Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/KNj5kJu6rZdWQcJ2FthKCYSpPBM.roa
File: KNj5kJu6rZdWQcJ2FthKCYSpPBM.roa (raw, json)
Hash identifier: hd+UaiLhtSbo62vr/zhZPeUih2DtZneuPqZl6I3YRmE=
Subject key identifier: 28:D8:F9:90:9B:BA:AD:97:56:41:C2:76:16:D8:4A:09:84:A9:3C:13
Certificate issuer: /CN=b60d6ca95e2770f55340d909ec7c97eeca3fe20e
Certificate serial: 018CC49317BCEFE9E58452D0E5CA43EAB033
Authority key identifier: B6:0D:6C:A9:5E:27:70:F5:53:40:D9:09:EC:7C:97:EE:CA:3F:E2:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tg1sqV4ncPVTQNkJ7HyX7so_4g4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/KNj5kJu6rZdWQcJ2FthKCYSpPBM.roa
Signing time: Mon 01 Jan 2024 10:30:23 +0000
ROA not before: Mon 01 Jan 2024 10:30:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31531
IP address blocks: 194.31.169.0/24 maxlen: 24
194.31.170.0/24 maxlen: 24
185.248.128.0/23 maxlen: 24
194.31.168.0/24 maxlen: 24
2a0d:e580::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/tg1sqV4ncPVTQNkJ7HyX7so_4g4.crl
rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/tg1sqV4ncPVTQNkJ7HyX7so_4g4.mft
rsync://rpki.ripe.net/repository/DEFAULT/tg1sqV4ncPVTQNkJ7HyX7so_4g4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 14:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:17:bc:ef:e9:e5:84:52:d0:e5:ca:43:ea:b0:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b60d6ca95e2770f55340d909ec7c97eeca3fe20e
Validity
Not Before: Jan 1 10:30:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=28d8f9909bbaad975641c27616d84a0984a93c13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:64:d3:54:f7:7c:12:0b:ed:6c:cb:8f:c4:da:
ad:4e:56:d4:c2:11:6e:dc:58:3e:31:53:0c:e4:38:
45:d8:9a:d9:57:55:ec:e7:80:30:f0:7d:59:64:18:
5e:06:67:37:a9:ee:79:6f:70:7b:0c:6d:ef:92:3c:
5a:90:d0:00:fc:c5:f6:92:44:80:3c:58:a4:ce:3f:
8f:6b:45:2e:85:d9:85:c9:06:7b:29:71:67:91:e8:
0d:6c:bd:c0:ce:05:57:2d:fa:b7:8a:ce:0e:82:b3:
52:61:bd:14:ac:09:dd:78:8a:b4:6c:84:5d:16:4e:
cb:88:eb:2e:e8:38:0a:27:e5:dd:a0:48:fb:4f:e7:
e4:34:db:c9:f3:10:2c:a5:0c:78:02:34:65:4c:3a:
c2:95:eb:00:b9:01:03:aa:a9:c3:96:c3:4d:f4:bb:
cf:5a:64:2a:ce:2c:65:52:c5:b5:e2:70:fc:18:04:
ed:c5:1b:eb:6e:f0:d9:67:5c:41:23:a9:d2:54:c9:
0b:6e:d4:fd:05:a7:75:d1:6f:3d:8a:03:a8:d8:2f:
96:67:9d:89:d4:e1:df:ea:f0:f0:72:df:78:ea:2a:
89:6e:a4:0a:8c:ff:86:62:e1:ee:af:81:96:45:da:
ed:2b:c9:ed:21:83:17:63:76:cf:e3:64:0c:83:72:
cb:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:D8:F9:90:9B:BA:AD:97:56:41:C2:76:16:D8:4A:09:84:A9:3C:13
X509v3 Authority Key Identifier:
keyid:B6:0D:6C:A9:5E:27:70:F5:53:40:D9:09:EC:7C:97:EE:CA:3F:E2:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tg1sqV4ncPVTQNkJ7HyX7so_4g4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/KNj5kJu6rZdWQcJ2FthKCYSpPBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/tg1sqV4ncPVTQNkJ7HyX7so_4g4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.248.128.0/23
