:62:f5:2f:e7:05:1b:41:
16:d1:39:76:69:a3:b1:c2:48:5c:43:eb:ed:a2:44:
49:cb:79:1c:8a:e6:62:fe:b7:c7:e2:90:b6:8e:4a:
d0:e2:43:a9:25:9d:2a:13:f3:3c:a9:ca:8d:0e:d0:
01:07:1a:83:7e:ce:82:b1:e1:c0:28:08:e9:5f:50:
aa:0d:89:f4:88:36:0c:75:ab:d1:54:ac:87:ff:d8:
ba:16:0f:3f:af:86:da:86:3a:a1:71:34:18:71:8e:
05:49:01:c9:9d:9c:f3:de:8a:a0:f7:6e:1a:3f:55:
b3:1b:d1:94:d9:75:45:86:b7:03:4e:c0:78:27:eb:
8a:20:0c:20:b9:7a:81:36:ea:d6:6c:d9:e4:4d:3d:
3e:d4:18:63:99:de:b3:35:39:2d:e3:09:97:c6:dc:
66:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:DB:67:2D:02:6A:B8:F6:FB:C7:43:5F:DB:B5:78:1C:9A:0A:96:56
X509v3 Authority Key Identifier:
keyid:CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/O9tnLQJquPb7x0Nf27V4HJoKllY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.56.212.0/22
185.57.168.0/22
188.65.152.0/21
193.41.118.0/23
193.138.74.0/24
193.254.192.0/23
195.78.36.0/24
IPv6:
2a01:4400::/32
2a02:5120::/32
Signature Algorithm: sha256WithRSAEncryption
7b:24:8c:36:7a:31:42:d4:da:95:28:c9:db:5d:c9:9b:ae:74:
b8:05:f0:ad:9a:79:11:ca:ea:5c:64:b1:7e:2e:87:cd:68:ad:
99:f4:a1:b4:6e:90:93:01:20:7c:22:b7:42:ab:54:61:45:1b:
22:b4:d0:71:e4:89:79:aa:dd:1c:c0:25:5f:df:f6:2a:5e:fc:
0f:4d:73:60:32:b4:97:3b:96:b3:87:f4:6d:f5:4d:73:82:d1:
4b:f1:d2:00:7d:78:57:fe:ca:a2:43:34:ed:3e:27:d7:52:c6:
f9:1f:05:d3:84:e0:54:53:ac:00:aa:6f:d7:97:39:49:54:b7:
aa:d0:be:2c:9c:95:4a:77:4e:ef:da:13:46:5f:6a:0d:9e:32:
f0:86:ac:99:1a:92:64:00:14:c8:86:83:d5:01:4d:98:18:51:
de:d5:8c:2f:73:0f:66:b1:a2:99:4d:1c:00:24:fa:4b:cf:d9:
17:a7:d6:c4:f5:ab:31:61:46:d1:f2:24:f5:58:1b:32:62:c9:
3e:1d:48:af:ad:25:48:6f:3c:65:0c:24:87:14:23:e8:81:52:
94:07:a7:3b:87:73:15:39:89:c0:18:11:74:9d:2b:37:13:5e:
69:24:3e:b4:85:bc:86:d7:17:0b:90:4f:25:e5:97:27:a5:84:
eb:19:de:3f
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzKmT5Yz0/R2nwSPb9UL9tOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZWFjZTcxNGMyOTU2OGVmMTk3MDA3YjE0MWQxMjc1OGNj
NDE1ZDUwHhcNMjQwMTAyMTQzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmRiNjcyZDAyNmFiOGY2ZmJjNzQzNWZkYmI1NzgxYzlhMGE5NjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVoglbmMnURRmFYTUpKypiHVxPHr
sSOh7CxmIvuKq3PSHcHCmXJrlahyIbR7LOrqEKGHgWtG+/tGO8dbhg3D/a0VrGuL
mVJDfwijqI5GaJpzouaDXUtww4/C3hKe+xJDg2L1L+cFG0EW0Tl2aaOxwkhcQ+vt
okRJy3kciuZi/rfH4pC2jkrQ4kOpJZ0qE/M8qcqNDtABBxqDfs6CseHAKAjpX1Cq
DYn0iDYMdavRVKyH/9i6Fg8/r4bahjqhcTQYcY4FSQHJnZzz3oqg924aP1WzG9GU
2XVFhrcDTsB4J+uKIAwguXqBNurWbNnkTT0+1Bhjmd6zNTkt4wmXxtxmBwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFDvbZy0Carj2+8dDX9u1eByaCpZWMB8GA1UdIwQY
MBaAFM/qznFMKVaO8ZcAexQdEnWMxBXVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMt
OGZkMzk0YjUzNTdjLzEvTzl0bkxRSnF1UGI3eDBOZjI3VjRISm9LbGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMtOGZkMzk0YjUzNTdj
LzEvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQCuTjUAwQC
uTmoAwQDvEGYAwQBwSl2AwQAwYpKAwQBwf7AAwQAw04kMBQEAgACMA4DBQAqAUQA
AwUAKgJRIDANBgkqhkiG9w0BAQsFAAOCAQEAeySMNnoxQtTalSjJ213Jm650uAXw
rZp5EcrqXGSxfi6HzWitmfShtG6QkwEgfCK3QqtUYUUbIrTQceSJeardHMAlX9/2
Kl78D01zYDK0lzuWs4f0bfVNc4LRS/HSAH14V/7KokM07T4n11LG+R8F04TgVFOs
AKpv15c5SVS3qtC+LJyVSndO79oTRl9qDZ4y8IasmRqSZAAUyIaD1QFNmBhR3tWM
L3MPZrGimU0cACT6S8/ZF6fWxPWrMWFG0fIk9VgbMmLJPh1Ir60lSG88ZQwkhxQj
6IFSlAenO4dzFTmJwBgRdJ0rNxNeaSQ+tIW8htcXC5BPJeWXJ6WE6xnePw==
-----END CERTIFICATE-----
Generated at Sat Jun 29 00:56:49 2024 by rpki-client on console-fra.rpki-client.org