Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/xT-SQzIaLqX-FN75C4yTGXs_4kQ.roa
File: xT-SQzIaLqX-FN75C4yTGXs_4kQ.roa (raw, json)
Hash identifier: OYl5hhgp+BxfE6mh7uwPzulfGXc+oP3IXCm8rLCx6b8=
Subject key identifier: C5:3F:92:43:32:1A:2E:A5:FE:14:DE:F9:0B:8C:93:19:7B:3F:E2:44
Certificate issuer: /CN=668d7f75ef42f0bd71aa9c66668e0a33dbe1634f
Certificate serial: 018CC56DE7E4C09CE05C2EF67A54043AC372
Authority key identifier: 66:8D:7F:75:EF:42:F0:BD:71:AA:9C:66:66:8E:0A:33:DB:E1:63:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zo1_de9C8L1xqpxmZo4KM9vhY08.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/xT-SQzIaLqX-FN75C4yTGXs_4kQ.roa
Signing time: Mon 01 Jan 2024 14:29:23 +0000
ROA not before: Mon 01 Jan 2024 14:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198089
IP address blocks: 185.46.28.0/22 maxlen: 24
85.222.240.0/20 maxlen: 24
141.136.120.0/21 maxlen: 24
157.97.192.0/18 maxlen: 24
2a01:8580::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/Zo1_de9C8L1xqpxmZo4KM9vhY08.crl
rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/Zo1_de9C8L1xqpxmZo4KM9vhY08.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zo1_de9C8L1xqpxmZo4KM9vhY08.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 05:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6d:e7:e4:c0:9c:e0:5c:2e:f6:7a:54:04:3a:c3:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=668d7f75ef42f0bd71aa9c66668e0a33dbe1634f
Validity
Not Before: Jan 1 14:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c53f9243321a2ea5fe14def90b8c93197b3fe244
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:9a:69:48:d4:a7:20:55:02:14:b7:ab:80:93:
d2:29:9b:cd:4d:84:43:4a:61:01:21:0c:c7:be:9e:
f4:7b:75:c3:9c:c3:9d:c7:8b:be:b6:ff:10:03:b4:
93:f3:5d:07:58:fd:94:ba:55:d3:84:7c:85:27:f5:
c0:0b:85:fd:9c:28:5f:4d:43:1b:fb:2a:f9:28:14:
9b:06:60:49:19:92:98:24:e0:56:bc:b6:cb:5a:5c:
3e:1c:b2:5a:32:d5:36:7d:d8:a5:66:8f:65:5c:a7:
08:7c:6c:c8:e8:71:c9:86:d1:94:c5:22:00:18:82:
c6:ab:e3:78:61:4e:cb:7d:af:b8:4c:6c:8c:25:d5:
dc:bd:1e:3a:0a:a5:ff:ee:e0:e3:ef:24:9d:a6:b8:
d7:a4:46:fe:3e:7f:50:cf:36:c8:62:99:ab:9f:e6:
63:26:c3:bf:7d:63:e4:4e:a3:e4:c1:ae:07:57:af:
07:3c:64:0a:3a:fa:ed:e2:c6:26:f8:04:46:f6:82:
94:2d:d4:f1:de:3e:8a:c9:4b:9f:8d:d2:57:fa:a2:
66:fe:0d:e3:e6:d1:19:79:cc:51:ea:b8:9f:dc:58:
ea:15:11:98:e6:d1:e9:65:ac:82:93:2e:16:39:9f:
05:6e:5a:4f:87:0f:f6:03:50:21:7f:9f:ab:b9:ca:
cc:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:3F:92:43:32:1A:2E:A5:FE:14:DE:F9:0B:8C:93:19:7B:3F:E2:44
X509v3 Authority Key Identifier:
keyid:66:8D:7F:75:EF:42:F0:BD:71:AA:9C:66:66:8E:0A:33:DB:E1:63:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo1_de9C8L1xqpxmZo4KM9vhY08.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/xT-SQzIaLqX-FN75C4yTGXs_4kQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/Zo1_de9C8L1xqpxmZo4KM9vhY08.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.222.240.0/20
