Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/9ylaQjnh45Dmv-gj-1IND_XcfQg.roa
File: 9ylaQjnh45Dmv-gj-1IND_XcfQg.roa (raw, json)
Hash identifier: xoPodn42cQrz//DA3pB4uk2/DHkWxFDYyadsFteOjHs=
Subject key identifier: F7:29:5A:42:39:E1:E3:90:E6:BF:E8:23:FB:52:0D:0F:F5:DC:7D:08
Certificate issuer: /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial: 018CC9BCA3F29BC8BD5D77D42776CAAAE7C4
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/9ylaQjnh45Dmv-gj-1IND_XcfQg.roa
Signing time: Tue 02 Jan 2024 10:33:52 +0000
ROA not before: Tue 02 Jan 2024 10:33:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43679
IP address blocks: 78.28.0.0/24 maxlen: 24
93.94.17.0/24 maxlen: 24
93.94.16.0/21 maxlen: 21
93.94.16.0/22 maxlen: 22
93.94.22.0/24 maxlen: 24
93.94.20.0/23 maxlen: 23
93.94.23.0/24 maxlen: 24
2a02:e88::/48 maxlen: 48
2a02:e88::/32 maxlen: 32
2a02:e88::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl
rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.mft
rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 16 Jun 2024 05:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:a3:f2:9b:c8:bd:5d:77:d4:27:76:ca:aa:e7:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
Validity
Not Before: Jan 2 10:33:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f7295a4239e1e390e6bfe823fb520d0ff5dc7d08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:db:57:63:eb:58:68:dc:63:0c:87:d8:f3:3e:
a0:29:9b:78:9b:23:59:d4:fd:82:9b:6e:21:39:9c:
b3:a7:70:ae:2e:c8:c9:82:64:16:8a:d6:32:65:1e:
db:c0:42:7c:ca:64:ca:e7:36:22:b3:20:f5:44:e2:
e9:a0:43:b3:84:7f:a8:33:ab:21:ef:90:8b:f6:9c:
92:9c:00:b2:e9:5d:3e:8f:a7:83:2f:a0:a1:c1:00:
c2:ba:d2:ac:26:f8:6f:9d:c8:a4:c6:43:41:74:7e:
74:c0:4a:ee:4f:dd:eb:4a:7f:50:d0:c5:98:6a:6c:
72:af:72:ec:26:e7:d3:38:cf:13:e8:3f:11:10:dc:
e3:da:bf:09:ef:b8:49:1c:b2:23:51:df:c2:9f:61:
38:68:13:0f:96:41:44:d4:f4:1a:34:f9:d6:0f:fa:
e7:42:13:87:78:41:36:0c:93:5e:da:f1:65:c7:84:
2f:20:d3:a2:16:14:92:2c:94:d5:29:3c:86:86:1d:
75:99:f7:4c:73:eb:d8:ad:b3:4f:9c:5b:0f:46:e5:
44:d5:87:ce:5c:a3:2c:10:58:24:ed:87:8d:4d:44:
27:43:f9:c9:24:58:0b:5c:c0:d0:8e:27:10:b0:41:
5a:a9:2e:7c:39:aa:31:d1:eb:68:16:c1:d0:ad:88:
df:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:29:5A:42:39:E1:E3:90:E6:BF:E8:23:FB:52:0D:0F:F5:DC:7D:08
X509v3 Authority Key Identifier:
keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/9ylaQjnh45Dmv-gj-1IND_XcfQg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.28.0.0/24
93.94.16.0/21
IPv6:
2a02:e88::/32
Signature Algorithm: sha256WithRSAEncryption
25:42:69:5c:ba:7b:d2:a8:ef:d5:6d:53:98:1a:13:74:32:28:
19:bf:dc:4e:12:cd:7c:6b:27:21:5f:e3:a5:f0:71:80:3e:14:
8c:72:b4:e6:57:0c:d7:43:2f:1c:9d:6b:c7:6c:01:e1:d0:61:
fb:6b:f8:2a:fa:4a:34:d4:24:bb:7e:de:d2:3e:36:c5:50:12:
a5:9b:ab:b9:b2:21:75:ea:d4:c1:7a:87:00:70:c1:6e:50:eb:
10:69:95:19:08:6a:b9:98:6d:1b:40:ed:d3:68:8a:73:cc:b4:
7a:c7:cd:07:50:5f:c1:5f:2c:63:43:2b:a5:91:b8:69:64:a2:
e3:07:2b:70:ca:fa:a7:d2:47:fa:a7:10:0e:cd:6d:c4:f8:9f:
0e:d5:3e:70:fe:cd:5b:2d:f9:78:f7:85:75:18:52:37:9a:29:
64:ea:76:9d:7e:ce:5f:bb:c9:ff:b1:b9:b5:6f:3d:74:e8:82:
80:6d:1f:db:2a:b5:6e:46:dd:2d:2e:19:1f:7a:08:16:74:12:
49:b2:1b:7e:ac:8b:a9:77:25:f9:58:2d:26:9d:53:2e:b4:c4:
81:cb:90:a6:8a:04:78:24:31:97:9c:ef:3b:5e:cc:fb:9e:32:
ef:c5:00:6f:d3:a2:5e:e5:21:2a:de:6d:89:df:3d:63:b2:d6:
bd:fe:20:fb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvKPym8i9XXfUJ3bKqufEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzI5NWE0MjM5ZTFlMzkwZTZiZmU4MjNmYjUyMGQwZmY1ZGM3ZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9tXY+tYaNxjDIfY8z6gKZt4myNZ
1P2Cm24hOZyzp3CuLsjJgmQWitYyZR7bwEJ8ymTK5zYisyD1ROLpoEOzhH+oM6sh
75CL9pySnACy6V0+j6eDL6ChwQDCutKsJvhvncikxkNBdH50wEruT93rSn9Q0MWY
amxyr3LsJufTOM8T6D8RENzj2r8J77hJHLIjUd/Cn2E4aBMPlkFE1PQaNPnWD/rn
QhOHeEE2DJNe2vFlx4QvINOiFhSSLJTVKTyGhh11mfdMc+vYrbNPnFsPRuVE1YfO
XKMsEFgk7YeNTUQnQ/nJJFgLXMDQjicQsEFaqS58Oaox0etoFsHQrYjf4wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPcpWkI54eOQ5r/oI/tSDQ/13H0IMB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvOXlsYVFqbmg0NURtdi1nai0xSU5EX1hjZlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAThwAAwQD
XV4QMA0EAgACMAcDBQAqAg6IMA0GCSqGSIb3DQEBCwUAA4IBAQAlQmlcunvSqO/V
bVOYGhN0MigZv9xOEs18aychX+Ol8HGAPhSMcrTmVwzXQy8cnWvHbAHh0GH7a/gq
+ko01CS7ft7SPjbFUBKlm6u5siF16tTBeocAcMFuUOsQaZUZCGq5mG0bQO3TaIpz
zLR6x80HUF/BXyxjQyulkbhpZKLjBytwyvqn0kf6pxAOzW3E+J8O1T5w/s1bLfl4
94V1GFI3milk6nadfs5fu8n/sbm1bz106IKAbR/bKrVuRt0tLhkfeggWdBJJsht+
rIupdyX5WC0mnVMutMSBy5CmigR4JDGXnO87Xsz7njLvxQBv06Je5SEq3m2J3z1j
sta9/iD7
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:51:48 2024 by rpki-client on console-fra.rpki-client.org