Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/hJXYHdb8l7pNOL2oF4BTrhjR6lk.roa
File: hJXYHdb8l7pNOL2oF4BTrhjR6lk.roa (raw, json)
Hash identifier: OAJEsPRlHocVHwIIQ2mmrfFarFovfsjMGWY8FBw3yOQ=
Subject key identifier: 84:95:D8:1D:D6:FC:97:BA:4D:38:BD:A8:17:80:53:AE:18:D1:EA:59
Certificate issuer: /CN=d8215b57d33cb2f34c17c0e8103bb051ff801ebf
Certificate serial: 018CC56E0B0014FEF3BF8D26F862D0858E01
Authority key identifier: D8:21:5B:57:D3:3C:B2:F3:4C:17:C0:E8:10:3B:B0:51:FF:80:1E:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2CFbV9M8svNMF8DoEDuwUf-AHr8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/hJXYHdb8l7pNOL2oF4BTrhjR6lk.roa
Signing time: Mon 01 Jan 2024 14:29:32 +0000
ROA not before: Mon 01 Jan 2024 14:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29672
IP address blocks: 217.21.224.0/20 maxlen: 20
217.21.237.0/24 maxlen: 24
2a03:c780::/29 maxlen: 29
2a03:c780::/32 maxlen: 32
2a03:c780:6::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/2CFbV9M8svNMF8DoEDuwUf-AHr8.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/2CFbV9M8svNMF8DoEDuwUf-AHr8.mft
rsync://rpki.ripe.net/repository/DEFAULT/2CFbV9M8svNMF8DoEDuwUf-AHr8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:0b:00:14:fe:f3:bf:8d:26:f8:62:d0:85:8e:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8215b57d33cb2f34c17c0e8103bb051ff801ebf
Validity
Not Before: Jan 1 14:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8495d81dd6fc97ba4d38bda8178053ae18d1ea59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:39:38:f9:09:4a:84:02:b8:33:b9:fa:1b:19:
f8:51:d0:e5:5e:98:52:cc:61:92:6a:d0:d6:fa:2a:
ce:24:0a:5c:54:aa:e3:6d:a2:20:5c:35:e5:1f:3d:
d1:b3:ab:16:50:41:43:33:b5:55:82:11:4c:0e:20:
ec:01:a1:13:87:05:ed:9a:78:18:b1:81:56:ce:a3:
b9:a1:b1:49:96:25:07:46:67:8e:89:d6:65:6e:d2:
a9:b6:ba:74:9f:e9:89:e1:b4:0a:94:0d:aa:a4:7f:
2d:76:53:87:d6:f0:5f:8a:83:44:a4:b5:73:62:13:
c9:5d:2d:07:ab:8b:d0:74:1a:0d:07:7b:cc:52:28:
80:f0:c1:57:ff:d1:a7:28:61:c6:77:3e:87:b6:85:
d9:40:66:bd:bd:c1:b5:73:72:78:9c:1b:44:af:b9:
fb:59:1e:ea:88:de:72:b0:b6:ca:01:5f:78:d6:79:
7f:b1:bb:cd:50:4a:97:dc:7a:ad:5a:0c:6f:18:a1:
4d:b4:85:18:78:53:3d:96:1e:65:96:30:64:fa:0f:
75:ee:e5:a9:34:e7:45:b6:c7:7c:ca:1a:e0:5f:ca:
5e:1e:67:d1:47:8c:6a:4b:d1:8e:29:8f:d9:4c:4a:
29:bf:e1:05:50:60:98:2c:45:1d:34:9c:9a:29:47:
bb:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:95:D8:1D:D6:FC:97:BA:4D:38:BD:A8:17:80:53:AE:18:D1:EA:59
X509v3 Authority Key Identifier:
keyid:D8:21:5B:57:D3:3C:B2:F3:4C:17:C0:E8:10:3B:B0:51:FF:80:1E:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2CFbV9M8svNMF8DoEDuwUf-AHr8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/hJXYHdb8l7pNOL2oF4BTrhjR6lk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/2CFbV9M8svNMF8DoEDuwUf-AHr8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.21.224.0/20
