Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/1YfMxf7zJdhT6emFCWW2_yFL8DM.roa
File: 1YfMxf7zJdhT6emFCWW2_yFL8DM.roa (raw, json)
Hash identifier: VVxUzCtWAerGP/buUGVpTQufFF8thtC7XUfBPSCavyU=
Subject key identifier: D5:87:CC:C5:FE:F3:25:D8:53:E9:E9:85:09:65:B6:FF:21:4B:F0:33
Certificate issuer: /CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Certificate serial: 019275B0778978E9356260A65476A4330065
Authority key identifier: 89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/1YfMxf7zJdhT6emFCWW2_yFL8DM.roa
Signing time: Thu 10 Oct 2024 09:09:12 +0000
ROA not before: Thu 10 Oct 2024 09:09:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203214
IP address blocks: 109.224.0.0/18 maxlen: 18
109.224.0.0/21 maxlen: 21
109.224.1.0/24 maxlen: 24
109.224.2.0/23 maxlen: 23
109.224.2.0/24 maxlen: 24
109.224.3.0/24 maxlen: 24
109.224.4.0/22 maxlen: 22
109.224.5.0/24 maxlen: 24
109.224.8.0/21 maxlen: 21
109.224.8.0/22 maxlen: 22
109.224.12.0/23 maxlen: 23
109.224.12.0/24 maxlen: 24
109.224.13.0/24 maxlen: 24
109.224.14.0/23 maxlen: 23
109.224.14.0/24 maxlen: 24
109.224.15.0/24 maxlen: 24
109.224.16.0/22 maxlen: 22
109.224.20.0/22 maxlen: 22
109.224.24.0/22 maxlen: 22
109.224.28.0/24 maxlen: 24
109.224.29.0/24 maxlen: 24
109.224.30.0/23 maxlen: 23
109.224.32.0/22 maxlen: 22
109.224.32.0/24 maxlen: 24
109.224.36.0/22 maxlen: 22
109.224.40.0/21 maxlen: 21
109.224.40.0/24 maxlen: 24
109.224.41.0/24 maxlen: 24
109.224.42.0/23 maxlen: 23
109.224.42.0/24 maxlen: 24
109.224.43.0/24 maxlen: 24
109.224.44.0/22 maxlen: 22
109.224.44.0/24 maxlen: 24
109.224.45.0/24 maxlen: 24
109.224.46.0/24 maxlen: 24
109.224.47.0/24 maxlen: 24
109.224.48.0/21 maxlen: 21
109.224.48.0/22 maxlen: 22
109.224.52.0/22 maxlen: 22
109.224.56.0/21 maxlen: 21
109.224.56.0/22 maxlen: 22
109.224.60.0/22 maxlen: 22
185.118.96.0/22 maxlen: 22
185.118.96.0/24 maxlen: 24
185.141.8.0/24 maxlen: 24
185.141.9.0/24 maxlen: 24
185.141.10.0/24 maxlen: 24
185.141.11.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.mft
rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:75:b0:77:89:78:e9:35:62:60:a6:54:76:a4:33:00:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Validity
Not Before: Oct 10 09:09:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d587ccc5fef325d853e9e9850965b6ff214bf033
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:92:55:ac:fd:5f:df:25:05:99:ed:c0:12:46:
3e:52:c7:f9:7a:b1:76:ea:6d:b1:2e:e0:e4:17:4f:
d8:bf:f0:4f:b0:56:fb:f7:f9:a6:d4:f1:57:b2:36:
d4:9b:f9:27:b7:80:8e:9c:dc:32:e3:52:f1:a4:ce:
33:82:96:09:98:70:a1:e8:f1:0d:a9:2d:93:63:c4:
ff:c6:00:62:59:f5:a7:04:02:16:59:ff:30:2c:7b:
46:9a:2b:38:fa:73:d1:82:45:4e:c1:dd:02:9e:70:
14:e9:10:1f:02:fa:6f:78:37:c5:5b:8a:49:79:a0:
2a:0d:fa:4a:56:1d:88:54:45:06:97:06:97:65:9b:
8f:90:30:d1:60:63:58:62:33:d6:1d:dd:be:bb:a5:
37:e8:9e:a4:1d:c5:22:59:4c:f0:81:8f:bb:87:d4:
2e:d5:97:b5:d2:ea:14:5d:10:72:21:47:69:1a:86:
67:bd:4e:42:5b:7a:56:15:4a:35:f8:3f:d6:d0:be:
