Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/z3kb1jI0-Ixp5Z--g2mZmMnrAug.roa
File: z3kb1jI0-Ixp5Z--g2mZmMnrAug.roa (raw, json)
Hash identifier: 2aFKtjT180vdykdIF32MvNfBg3KCcJW8GWaXxjW2/CM=
Subject key identifier: CF:79:1B:D6:32:34:F8:8C:69:E5:9F:BE:83:69:99:98:C9:EB:02:E8
Certificate issuer: /CN=3618be04417a6bcb9f33942a631518be533ffaf4
Certificate serial: 018CC64AE1169C3E9DF669E777CB6635F119
Authority key identifier: 36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/z3kb1jI0-Ixp5Z--g2mZmMnrAug.roa
Signing time: Mon 01 Jan 2024 18:30:45 +0000
ROA not before: Mon 01 Jan 2024 18:30:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1299
IP address blocks: 83.137.24.0/21 maxlen: 21
185.93.216.0/22 maxlen: 22
194.63.148.0/22 maxlen: 22
109.106.32.0/21 maxlen: 21
109.106.40.0/22 maxlen: 22
185.127.172.0/22 maxlen: 22
195.60.192.0/22 maxlen: 22
212.120.32.0/19 maxlen: 24
213.213.160.0/19 maxlen: 19
2a02:ab0::/29 maxlen: 29
2a00:5480::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 16 May 2024 10:02:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4a:e1:16:9c:3e:9d:f6:69:e7:77:cb:66:35:f1:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3618be04417a6bcb9f33942a631518be533ffaf4
Validity
Not Before: Jan 1 18:30:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cf791bd63234f88c69e59fbe83699998c9eb02e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:2a:ef:a4:9a:bf:66:43:ff:23:f8:33:52:03:
f6:a4:7a:16:bb:05:b9:10:2b:e6:da:7d:08:da:57:
db:42:06:da:29:e8:da:86:ba:fd:dd:1c:81:49:41:
ef:ca:a9:3f:84:dc:38:72:b5:88:fe:51:1c:99:14:
71:bd:6d:97:9e:d0:d9:18:e4:63:39:f3:be:1b:d7:
09:0f:4f:00:e4:db:6d:e4:2e:24:3a:2a:b1:91:1b:
07:ad:4c:a4:6a:4c:ca:ca:52:05:c5:17:d7:bf:22:
3f:66:e7:00:6a:b1:fc:99:ab:a2:28:4d:98:04:7c:
23:54:f0:5d:b2:26:aa:de:4a:6b:b2:68:90:a1:d9:
f0:bf:ec:c3:b4:71:32:93:d8:7f:17:52:fa:a5:b8:
8e:31:b4:b6:55:95:e2:29:50:08:48:14:43:6d:93:
4c:6a:10:2e:5f:bf:ce:ef:b6:a7:6c:09:e8:ff:d5:
32:8c:3f:63:a6:ed:a1:9a:cb:68:64:5d:82:2b:91:
e9:79:6e:07:7f:fe:90:42:a6:09:26:12:4b:3c:69:
af:d9:3b:be:54:e6:29:33:83:67:a9:2c:3f:13:79:
41:c6:bc:60:50:2c:80:d5:fe:27:17:bc:ec:12:81:
4c:5a:6b:f3:16:ed:90:b7:6e:c2:7a:08:bd:99:24:
94:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:79:1B:D6:32:34:F8:8C:69:E5:9F:BE:83:69:99:98:C9:EB:02:E8
X509v3 Authority Key Identifier:
keyid:36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/z3kb1jI0-Ixp5Z--g2mZmMnrAug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.24.0/21
109.106.32.0-109.106.43.255
185.93.216.0/22
185.127.172.0/22
194.63.148.0/22
