Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/2bb603-f479-40cb-82d4-48d672973b13/1/rIGqTQFINwtepSqKiJyhSiCMU8w.roa
File: rIGqTQFINwtepSqKiJyhSiCMU8w.roa (raw, json)
Hash identifier: +7AZK/s9uGfTv5lAhKQMc8zr3SHw0nUVoVFHfx5Fv0I=
Subject key identifier: AC:81:AA:4D:01:48:37:0B:5E:A5:2A:8A:88:9C:A1:4A:20:8C:53:CC
Certificate issuer: /CN=1c37a9026e45b68fe4735a469b75636130ad125c
Certificate serial: 018CC9BC465A48841B33E6401446A783E481
Authority key identifier: 1C:37:A9:02:6E:45:B6:8F:E4:73:5A:46:9B:75:63:61:30:AD:12:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HDepAm5Fto_kc1pGm3VjYTCtElw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/2bb603-f479-40cb-82d4-48d672973b13/1/rIGqTQFINwtepSqKiJyhSiCMU8w.roa
Signing time: Tue 02 Jan 2024 10:33:28 +0000
ROA not before: Tue 02 Jan 2024 10:33:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210625
IP address blocks: 147.236.229.0/24 maxlen: 24
147.236.228.0/23 maxlen: 23
147.236.228.0/22 maxlen: 22
147.236.230.0/24 maxlen: 24
147.236.230.0/23 maxlen: 23
147.236.231.0/24 maxlen: 24
147.236.228.0/24 maxlen: 24
147.236.98.0/23 maxlen: 24
2a13:54c0::/29 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/95/2bb603-f479-40cb-82d4-48d672973b13/1/HDepAm5Fto_kc1pGm3VjYTCtElw.crl
rsync://rpki.ripe.net/repository/DEFAULT/95/2bb603-f479-40cb-82d4-48d672973b13/1/HDepAm5Fto_kc1pGm3VjYTCtElw.mft
rsync://rpki.ripe.net/repository/DEFAULT/HDepAm5Fto_kc1pGm3VjYTCtElw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 May 2024 23:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:46:5a:48:84:1b:33:e6:40:14:46:a7:83:e4:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c37a9026e45b68fe4735a469b75636130ad125c
Validity
Not Before: Jan 2 10:33:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ac81aa4d0148370b5ea52a8a889ca14a208c53cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:e9:28:8a:5f:20:73:33:44:e1:b8:d0:7c:75:
a5:a5:cd:98:8a:45:0d:52:c3:43:84:38:a6:61:12:
d3:ee:45:f1:03:c8:30:40:a8:5a:d7:75:d7:e3:65:
1c:6d:b4:75:f6:47:1f:9a:a1:d2:85:6f:0d:88:a0:
65:9e:bf:f8:21:d9:a6:9c:a3:2b:45:05:d1:e2:a3:
fc:48:a0:1b:9f:29:de:69:30:19:0d:5e:27:22:e8:
1c:8d:12:4d:ab:98:24:57:eb:80:80:ad:de:eb:0a:
35:56:77:5d:46:f6:c0:d5:48:5c:95:d0:02:91:25:
74:3a:b1:94:ec:12:94:b7:47:e9:17:d6:57:5c:9f:
dc:78:3a:b1:9b:b5:cb:87:28:81:c1:9c:b1:f5:d3:
04:ba:3e:dc:7f:a5:a4:7c:19:ee:39:79:a8:b6:50:
e9:fc:4b:9f:77:41:84:5a:d6:94:0d:96:23:33:38:
e3:33:1c:25:f2:38:0c:2b:c9:9b:c7:ea:e5:56:16:
95:0f:c8:65:83:85:11:35:b7:0f:45:6c:0b:ce:8a:
23:f7:bb:e2:5d:88:8f:51:2c:bb:19:9a:0c:67:22:
16:fa:98:ef:9e:f2:fc:c1:61:97:cf:35:2c:8a:cf:
11:09:02:db:7e:c5:c3:8b:00:4f:28:b8:84:89:1d:
e4:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:81:AA:4D:01:48:37:0B:5E:A5:2A:8A:88:9C:A1:4A:20:8C:53:CC
X509v3 Authority Key Identifier:
