Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hhz_9MhBsu9XH9d6bVs80ovGEXY.roa
File: hhz_9MhBsu9XH9d6bVs80ovGEXY.roa (raw, json)
Hash identifier: SpIfRxMWGbCboDkGgW8z/sSNXmbUHAiQhXEkoOvNL2c=
Subject key identifier: 86:1C:FF:F4:C8:41:B2:EF:57:1F:D7:7A:6D:5B:3C:D2:8B:C6:11:76
Certificate issuer: /CN=845d042f65e1b1303a44e43e0e02748a75837b44
Certificate serial: 018CC6B8034A048BDED378601DACFC042CC8
Authority key identifier: 84:5D:04:2F:65:E1:B1:30:3A:44:E4:3E:0E:02:74:8A:75:83:7B:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hhz_9MhBsu9XH9d6bVs80ovGEXY.roa
Signing time: Mon 01 Jan 2024 20:29:57 +0000
ROA not before: Mon 01 Jan 2024 20:29:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207604
IP address blocks: 185.241.212.0/24 maxlen: 24
185.119.90.0/24 maxlen: 24
185.119.91.0/24 maxlen: 24
185.119.88.0/24 maxlen: 24
185.119.89.0/24 maxlen: 24
2a0c:bf80:5a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 26 Apr 2024 22:01:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b8:03:4a:04:8b:de:d3:78:60:1d:ac:fc:04:2c:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=845d042f65e1b1303a44e43e0e02748a75837b44
Validity
Not Before: Jan 1 20:29:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=861cfff4c841b2ef571fd77a6d5b3cd28bc61176
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:0d:33:6b:77:b9:7e:de:7c:fb:f1:11:56:39:
10:4d:cb:6f:c2:ea:2c:1a:4d:72:f5:6a:55:72:ae:
3a:db:ba:27:d2:a5:54:ba:83:6d:b6:66:09:55:eb:
f1:d9:3d:f6:5a:0b:25:30:5f:fe:e9:5b:34:4e:5d:
fa:9c:c7:b4:8a:e0:eb:d7:d8:39:d4:a3:a3:08:f7:
50:25:e0:7d:42:8f:1b:08:e6:f1:ed:ea:aa:01:59:
76:90:61:4f:06:af:4c:90:e5:c2:a9:fa:47:0d:7c:
30:af:c7:83:d6:1c:98:4d:22:1b:3a:a1:50:a9:90:
09:7b:10:17:77:10:ef:2e:3e:9c:6d:0b:8b:98:4f:
b9:ab:00:f1:18:f1:0d:33:39:13:dd:20:f0:bc:f0:
dc:44:c4:0b:46:6c:b3:56:8e:63:80:9b:51:ba:60:
b3:16:1b:0c:0a:db:11:2a:ee:23:6b:f8:4d:ab:91:
df:09:78:0f:de:7f:0e:c6:01:e9:f0:3b:e1:60:99:
cf:82:4b:6f:04:be:58:4c:aa:5e:12:51:e5:de:91:
be:85:79:b1:87:5b:4b:6a:bc:42:ae:2c:db:42:8d:
99:85:0e:2a:29:44:55:a5:4a:ec:33:9b:e9:ed:25:
d4:de:ca:b3:b3:cc:5b:da:38:b4:35:0d:ab:8a:33:
e4:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:1C:FF:F4:C8:41:B2:EF:57:1F:D7:7A:6D:5B:3C:D2:8B:C6:11:76
X509v3 Authority Key Identifier:
keyid:84:5D:04:2F:65:E1:B1:30:3A:44:E4:3E:0E:02:74:8A:75:83:7B:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hhz_9MhBsu9XH9d6bVs80ovGEXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.119.88.0/22
185.241.212.0/24
IPv6:
2a0c:bf80:5a::/48
Signature Algorithm: sha256WithRSAEncryption