195.60.192.0/22
212.120.32.0/19
213.213.160.0/19
IPv6:
2a00:5480::/29
2a02:ab0::/29
Signature Algorithm: sha256WithRSAEncryption
7e:f7:61:5d:b6:c2:19:1a:70:16:7a:a1:b7:71:20:48:ff:38:
6f:89:b4:0d:8b:3f:c3:d8:0b:63:e6:3a:d5:7d:23:84:4a:c2:
4d:88:0b:54:d1:72:16:bc:e1:39:44:1d:99:45:0a:86:3e:a2:
d7:8c:4c:60:77:1a:07:30:82:91:fe:d5:e5:e0:e3:0d:44:38:
f7:76:d3:ea:0f:09:39:07:3c:96:99:32:8c:83:62:e6:db:37:
ae:7d:29:cb:1b:ca:d3:0c:66:a4:dc:be:48:a7:0c:05:31:85:
d8:95:c5:d7:29:8e:51:99:59:20:65:d8:f0:b9:c3:ee:86:1c:
97:87:f6:1a:62:72:97:e7:db:81:7f:1d:96:da:8b:d6:3c:55:
76:1e:5c:1a:0b:29:2c:08:ef:03:bd:93:39:f3:01:e4:8a:7b:
1c:fa:35:68:9f:d4:f9:43:12:2f:9a:60:16:f5:c0:11:4b:38:
fc:7b:37:4c:0f:66:62:6b:53:57:80:8c:f1:64:6d:d7:3f:77:
e5:14:69:f5:21:b9:f2:a8:4f:32:f5:6d:f6:f3:1b:e7:51:c3:
d6:1e:25:ad:6d:28:74:63:a0:5b:bc:1b:5a:43:ce:78:49:ec:
68:89:94:58:f3:e5:86:0a:13:c1:19:d3:1c:6f:79:18:b4:0c:
90:c0:dc:66
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYzGSuEWnD6d9mnnd8tmNfEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MThiZTA0NDE3YTZiY2I5ZjMzOTQyYTYzMTUxOGJlNTMz
ZmZhZjQwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjc5MWJkNjMyMzRmODhjNjllNTlmYmU4MzY5OTk5OGM5ZWIwMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlirvpJq/ZkP/I/gzUgP2pHoWuwW5
ECvm2n0I2lfbQgbaKejahrr93RyBSUHvyqk/hNw4crWI/lEcmRRxvW2XntDZGORj
OfO+G9cJD08A5Ntt5C4kOiqxkRsHrUykakzKylIFxRfXvyI/ZucAarH8mauiKE2Y
BHwjVPBdsiaq3kprsmiQodnwv+zDtHEyk9h/F1L6pbiOMbS2VZXiKVAISBRDbZNM
ahAuX7/O77anbAno/9UyjD9jpu2hmstoZF2CK5HpeW4Hf/6QQqYJJhJLPGmv2Tu+
VOYpM4NnqSw/E3lBxrxgUCyA1f4nF7zsEoFMWmvzFu2Qt27Cegi9mSSUHwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFM95G9YyNPiMaeWfvoNpmZjJ6wLoMB8GA1UdIwQY
MBaAFDYYvgRBemvLnzOUKmMVGL5TP/r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMt
MjI2OGU5N2E4YmMxLzEvejNrYjFqSTAtSXhwNVotLWcybVptTW5yQXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMtMjI2OGU5N2E4YmMx
LzEvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQDU4kYMAwD
BAVtaiADBAJtaigDBAK5XdgDBAK5f6wDBALCP5QDBALDPMADBAXUeCADBAXV1aAw
FAQCAAIwDgMFAyoAVIADBQMqAgqwMA0GCSqGSIb3DQEBCwUAA4IBAQB+92FdtsIZ
GnAWeqG3cSBI/zhvibQNiz/D2Atj5jrVfSOESsJNiAtU0XIWvOE5RB2ZRQqGPqLX
jExgdxoHMIKR/tXl4OMNRDj3dtPqDwk5BzyWmTKMg2Lm2zeufSnLG8rTDGak3L5I
pwwFMYXYlcXXKY5RmVkgZdjwucPuhhyXh/YaYnKX59uBfx2W2ovWPFV2HlwaCyks
CO8DvZM58wHkinsc+jVon9T5QxIvmmAW9cARSzj8ezdMD2Zia1NXgIzxZG3XP3fl
FGn1IbnyqE8y9W328xvnUcPWHiWtbSh0Y6BbvBtaQ854SexoiZRY8+WGChPBGdMc
b3kYtAyQwNxm
-----END CERTIFICATE-----
Generated at Wed May 15 16:57:24 2024 by rpki-client on console-ams.rpki-client.org