Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/403ddd-c2d5-4b54-973a-2b7a794d5795/1/czLRANj2ss-HfCR3FJfBvfk_IRM.roa
File: czLRANj2ss-HfCR3FJfBvfk_IRM.roa (raw, json)
Hash identifier: 3GQqMWe0gHVJrT35KHOhK4B1iVY0RHIID02lQkpvAr0=
Subject key identifier: 73:32:D1:00:D8:F6:B2:CF:87:7C:24:77:14:97:C1:BD:F9:3F:21:13
Certificate issuer: /CN=002434c73a0eea22c6e441072e93db77c7e8a2f1
Certificate serial: 018CC500CA0CDC940A9F6E5FE71A1A06A53A
Authority key identifier: 00:24:34:C7:3A:0E:EA:22:C6:E4:41:07:2E:93:DB:77:C7:E8:A2:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ACQ0xzoO6iLG5EEHLpPbd8foovE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/403ddd-c2d5-4b54-973a-2b7a794d5795/1/czLRANj2ss-HfCR3FJfBvfk_IRM.roa
Signing time: Mon 01 Jan 2024 12:30:12 +0000
ROA not before: Mon 01 Jan 2024 12:30:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43366
IP address blocks: 217.21.192.0/20 maxlen: 24
185.12.144.0/22 maxlen: 24
91.194.224.0/23 maxlen: 24
185.37.124.0/22 maxlen: 24
2a00:8080::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8f/403ddd-c2d5-4b54-973a-2b7a794d5795/1/ACQ0xzoO6iLG5EEHLpPbd8foovE.crl
rsync://rpki.ripe.net/repository/DEFAULT/8f/403ddd-c2d5-4b54-973a-2b7a794d5795/1/ACQ0xzoO6iLG5EEHLpPbd8foovE.mft
rsync://rpki.ripe.net/repository/DEFAULT/ACQ0xzoO6iLG5EEHLpPbd8foovE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:ca:0c:dc:94:0a:9f:6e:5f:e7:1a:1a:06:a5:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=002434c73a0eea22c6e441072e93db77c7e8a2f1
Validity
Not Before: Jan 1 12:30:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7332d100d8f6b2cf877c24771497c1bdf93f2113
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:c5:7f:04:ea:fd:5a:b0:08:8f:e7:aa:c7:3a:
4d:15:60:42:85:d8:26:7b:c8:7e:d7:23:00:ae:1e:
e3:df:20:5b:f6:83:c5:48:98:a3:6b:33:0b:41:42:
69:d0:c0:d2:89:d9:99:63:ca:53:ae:08:7e:80:c9:
b7:53:43:9f:f8:b8:33:2d:ba:ee:f2:70:1f:85:78:
f9:5d:65:a9:73:c2:5c:ed:86:15:e9:85:6c:54:89:
02:ed:2c:a6:32:c1:a2:34:1d:d2:8b:1e:76:a0:09:
d9:25:e3:43:ca:9d:17:c1:2f:8c:51:7a:aa:8b:95:
f6:58:03:ca:7b:76:b6:24:de:b4:28:07:71:47:0d:
3a:97:30:fa:e5:a3:2b:8f:6f:88:c3:4e:08:4a:15:
ce:99:17:dc:32:93:8f:15:b8:f5:60:9a:0c:b5:51:
ec:4d:0f:de:f4:8b:0a:34:56:23:78:ae:80:53:2c:
29:3b:d4:27:9d:7b:10:80:f7:d3:29:7d:dd:0b:5d:
30:81:c7:f0:2a:9c:da:3a:8c:91:62:aa:ef:9e:0a:
f9:22:88:19:2e:43:f5:69:32:9a:6e:94:35:25:ba:
7a:eb:f3:e1:a7:8f:d2:04:fd:25:5d:c5:32:1a:b8:
cb:e0:3b:1b:f7:7d:2d:a9:f1:8e:c8:d7:87:45:16:
11:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:32:D1:00:D8:F6:B2:CF:87:7C:24:77:14:97:C1:BD:F9:3F:21:13
X509v3 Authority Key Identifier:
keyid:00:24:34:C7:3A:0E:EA:22:C6:E4:41:07:2E:93:DB:77:C7:E8:A2:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACQ0xzoO6iLG5EEHLpPbd8foovE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/403ddd-c2d5-4b54-973a-2b7a794d5795/1/czLRANj2ss-HfCR3FJfBvfk_IRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/403ddd-c2d5-4b54-973a-2b7a794d5795/1/ACQ0xzoO6iLG5EEHLpPbd8foovE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.224.0/23