194.31.168.0-194.31.170.255
IPv6:
2a0d:e580::/29
Signature Algorithm: sha256WithRSAEncryption
10:92:6d:00:a0:ca:e8:b6:61:85:e0:58:49:0f:a8:99:b5:f6:
16:43:87:20:3b:ba:df:fd:09:5e:1f:cb:80:f5:79:97:d1:59:
1b:bb:8e:00:3d:70:ef:5c:3e:fc:b7:2b:96:37:c3:b9:9a:73:
9c:41:52:f6:ba:ac:3c:8a:40:14:da:bc:fe:99:36:dc:3e:ae:
c4:38:58:12:4c:f2:66:6d:86:1f:e6:f5:ad:94:c4:52:40:2b:
b7:59:17:e1:f5:b4:95:44:74:ae:28:bb:8a:70:dc:2b:90:81:
dc:a1:55:11:71:a6:2d:b3:f2:75:4f:c9:73:68:b8:d0:41:62:
da:ca:2a:99:9a:e2:a4:c2:83:a0:de:25:9f:04:e5:48:17:7d:
44:07:82:17:86:6a:38:0c:09:c3:a6:b2:c3:11:62:5f:de:e3:
00:ce:03:37:4e:68:30:02:1e:58:d3:27:2c:d9:65:42:66:22:
d1:82:43:ce:b7:2b:4d:53:7e:e0:5d:ac:84:72:f6:5c:de:13:
bd:be:25:4a:0a:41:54:06:85:89:3a:82:a0:5b:70:de:6a:22:
3e:1b:34:43:67:39:c0:45:16:b8:1a:5c:5e:4b:63:4a:cb:27:
d7:59:c2:aa:d7:dd:08:19:ef:c4:bf:3a:4a:e6:16:c7:e7:02:
da:6a:ba:88
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzEkxe87+nlhFLQ5cpD6rAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MGQ2Y2E5NWUyNzcwZjU1MzQwZDkwOWVjN2M5N2VlY2Ez
ZmUyMGUwHhcNMjQwMTAxMTAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ4Zjk5MDliYmFhZDk3NTY0MWMyNzYxNmQ4NGEwOTg0YTkzYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWTTVPd8EgvtbMuPxNqtTlbUwhFu
3Fg+MVMM5DhF2JrZV1Xs54Aw8H1ZZBheBmc3qe55b3B7DG3vkjxakNAA/MX2kkSA
PFikzj+Pa0UuhdmFyQZ7KXFnkegNbL3AzgVXLfq3is4OgrNSYb0UrAndeIq0bIRd
Fk7LiOsu6DgKJ+XdoEj7T+fkNNvJ8xAspQx4AjRlTDrClesAuQEDqqnDlsNN9LvP
WmQqzixlUsW14nD8GATtxRvrbvDZZ1xBI6nSVMkLbtT9Bad10W89igOo2C+WZ52J
1OHf6vDwct946iqJbqQKjP+GYuHur4GWRdrtK8ntIYMXY3bP42QMg3LLwQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFCjY+ZCbuq2XVkHCdhbYSgmEqTwTMB8GA1UdIwQY
MBaAFLYNbKleJ3D1U0DZCex8l+7KP+IOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGcxc3FWNG5jUFZUUU5rSjdIeVg3c29fNGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wMzNlOGItYmRlMS00ZjkwLWJhZjUt
MjM4NDdhNDBkOWU0LzEvS05qNWtKdTZyWmRXUWNKMkZ0aEtDWVNwUEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wMzNlOGItYmRlMS00ZjkwLWJhZjUtMjM4NDdhNDBkOWU0
LzEvdGcxc3FWNG5jUFZUUU5rSjdIeVg3c29fNGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQBufiAMAwD
BAPCH6gDBADCH6owDQQCAAIwBwMFAyoN5YAwDQYJKoZIhvcNAQELBQADggEBABCS
bQCgyui2YYXgWEkPqJm19hZDhyA7ut/9CV4fy4D1eZfRWRu7jgA9cO9cPvy3K5Y3
w7mac5xBUva6rDyKQBTavP6ZNtw+rsQ4WBJM8mZthh/m9a2UxFJAK7dZF+H1tJVE
dK4ou4pw3CuQgdyhVRFxpi2z8nVPyXNouNBBYtrKKpma4qTCg6DeJZ8E5UgXfUQH
gheGajgMCcOmssMRYl/e4wDOAzdOaDACHljTJyzZZUJmItGCQ863K01TfuBdrIRy
9lzeE72+JUoKQVQGhYk6gqBbcN5qIj4bNENnOcBFFrgaXF5LY0rLJ9dZwqrX3QgZ
78S/OkrmFsfnAtpquog=
-----END CERTIFICATE-----
Generated at Fri Jun 7 20:27:06 2024 by rpki-client on console-ams.rpki-client.org