keyid:1C:37:A9:02:6E:45:B6:8F:E4:73:5A:46:9B:75:63:61:30:AD:12:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDepAm5Fto_kc1pGm3VjYTCtElw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/2bb603-f479-40cb-82d4-48d672973b13/1/rIGqTQFINwtepSqKiJyhSiCMU8w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/2bb603-f479-40cb-82d4-48d672973b13/1/HDepAm5Fto_kc1pGm3VjYTCtElw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.236.98.0/23
147.236.228.0/22
IPv6:
2a13:54c0::/29
Signature Algorithm: sha256WithRSAEncryption
76:96:d0:1f:41:00:02:9b:de:91:49:2c:a2:e8:eb:56:3d:e4:
af:35:a2:62:ea:49:04:0f:86:a7:ce:03:8b:7a:06:52:f5:30:
3c:a7:4b:e4:9b:53:68:ae:3b:e1:0b:4e:7d:50:94:3d:0c:6b:
95:c4:78:f1:88:1a:a2:e9:63:b5:49:9a:3d:e7:ef:58:fd:2f:
8e:32:2d:e9:3d:3e:e0:58:41:27:ad:1b:6f:e0:d4:c0:3d:e5:
de:e3:09:1c:43:38:e2:6a:b8:50:95:d5:6d:17:d7:c3:e0:76:
23:7b:89:bc:a2:a8:0d:16:d5:a9:30:ef:ff:43:5e:ff:28:d1:
ab:2b:74:fb:5b:37:1b:e0:7b:c4:c1:5f:07:d0:ec:58:19:4f:
19:71:df:6c:70:80:4d:7e:8d:55:d4:ec:d5:1a:67:41:b2:9b:
40:1d:6a:49:41:84:ab:7e:87:11:51:1f:fa:43:3d:02:6b:6d:
78:b8:16:b2:52:51:1e:1c:fe:48:86:b9:37:a4:67:65:a8:ca:
a9:dc:3c:2c:af:8b:82:28:8c:28:f0:7b:82:f0:30:f2:44:6b:
ee:25:70:b1:ac:92:9c:6b:03:05:2d:4d:ca:27:f4:f6:b0:c1:
64:d2:5f:43:af:0d:e5:ce:22:6e:3b:75:94:c1:02:f5:48:44:
13:40:36:2c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvEZaSIQbM+ZAFEang+SBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzdhOTAyNmU0NWI2OGZlNDczNWE0NjliNzU2MzYxMzBh
ZDEyNWMwHhcNMjQwMTAyMTAzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzgxYWE0ZDAxNDgzNzBiNWVhNTJhOGE4ODljYTE0YTIwOGM1M2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhekoil8gczNE4bjQfHWlpc2YikUN
UsNDhDimYRLT7kXxA8gwQKha13XX42UcbbR19kcfmqHShW8NiKBlnr/4IdmmnKMr
RQXR4qP8SKAbnyneaTAZDV4nIugcjRJNq5gkV+uAgK3e6wo1VnddRvbA1UhcldAC
kSV0OrGU7BKUt0fpF9ZXXJ/ceDqxm7XLhyiBwZyx9dMEuj7cf6WkfBnuOXmotlDp
/Eufd0GEWtaUDZYjMzjjMxwl8jgMK8mbx+rlVhaVD8hlg4URNbcPRWwLzooj97vi
XYiPUSy7GZoMZyIW+pjvnvL8wWGXzzUsis8RCQLbfsXDiwBPKLiEiR3k+QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKyBqk0BSDcLXqUqioicoUogjFPMMB8GA1UdIwQY
MBaAFBw3qQJuRbaP5HNaRpt1Y2EwrRJcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERlcEFtNUZ0b19rYzFwR20zVmpZVEN0RWx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8yYmI2MDMtZjQ3OS00MGNiLTgyZDQt
NDhkNjcyOTczYjEzLzEvcklHcVRRRklOd3RlcFNxS2lKeWhTaUNNVTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8yYmI2MDMtZjQ3OS00MGNiLTgyZDQtNDhkNjcyOTczYjEz
LzEvSERlcEFtNUZ0b19rYzFwR20zVmpZVEN0RWx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBk+xiAwQC
k+zkMA0EAgACMAcDBQMqE1TAMA0GCSqGSIb3DQEBCwUAA4IBAQB2ltAfQQACm96R
SSyi6OtWPeSvNaJi6kkED4anzgOLegZS9TA8p0vkm1NorjvhC059UJQ9DGuVxHjx
iBqi6WO1SZo95+9Y/S+OMi3pPT7gWEEnrRtv4NTAPeXe4wkcQzjiarhQldVtF9fD
4HYje4m8oqgNFtWpMO//Q17/KNGrK3T7Wzcb4HvEwV8H0OxYGU8Zcd9scIBNfo1V
1OzVGmdBsptAHWpJQYSrfocRUR/6Qz0Ca214uBayUlEeHP5Ihrk3pGdlqMqp3Dws
r4uCKIwo8HuC8DDyRGvuJXCxrJKcawMFLU3KJ/T2sMFk0l9Drw3lziJuO3WUwQL1
SEQTQDYs
-----END CERTIFICATE-----
Generated at Fri May 17 05:15:50 2024 by rpki-client on console-ams.rpki-client.org