23:0b:07:02:b6:8c:bf:7d:81:6c:ec:ad:4c:56:f5:26:0c:2c:
14:7b:59:e0:f0:5b:b9:17:a0:69:84:78:d1:18:d6:70:dd:f2:
81:84:3a:78:d0:a7:1c:e6:09:b6:b7:ed:55:c6:e5:c1:cf:2e:
b2:d3:12:aa:b9:d3:20:ab:2b:4f:4d:5e:30:73:68:b2:d9:85:
f9:8a:b0:1f:1e:e5:55:03:48:bc:60:15:97:a5:65:b9:df:e8:
a4:80:e9:01:bd:e5:3f:d4:3d:e5:c8:ec:d4:72:a3:22:9f:39:
df:54:f3:62:13:da:b7:ca:b7:71:16:a5:b8:ef:dd:9d:4d:52:
30:6c:d6:67:5d:fa:38:3e:ad:43:1a:fc:2e:bb:ff:b1:06:26:
99:c6:54:13:af:63:33:63:be:0b:55:0b:24:7d:3a:38:32:35:
9f:40:d5:21:0c:57:01:e4:09:a4:2f:93:36:40:47:47:1a:70:
93:11:69:e4:65:87:65:3b:12:ae:ad:d6:64:d9:fd:ad:c6:7a:
f6:4a:19:41:9a:74:65:c4:94:e7:18:df:92:69:0d:e2:f6:11:
57:f4:37:29:c5:27:a8:70:e6:86:76:ad:fa:c4:ae:79:cc:d3:
f4:48:0d:95:d5:4b:95:64:0d:e3:e1:7d:fd:82:32:dd:88:ca:
53:c9:23:ee
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGuANKBIve03hgHaz8BCzIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWQwNDJmNjVlMWIxMzAzYTQ0ZTQzZTBlMDI3NDhhNzU4
MzdiNDQwHhcNMjQwMTAxMjAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjFjZmZmNGM4NDFiMmVmNTcxZmQ3N2E2ZDViM2NkMjhiYzYxMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQ0za3e5ft58+/ERVjkQTctvwuos
Gk1y9WpVcq4627on0qVUuoNttmYJVevx2T32WgslMF/+6Vs0Tl36nMe0iuDr19g5
1KOjCPdQJeB9Qo8bCObx7eqqAVl2kGFPBq9MkOXCqfpHDXwwr8eD1hyYTSIbOqFQ
qZAJexAXdxDvLj6cbQuLmE+5qwDxGPENMzkT3SDwvPDcRMQLRmyzVo5jgJtRumCz
FhsMCtsRKu4ja/hNq5HfCXgP3n8OxgHp8DvhYJnPgktvBL5YTKpeElHl3pG+hXmx
h1tLarxCrizbQo2ZhQ4qKURVpUrsM5vp7SXU3sqzs8xb2ji0NQ2rijPk6QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIYc//TIQbLvVx/Xem1bPNKLxhF2MB8GA1UdIwQY
MBaAFIRdBC9l4bEwOkTkPg4CdIp1g3tEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEYwRUwyWGhzVEE2Uk9RLURnSjBpbldEZTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85NmRiY2QtNmEzOS00YzIwLTkxMjgt
ZDhjMzUxZDkzZWM2LzEvaGh6XzlNaEJzdTlYSDlkNmJWczgwb3ZHRVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85NmRiY2QtNmEzOS00YzIwLTkxMjgtZDhjMzUxZDkzZWM2
LzEvaEYwRUwyWGhzVEE2Uk9RLURnSjBpbldEZTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCuXdYAwQA
ufHUMA8EAgACMAkDBwAqDL+AAFowDQYJKoZIhvcNAQELBQADggEBACMLBwK2jL99
gWzsrUxW9SYMLBR7WeDwW7kXoGmEeNEY1nDd8oGEOnjQpxzmCba37VXG5cHPLrLT
Eqq50yCrK09NXjBzaLLZhfmKsB8e5VUDSLxgFZelZbnf6KSA6QG95T/UPeXI7NRy
oyKfOd9U82IT2rfKt3EWpbjv3Z1NUjBs1mdd+jg+rUMa/C67/7EGJpnGVBOvYzNj
vgtVCyR9OjgyNZ9A1SEMVwHkCaQvkzZAR0cacJMRaeRlh2U7Eq6t1mTZ/a3GevZK
GUGadGXElOcY35JpDeL2EVf0NynFJ6hw5oZ2rfrErnnM0/RIDZXVS5VkDePhff2C
Mt2IylPJI+4=
-----END CERTIFICATE-----
Generated at Fri Apr 26 06:50:08 2024 by rpki-client on console-ams.rpki-client.org