141.136.120.0/21
157.97.192.0/18
185.46.28.0/22
IPv6:
2a01:8580::/32
Signature Algorithm: sha256WithRSAEncryption
79:27:02:1a:aa:45:4e:12:52:6a:29:e8:72:85:72:ca:ba:8a:
70:7d:d5:5f:9d:6f:7c:a7:91:4d:17:9f:df:c4:47:11:5a:22:
f8:1a:fa:bb:77:54:8f:bb:65:61:b3:11:df:67:f9:91:d3:21:
96:08:f0:d2:39:3f:1b:42:98:d7:30:6d:0e:b1:fd:88:49:95:
14:a4:35:bf:ba:72:35:71:bc:1c:03:92:65:8a:16:6f:b2:0f:
6f:8a:6b:8b:1d:41:dd:50:9b:4e:29:60:82:e4:5e:c8:ea:da:
31:ca:be:e9:3b:65:b1:76:7e:27:b0:cb:cd:f6:5b:03:c6:0a:
11:2f:04:22:7a:3f:7d:4a:c9:36:7e:81:96:b4:aa:d7:33:c8:
ca:62:2a:4d:bf:1c:4e:5b:14:df:bb:c4:3b:55:e9:1a:db:10:
f1:af:3d:3d:7e:e7:58:f7:f4:d4:10:83:8c:27:c1:83:f4:9a:
d5:ef:86:eb:46:bd:2d:f4:02:cb:08:11:6d:1b:ac:f0:83:83:
8c:58:0d:5c:03:36:31:6b:e2:76:f5:39:e5:28:7c:d3:55:89:
4c:c2:40:7c:27:e5:ac:a5:af:d2:3d:8c:78:0f:cf:74:a1:fe:
5e:e4:3f:a4:52:85:d8:cd:eb:94:74:7b:91:07:2b:6b:d3:f1:
5a:43:81:ec
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzFbefkwJzgXC72elQEOsNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGQ3Zjc1ZWY0MmYwYmQ3MWFhOWM2NjY2OGUwYTMzZGJl
MTYzNGYwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTNmOTI0MzMyMWEyZWE1ZmUxNGRlZjkwYjhjOTMxOTdiM2ZlMjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJppSNSnIFUCFLergJPSKZvNTYRD
SmEBIQzHvp70e3XDnMOdx4u+tv8QA7ST810HWP2UulXThHyFJ/XAC4X9nChfTUMb
+yr5KBSbBmBJGZKYJOBWvLbLWlw+HLJaMtU2fdilZo9lXKcIfGzI6HHJhtGUxSIA
GILGq+N4YU7Lfa+4TGyMJdXcvR46CqX/7uDj7ySdprjXpEb+Pn9QzzbIYpmrn+Zj
JsO/fWPkTqPkwa4HV68HPGQKOvrt4sYm+ARG9oKULdTx3j6KyUufjdJX+qJm/g3j
5tEZecxR6rif3FjqFRGY5tHpZayCky4WOZ8FblpPhw/2A1Ahf5+rucrMuwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMU/kkMyGi6l/hTe+QuMkxl7P+JEMB8GA1UdIwQY
MBaAFGaNf3XvQvC9caqcZmaOCjPb4WNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm8xX2RlOUM4TDF4cXB4bVpvNEtNOXZoWTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81M2Y3NWUtNDJiOS00ZmFlLWIxYmUt
MjZlN2YzZjJiMTFlLzEveFQtU1F6SWFMcVgtRk43NUM0eVRHWHNfNGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81M2Y3NWUtNDJiOS00ZmFlLWIxYmUtMjZlN2YzZjJiMTFl
LzEvWm8xX2RlOUM4TDF4cXB4bVpvNEtNOXZoWTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEVd7wAwQD
jYh4AwQGnWHAAwQCuS4cMA0EAgACMAcDBQAqAYWAMA0GCSqGSIb3DQEBCwUAA4IB
AQB5JwIaqkVOElJqKehyhXLKuopwfdVfnW98p5FNF5/fxEcRWiL4Gvq7d1SPu2Vh
sxHfZ/mR0yGWCPDSOT8bQpjXMG0Osf2ISZUUpDW/unI1cbwcA5JlihZvsg9vimuL
HUHdUJtOKWCC5F7I6toxyr7pO2Wxdn4nsMvN9lsDxgoRLwQiej99Ssk2foGWtKrX
M8jKYipNvxxOWxTfu8Q7Veka2xDxrz09fudY9/TUEIOMJ8GD9JrV74brRr0t9ALL
CBFtG6zwg4OMWA1cAzYxa+J29TnlKHzTVYlMwkB8J+Wspa/SPYx4D890of5e5D+k
UoXYzeuUdHuRBytr0/FaQ4Hs
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:44:41 2024 by rpki-client on console-ams.rpki-client.org