Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/kE6A2LUnA7lwpS_QzQuMhcUCHqk.roa
File: kE6A2LUnA7lwpS_QzQuMhcUCHqk.roa (raw, json)
Hash identifier: 3pHnoFwyPp0Z++i+iSkqzkEzH7R91NE5E/XWP/UrYfg=
Subject key identifier: 90:4E:80:D8:B5:27:03:B9:70:A5:2F:D0:CD:0B:8C:85:C5:02:1E:A9
Certificate issuer: /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial: 0191E014DB250EC197F88AB72B51F1C58B49
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/kE6A2LUnA7lwpS_QzQuMhcUCHqk.roa
Signing time: Wed 11 Sep 2024 07:55:48 +0000
ROA not before: Wed 11 Sep 2024 07:55:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21343
IP address blocks: 91.223.19.0/24 maxlen: 24
185.158.208.0/22 maxlen: 24
195.234.112.0/22 maxlen: 24
2a02:2278:ff00::/40 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.mft
rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e0:14:db:25:0e:c1:97:f8:8a:b7:2b:51:f1:c5:8b:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Validity
Not Before: Sep 11 07:55:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=904e80d8b52703b970a52fd0cd0b8c85c5021ea9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:07:08:90:f3:f7:cd:e5:38:ef:88:b5:40:40:
b8:eb:54:4c:19:06:77:8e:4b:f0:73:98:45:21:66:
4e:49:b0:d2:9f:02:cf:ea:b3:96:7d:d1:e0:7e:60:
63:31:22:5c:f7:09:d2:c8:33:38:09:ae:28:5d:0a:
9e:93:b0:cb:6a:58:82:71:4a:b4:1c:e7:60:be:68:
c6:52:14:11:6a:66:72:07:90:d0:8d:22:af:8c:17:
ea:00:5f:cf:0c:87:cd:4c:45:51:16:4d:10:3f:99:
6f:05:92:22:fb:4a:a4:e7:bc:b8:11:c0:ea:92:66:
af:20:ce:2c:66:5f:19:65:f8:cf:d7:cd:a6:19:1d:
c4:d3:02:71:31:7e:c7:5c:7f:33:f2:1b:77:61:52:
ff:07:6c:ec:27:7d:97:b7:97:86:07:2d:5d:48:c4:
1d:68:e7:b6:5e:93:f1:cc:fc:5f:3f:90:9e:b1:da:
22:28:ae:55:b0:1b:58:7b:ea:bd:00:2b:99:e3:12:
a0:ba:36:1b:97:77:35:6d:21:a9:8f:5d:c4:42:d6:
d0:e0:e7:7a:e6:22:16:97:da:a7:00:3e:85:29:cd:
99:9a:c2:52:ba:2b:99:5d:17:c8:27:ce:77:1c:40:
ca:aa:a2:96:84:52:a0:a3:fa:af:13:49:f5:bd:d1:
06:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:4E:80:D8:B5:27:03:B9:70:A5:2F:D0:CD:0B:8C:85:C5:02:1E:A9
X509v3 Authority Key Identifier:
keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/kE6A2LUnA7lwpS_QzQuMhcUCHqk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.223.19.0/24
185.158.208.0/22
195.234.112.0/22
IPv6:
2a02:2278:ff00::/40
Signature Algorithm: sha256WithRSAEncryption
51:71:cc:6d:12:14:d3:e1:16:ed:02:91:81:ff:11:29:6c:45:
c9:ea:1c:f1:fe:cb:09:40:a9:90:9f:01:1c:ec:3d:b4:59:d4:
38:0b:23:76:f5:a9:6b:3a:20:cf:1b:61:8a:c3:e3:71:23:1a:
1a:bd:ec:5e:0a:64:67:68:b5:f9:ee:87:f9:c2:6f:70:fe:fc:
ce:7b:64:c1:9c:db:25:79:41:83:6f:6b:d6:f1:c7:82:8b:8d:
33:26:de:f0:c2:fd:0a:b3:50:23:57:c6:10:36:2a:a1:7b:1b:
1e:9f:42:78:dd:fe:e4:15:f6:71:10:e2:f1:fc:0b:51:bc:dd:
c5:49:58:5b:39:89:21:f3:b7:b5:5c:b8:e8:bd:cc:17:49:f8:
fc:31:c6:50:ae:b6:87:82:26:a3:03:3a:64:08:39:25:70:97:
f5:c3:25:16:21:f3:bb:34:7f:c7:4c:26:6e:3e:f5:69:78:3a:
e5:ad:bd:70:6f:fe:9f:5f:10:f4:fd:ec:39:7a:96:f0:6b:ac:
31:03:74:59:c7:c3:4b:16:39:1d:6b:40:1b:b4:90:3c:63:40:
41:dd:ed:10:6e:dc:ab:e3:f2:20:a3:5d:9d:40:76:2b:cc:f5:
eb:8c:1b:27:7f:b4:93:e1:19:09:f2:7d:13:e8:cc:91:80:3e:
59:29:ee:b5
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZHgFNslDsGX+Iq3K1HxxYtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjQwOTExMDc1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRlODBkOGI1MjcwM2I5NzBhNTJmZDBjZDBiOGM4NWM1MDIxZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgcIkPP3zeU474i1QEC461RMGQZ3
jkvwc5hFIWZOSbDSnwLP6rOWfdHgfmBjMSJc9wnSyDM4Ca4oXQqek7DLaliCcUq0
HOdgvmjGUhQRamZyB5DQjSKvjBfqAF/PDIfNTEVRFk0QP5lvBZIi+0qk57y4EcDq
kmavIM4sZl8ZZfjP182mGR3E0wJxMX7HXH8z8ht3YVL/B2zsJ32Xt5eGBy1dSMQd
aOe2XpPxzPxfP5CesdoiKK5VsBtYe+q9ACuZ4xKgujYbl3c1bSGpj13EQtbQ4Od6
5iIWl9qnAD6FKc2ZmsJSuiuZXRfIJ853HEDKqqKWhFKgo/qvE0n1vdEGeQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFJBOgNi1JwO5cKUv0M0LjIXFAh6pMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEva0U2QTJMVW5BN2x3cFNfUXpRdU1oY1VDSHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQAW98TAwQC
uZ7QAwQCw+pwMA4EAgACMAgDBgAqAiJ4/zANBgkqhkiG9w0BAQsFAAOCAQEAUXHM
bRIU0+EW7QKRgf8RKWxFyeoc8f7LCUCpkJ8BHOw9tFnUOAsjdvWpazogzxthisPj
cSMaGr3sXgpkZ2i1+e6H+cJvcP78zntkwZzbJXlBg29r1vHHgouNMybe8ML9CrNQ
I1fGEDYqoXsbHp9CeN3+5BX2cRDi8fwLUbzdxUlYWzmJIfO3tVy46L3MF0n4/DHG
UK62h4ImowM6ZAg5JXCX9cMlFiHzuzR/x0wmbj71aXg65a29cG/+n18Q9P3sOXqW
8GusMQN0WcfDSxY5HWtAG7SQPGNAQd3tEG7cq+PyIKNdnUB2K8z164wbJ3+0k+EZ
CfJ9E+jMkYA+WSnutQ==
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:48:10 2024 by rpki-client on console-fra.rpki-client.org