8a:e3:bf:7d:60:ee:bf:61:64:88:35:04:e4:20:da:
1a:8f:6e:6b:3d:4d:8a:db:6f:ec:61:53:de:ff:0f:
15:37:2a:3b:67:31:d3:eb:f2:a4:14:c8:a0:5f:6b:
14:f7:4e:aa:c3:45:08:9e:f8:0a:be:fb:fc:b1:09:
dd:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:87:CC:C5:FE:F3:25:D8:53:E9:E9:85:09:65:B6:FF:21:4B:F0:33
X509v3 Authority Key Identifier:
keyid:89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/1YfMxf7zJdhT6emFCWW2_yFL8DM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.0.0/18
185.118.96.0/22
185.141.8.0/22
Signature Algorithm: sha256WithRSAEncryption
c0:a3:e2:2b:28:c9:89:9c:44:cc:5f:94:cc:b4:e6:7e:0b:d6:
fc:77:28:b8:06:01:93:4f:8b:3d:fc:b9:cd:1a:7d:72:50:81:
d0:f7:0e:81:08:c9:41:cb:cc:31:e0:e8:c4:c1:e1:82:fe:39:
f2:65:69:21:73:4d:2b:18:57:75:47:62:c8:e5:34:4e:91:98:
c3:f2:39:5c:3b:87:ca:db:9a:65:33:8b:17:a1:e5:47:8c:c4:
ba:c9:a6:20:91:85:38:54:12:95:a0:be:6b:02:51:2b:de:15:
f0:19:e8:5c:2b:3c:b5:fa:f2:bb:a3:51:78:60:1e:a9:22:a3:
a7:e5:75:17:5e:5a:69:01:ed:0c:6e:2f:80:ce:f4:92:a6:f2:
93:80:3e:b7:57:b0:50:de:b5:60:30:e3:27:d9:50:9e:5a:7a:
60:60:f5:61:fd:0c:48:fb:d2:94:14:e0:c7:9a:ac:b5:bc:91:
d8:fe:4a:a7:ac:f9:ca:e3:f9:53:c1:aa:ed:1f:76:91:f3:fa:
3c:91:a9:5d:cd:18:66:f8:86:10:13:0e:63:71:2e:00:77:e1:
98:0e:e3:cb:f2:6e:9b:4e:2b:93:f7:60:d1:30:87:ee:e7:ab:
bd:ff:2c:c4:b4:98:45:32:a4:dd:e6:17:da:db:66:4f:72:e8:
5c:b2:42:2a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJ1sHeJeOk1YmCmVHakMwBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmVkNmU0YjVjN2MxOWRiOThjNTc0MzJhZjRkY2Y2MzBi
ZjYwYWUwHhcNMjQxMDEwMDkwOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg3Y2NjNWZlZjMyNWQ4NTNlOWU5ODUwOTY1YjZmZjIxNGJmMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZJVrP1f3yUFme3AEkY+Usf5erF2
6m2xLuDkF0/Yv/BPsFb79/mm1PFXsjbUm/knt4COnNwy41LxpM4zgpYJmHCh6PEN
qS2TY8T/xgBiWfWnBAIWWf8wLHtGmis4+nPRgkVOwd0CnnAU6RAfAvpveDfFW4pJ
eaAqDfpKVh2IVEUGlwaXZZuPkDDRYGNYYjPWHd2+u6U36J6kHcUiWUzwgY+7h9Qu
1Ze10uoUXRByIUdpGoZnvU5CW3pWFUo1+D/W0L6K4799YO6/YWSINQTkINoaj25r
PU2K22/sYVPe/w8VNyo7ZzHT6/KkFMigX2sU906qw0UInvgKvvv8sQndlQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNWHzMX+8yXYU+nphQlltv8hS/AzMB8GA1UdIwQY
MBaAFIlu1uS1x8GduYxXQyr03PYwv2CuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYt
ZGMxZmY2NzQ2ZDJlLzEvMVlmTXhmN3pKZGhUNmVtRkNXVzJfeUZMOERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYtZGMxZmY2NzQ2ZDJl
LzEvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGbeAAAwQC
uXZgAwQCuY0IMA0GCSqGSIb3DQEBCwUAA4IBAQDAo+IrKMmJnETMX5TMtOZ+C9b8
dyi4BgGTT4s9/LnNGn1yUIHQ9w6BCMlBy8wx4OjEweGC/jnyZWkhc00rGFd1R2LI
5TROkZjD8jlcO4fK25plM4sXoeVHjMS6yaYgkYU4VBKVoL5rAlEr3hXwGehcKzy1
+vK7o1F4YB6pIqOn5XUXXlppAe0Mbi+AzvSSpvKTgD63V7BQ3rVgMOMn2VCeWnpg
YPVh/QxI+9KUFODHmqy1vJHY/kqnrPnK4/lTwartH3aR8/o8kaldzRhm+IYQEw5j
cS4Ad+GYDuPL8m6bTiuT92DRMIfu56u9/yzEtJhFMqTd5hfa22ZPcuhcskIq
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:51:50 2024 by rpki-client on console-fra.rpki-client.org