IPv6:
2a03:c780::/29
Signature Algorithm: sha256WithRSAEncryption
4b:04:d9:2a:22:e4:a3:af:b8:cb:f8:85:5b:11:c8:a6:c8:d5:
72:ad:b4:da:18:a9:02:38:68:aa:17:22:6e:d7:1f:31:5c:09:
8c:e5:64:78:f3:f2:07:65:95:08:4f:a7:29:61:9e:94:4e:56:
d1:af:66:25:6e:8f:67:fa:af:39:25:97:25:95:bb:31:a6:2b:
db:fe:97:31:7c:d2:73:63:9e:25:fc:b6:eb:6e:cd:22:1c:ce:
ab:fa:d4:65:eb:d7:b8:ad:28:dd:be:ab:9f:c3:7c:97:9a:04:
dd:92:99:2e:bd:1d:cd:6c:af:ba:72:30:15:55:c0:5f:b0:34:
fc:f0:4a:6d:b5:54:13:10:22:69:90:1b:8a:37:9c:2a:9f:f8:
d2:02:7d:e5:78:fc:93:0a:56:f7:ce:1e:ba:0c:36:2b:5a:88:
13:6f:46:e9:f1:43:66:43:34:04:67:12:7b:68:0d:28:6a:37:
fd:ba:0a:e1:35:ac:49:ce:1e:e1:21:3d:26:b6:83:c6:c0:7c:
a2:a1:8b:15:c3:20:8f:87:b6:5f:cc:ad:ce:89:0d:6f:6d:c1:
b3:45:91:ed:91:c9:43:5c:53:e7:c6:65:88:6e:50:6c:d0:f2:
de:84:37:50:de:a2:f8:57:b9:d3:fe:df:90:7a:bc:13:6d:ac:
55:d9:a0:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbgsAFP7zv40m+GLQhY4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MjE1YjU3ZDMzY2IyZjM0YzE3YzBlODEwM2JiMDUxZmY4
MDFlYmYwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk1ZDgxZGQ2ZmM5N2JhNGQzOGJkYTgxNzgwNTNhZTE4ZDFlYTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTk4+QlKhAK4M7n6Gxn4UdDlXphS
zGGSatDW+irOJApcVKrjbaIgXDXlHz3Rs6sWUEFDM7VVghFMDiDsAaEThwXtmngY
sYFWzqO5obFJliUHRmeOidZlbtKptrp0n+mJ4bQKlA2qpH8tdlOH1vBfioNEpLVz
YhPJXS0Hq4vQdBoNB3vMUiiA8MFX/9GnKGHGdz6HtoXZQGa9vcG1c3J4nBtEr7n7
WR7qiN5ysLbKAV941nl/sbvNUEqX3HqtWgxvGKFNtIUYeFM9lh5lljBk+g917uWp
NOdFtsd8yhrgX8peHmfRR4xqS9GOKY/ZTEopv+EFUGCYLEUdNJyaKUe7BQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFISV2B3W/Je6TTi9qBeAU64Y0epZMB8GA1UdIwQY
MBaAFNghW1fTPLLzTBfA6BA7sFH/gB6/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNGYlY5TThzdk5NRjhEb0VEdXdVZi1BSHI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yYjA3YTQtNWMwMC00MTQwLTk4OTYt
NjJkYzQ0N2ZlNDM4LzEvaEpYWUhkYjhsN3BOT0wyb0Y0QlRyaGpSNmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yYjA3YTQtNWMwMC00MTQwLTk4OTYtNjJkYzQ0N2ZlNDM4
LzEvMkNGYlY5TThzdk5NRjhEb0VEdXdVZi1BSHI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2RXgMA0E
AgACMAcDBQMqA8eAMA0GCSqGSIb3DQEBCwUAA4IBAQBLBNkqIuSjr7jL+IVbEcim
yNVyrbTaGKkCOGiqFyJu1x8xXAmM5WR48/IHZZUIT6cpYZ6UTlbRr2Ylbo9n+q85
JZcllbsxpivb/pcxfNJzY54l/Lbrbs0iHM6r+tRl69e4rSjdvqufw3yXmgTdkpku
vR3NbK+6cjAVVcBfsDT88EpttVQTECJpkBuKN5wqn/jSAn3lePyTClb3zh66DDYr
WogTb0bp8UNmQzQEZxJ7aA0oajf9ugrhNaxJzh7hIT0mtoPGwHyioYsVwyCPh7Zf
zK3OiQ1vbcGzRZHtkclDXFPnxmWIblBs0PLehDdQ3qL4V7nT/t+QerwTbaxV2aBU
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:16:46 2024 by rpki-client on console-ams.rpki-client.org