Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/Z0i4huEfMhEUiO6EBJC9azDFiYE.roa
File: Z0i4huEfMhEUiO6EBJC9azDFiYE.roa (raw, json)
Hash identifier: cwXSY0qBr7nWMmKsJySjnRk/uQop1u8JhLqLZKc7mS4=
Subject key identifier: 67:48:B8:86:E1:1F:32:11:14:88:EE:84:04:90:BD:6B:30:C5:89:81
Certificate issuer: /CN=acf910f36291c3c224ddb596d956543197f163de
Certificate serial: 018CC7272276A9EA4A12C1FBF7D90B30A5B2
Authority key identifier: AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/Z0i4huEfMhEUiO6EBJC9azDFiYE.roa
Signing time: Mon 01 Jan 2024 22:31:19 +0000
ROA not before: Mon 01 Jan 2024 22:31:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201071
IP address blocks: 217.147.125.0/24 maxlen: 24
217.147.124.0/22 maxlen: 22
217.147.124.0/24 maxlen: 24
217.147.122.0/24 maxlen: 24
217.147.121.0/24 maxlen: 24
217.147.120.0/24 maxlen: 24
217.147.127.0/24 maxlen: 24
217.147.126.0/24 maxlen: 24
92.249.5.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.mft
rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 10:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:22:76:a9:ea:4a:12:c1:fb:f7:d9:0b:30:a5:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=acf910f36291c3c224ddb596d956543197f163de
Validity
Not Before: Jan 1 22:31:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6748b886e11f32111488ee840490bd6b30c58981
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:9d:45:98:a8:65:f0:07:5f:d1:f3:d8:95:49:
e3:8e:ff:db:2c:1d:87:0d:ee:28:22:62:73:93:8c:
bd:cd:af:a5:ed:3a:c1:93:16:c9:ee:fd:15:e0:f1:
d9:af:b4:87:7e:74:43:16:26:e9:8e:e8:ea:ea:5e:
be:ac:bf:0c:35:aa:fc:fd:7c:f8:fe:aa:3c:73:4f:
fb:df:2c:43:bb:97:c5:58:fa:b5:53:83:51:b8:f2:
5d:7f:24:ea:f6:73:db:a2:0b:3a:6d:72:b0:8e:05:
7c:43:d7:ce:dd:c5:31:86:d5:d5:b8:3b:b4:1b:8b:
ee:ff:fc:69:d0:ee:50:11:32:29:ff:3e:7f:13:21:
6c:9e:65:c0:23:f4:36:a0:9a:59:80:e4:35:9e:13:
4b:53:36:d5:34:2d:e4:51:1e:c4:a0:4f:e9:b9:df:
17:05:25:d7:ad:4d:43:1c:5a:07:ff:96:fc:48:d9:
ae:c4:7f:8a:ee:c6:86:b0:6c:7b:b5:03:5f:94:49:
36:57:78:81:56:0e:8b:05:70:5b:33:c5:22:d5:73:
c7:a4:12:0b:8a:ab:f3:ed:d2:6a:b6:8d:67:40:f1:
ed:24:3a:90:82:54:36:e4:99:e3:72:07:6e:8d:d4:
a2:23:2f:82:f0:e3:86:0a:6d:a8:52:4b:16:36:52:
fa:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:48:B8:86:E1:1F:32:11:14:88:EE:84:04:90:BD:6B:30:C5:89:81
X509v3 Authority Key Identifier:
keyid:AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/Z0i4huEfMhEUiO6EBJC9azDFiYE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.249.5.0/24