185.12.144.0/22
185.37.124.0/22
217.21.192.0/20
IPv6:
2a00:8080::/32
Signature Algorithm: sha256WithRSAEncryption
5c:7d:15:11:db:45:5b:e4:35:87:5e:06:5b:79:75:79:39:de:
24:ac:e3:a4:1c:50:7f:c8:6a:1a:a2:91:28:06:66:15:5e:2d:
75:e1:c6:a2:8e:b3:4f:ed:33:ba:56:be:9a:fb:38:ed:83:ad:
dd:5e:40:bd:54:a9:81:1c:4d:5d:d3:e7:df:36:c2:b5:30:90:
dd:71:86:7f:05:47:69:11:f9:8f:df:ca:30:95:53:51:e7:2c:
5c:c8:41:2d:29:56:37:58:23:ee:be:0b:5b:47:ac:2c:df:21:
e1:62:83:b4:27:2d:04:00:24:3b:ab:ac:fb:4b:d6:89:13:7e:
df:2f:27:da:84:58:00:7c:6a:5f:fe:ee:45:4c:85:45:9d:f0:
2f:8a:f4:59:cc:38:6a:95:1c:21:4f:82:bd:5d:7c:86:e2:19:
28:7d:f0:fe:8a:93:41:7d:8b:16:77:4f:54:b0:f3:8b:52:6f:
df:1d:29:a0:48:7e:bc:11:ba:04:c1:17:29:66:88:89:b9:d6:
c0:39:e5:c2:9c:95:70:a9:13:1c:41:e2:c5:23:c7:60:ed:db:
4e:ae:3e:88:e4:71:ae:47:11:27:46:d8:66:c2:bb:37:2f:58:
52:1e:36:7a:f9:a5:f9:7c:a8:0a:20:1d:4d:ad:bf:47:ea:a6:
94:e8:77:fc
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzFAMoM3JQKn25f5xoaBqU6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjQzNGM3M2EwZWVhMjJjNmU0NDEwNzJlOTNkYjc3Yzdl
OGEyZjEwHhcNMjQwMTAxMTIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzMyZDEwMGQ4ZjZiMmNmODc3YzI0NzcxNDk3YzFiZGY5M2YyMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssV/BOr9WrAIj+eqxzpNFWBChdgm
e8h+1yMArh7j3yBb9oPFSJijazMLQUJp0MDSidmZY8pTrgh+gMm3U0Of+LgzLbru
8nAfhXj5XWWpc8Jc7YYV6YVsVIkC7SymMsGiNB3Six52oAnZJeNDyp0XwS+MUXqq
i5X2WAPKe3a2JN60KAdxRw06lzD65aMrj2+Iw04IShXOmRfcMpOPFbj1YJoMtVHs
TQ/e9IsKNFYjeK6AUywpO9QnnXsQgPfTKX3dC10wgcfwKpzaOoyRYqrvngr5IogZ
LkP1aTKabpQ1Jbp66/Php4/SBP0lXcUyGrjL4Dsb930tqfGOyNeHRRYRwQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHMy0QDY9rLPh3wkdxSXwb35PyETMB8GA1UdIwQY
MBaAFAAkNMc6DuoixuRBBy6T23fH6KLxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNRMHh6b082aUxHNUVFSExwUGJkOGZvb3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi80MDNkZGQtYzJkNS00YjU0LTk3M2Et
MmI3YTc5NGQ1Nzk1LzEvY3pMUkFOajJzcy1IZkNSM0ZKZkJ2ZmtfSVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi80MDNkZGQtYzJkNS00YjU0LTk3M2EtMmI3YTc5NGQ1Nzk1
LzEvQUNRMHh6b082aUxHNUVFSExwUGJkOGZvb3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBW8LgAwQC
uQyQAwQCuSV8AwQE2RXAMA0EAgACMAcDBQAqAICAMA0GCSqGSIb3DQEBCwUAA4IB
AQBcfRUR20Vb5DWHXgZbeXV5Od4krOOkHFB/yGoaopEoBmYVXi114caijrNP7TO6
Vr6a+zjtg63dXkC9VKmBHE1d0+ffNsK1MJDdcYZ/BUdpEfmP38owlVNR5yxcyEEt
KVY3WCPuvgtbR6ws3yHhYoO0Jy0EACQ7q6z7S9aJE37fLyfahFgAfGpf/u5FTIVF
nfAvivRZzDhqlRwhT4K9XXyG4hkoffD+ipNBfYsWd09UsPOLUm/fHSmgSH68EboE
wRcpZoiJudbAOeXCnJVwqRMcQeLFI8dg7dtOrj6I5HGuRxEnRthmwrs3L1hSHjZ6
+aX5fKgKIB1Nrb9H6qaU6Hf8
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:52:45 2024 by rpki-client on console-fra.rpki-client.org