217.147.120.0-217.147.122.255
217.147.124.0/22
Signature Algorithm: sha256WithRSAEncryption
43:cd:d1:02:9d:eb:c9:44:3c:72:14:a9:3e:df:5f:95:60:cb:
a1:0b:f1:41:e3:4c:54:e9:ae:dd:78:a2:09:c4:69:79:34:82:
c2:96:fe:30:8f:e7:be:47:aa:97:ae:72:60:4e:70:79:b9:ce:
5c:49:6e:fd:5e:bc:cc:08:5f:ae:86:5c:54:a1:b3:e2:28:40:
46:3b:f6:3d:fb:82:f8:de:86:b5:d5:8d:0d:62:ff:bf:bb:78:
3f:02:ea:15:10:ff:80:8b:35:78:d1:f2:44:b6:10:a3:ae:a7:
fe:ea:3f:5b:7e:7b:c9:10:2c:38:1d:c6:96:e3:9b:94:d6:c4:
d7:e4:8c:bd:7c:0b:c7:fe:a4:72:d5:78:b2:c4:c6:71:a3:81:
36:15:c0:21:55:41:20:ad:e6:d0:23:84:b0:ef:ab:88:fe:6c:
34:c8:bf:e8:70:4e:3b:43:0d:f8:e0:06:91:01:67:8a:99:53:
94:7e:59:c7:c1:b3:4e:a7:8f:f2:bb:50:04:9d:b3:d1:17:89:
09:82:ea:b6:b5:6a:8c:56:44:9f:f6:03:c8:ea:3a:12:f8:c1:
40:33:85:70:29:e3:c8:60:43:03:e2:79:c5:67:ef:f7:71:da:
f0:54:11:ae:d1:36:0e:67:11:2e:46:91:d0:ad:c3:df:65:fe:
eb:99:5e:de
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzHJyJ2qepKEsH799kLMKWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZjkxMGYzNjI5MWMzYzIyNGRkYjU5NmQ5NTY1NDMxOTdm
MTYzZGUwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQ4Yjg4NmUxMWYzMjExMTQ4OGVlODQwNDkwYmQ2YjMwYzU4OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ1FmKhl8Adf0fPYlUnjjv/bLB2H
De4oImJzk4y9za+l7TrBkxbJ7v0V4PHZr7SHfnRDFibpjujq6l6+rL8MNar8/Xz4
/qo8c0/73yxDu5fFWPq1U4NRuPJdfyTq9nPbogs6bXKwjgV8Q9fO3cUxhtXVuDu0
G4vu//xp0O5QETIp/z5/EyFsnmXAI/Q2oJpZgOQ1nhNLUzbVNC3kUR7EoE/pud8X
BSXXrU1DHFoH/5b8SNmuxH+K7saGsGx7tQNflEk2V3iBVg6LBXBbM8Ui1XPHpBIL
iqvz7dJqto1nQPHtJDqQglQ25JnjcgdujdSiIy+C8OOGCm2oUksWNlL6uQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGdIuIbhHzIRFIjuhASQvWswxYmBMB8GA1UdIwQY
MBaAFKz5EPNikcPCJN21ltlWVDGX8WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQt
ZDNiNThmNjk4MTQ4LzEvWjBpNGh1RWZNaEVVaU82RUJKQzlhekRGaVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQtZDNiNThmNjk4MTQ4
LzEvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAXPkFMAwD
BAPZk3gDBADZk3oDBALZk3wwDQYJKoZIhvcNAQELBQADggEBAEPN0QKd68lEPHIU
qT7fX5Vgy6EL8UHjTFTprt14ognEaXk0gsKW/jCP575HqpeucmBOcHm5zlxJbv1e
vMwIX66GXFShs+IoQEY79j37gvjehrXVjQ1i/7+7eD8C6hUQ/4CLNXjR8kS2EKOu
p/7qP1t+e8kQLDgdxpbjm5TWxNfkjL18C8f+pHLVeLLExnGjgTYVwCFVQSCt5tAj
hLDvq4j+bDTIv+hwTjtDDfjgBpEBZ4qZU5R+WcfBs06nj/K7UASds9EXiQmC6ra1
aoxWRJ/2A8jqOhL4wUAzhXAp48hgQwPiecVn7/dx2vBUEa7RNg5nES5GkdCtw99l
/uuZXt4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:51:52 2024 by rpki-client on console-ams.rpki-client.org