Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa
File: Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa (raw, json)
Hash identifier: UMdHSdtudYBclN7puqWRGD2kkJNfiHTRa0kTB4vhCyU=
Subject key identifier: 33:3C:B5:C3:99:F6:86:A4:C4:42:64:6D:18:98:83:E9:C9:6D:44:66
Certificate issuer: /CN=ccb75341500807a9750a8cf55bf4e45ff03f312a
Certificate serial: 018CC86F85ECD05E88D23B22D40BE522EF67
Authority key identifier: CC:B7:53:41:50:08:07:A9:75:0A:8C:F5:5B:F4:E4:5F:F0:3F:31:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zLdTQVAIB6l1Coz1W_TkX_A_MSo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa
Signing time: Tue 02 Jan 2024 04:30:01 +0000
ROA not before: Tue 02 Jan 2024 04:30:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14618
IP address blocks: 157.84.32.0/23 maxlen: 23
157.84.40.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/zLdTQVAIB6l1Coz1W_TkX_A_MSo.crl
rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/zLdTQVAIB6l1Coz1W_TkX_A_MSo.mft
rsync://rpki.ripe.net/repository/DEFAULT/zLdTQVAIB6l1Coz1W_TkX_A_MSo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 25 Nov 2024 18:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:85:ec:d0:5e:88:d2:3b:22:d4:0b:e5:22:ef:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccb75341500807a9750a8cf55bf4e45ff03f312a
Validity
Not Before: Jan 2 04:30:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=333cb5c399f686a4c442646d189883e9c96d4466
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:2f:6f:21:e9:98:76:f4:f8:58:23:fa:ce:41:
a5:7f:b9:24:05:af:3e:29:e9:a0:0a:0c:77:e1:0b:
d1:fc:b6:cf:c5:56:c0:8a:6d:d1:85:94:bd:cc:b5:
3a:36:c5:09:2b:78:b7:ec:39:45:32:71:0c:ca:04:
3d:a9:c4:e7:9f:b9:20:a6:16:02:0c:5a:51:29:3a:
be:08:ce:66:7d:5c:61:77:a9:44:2f:f5:d7:9f:6c:
bd:57:95:33:4f:64:c4:df:6e:ec:4e:d1:39:19:64:
ff:f1:77:ef:4a:ef:a6:79:9e:8d:5b:b7:06:fb:fb:
7e:f5:8a:a4:cd:d0:e7:20:b9:72:91:aa:57:39:23:
89:bf:4f:1f:5f:5c:a7:36:28:54:40:c3:6b:e0:a2:
11:a0:c9:94:14:7c:d1:1d:d6:ff:22:65:3b:38:eb:
53:6e:fb:7b:63:25:9a:08:5a:33:f3:13:5c:f3:c1:
e6:79:60:07:cd:04:c1:02:b2:58:48:90:23:13:3e:
6a:25:c4:99:fa:14:52:ef:39:60:ac:a2:65:e9:55:
3f:99:99:a6:31:0c:e1:18:09:52:e9:1e:8d:28:c4:
11:f6:b4:2d:0a:27:33:d0:93:07:23:f9:58:05:8c:
93:d0:a5:5b:63:15:b1:3b:f2:e2:75:cd:9e:08:c1:
83:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:3C:B5:C3:99:F6:86:A4:C4:42:64:6D:18:98:83:E9:C9:6D:44:66
X509v3 Authority Key Identifier:
keyid:CC:B7:53:41:50:08:07:A9:75:0A:8C:F5:5B:F4:E4:5F:F0:3F:31:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zLdTQVAIB6l1Coz1W_TkX_A_MSo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/zLdTQVAIB6l1Coz1W_TkX_A_MSo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
157.84.32.0/23
157.84.40.0/23
Signature Algorithm: sha256WithRSAEncryption
3d:fc:b7:ea:ab:2a:1f:30:16:09:19:69:85:92:0a:43:87:d6:
71:6d:4f:e4:66:81:13:8c:50:21:7e:bc:ea:47:9d:27:e2:77:
d8:ea:41:50:78:92:9c:f1:b7:86:fe:c4:6b:ee:d0:26:37:2a:
67:c8:af:29:a7:ed:30:66:70:a3:b3:e2:cf:59:ce:23:b2:98:
4b:8f:54:1d:65:f9:ab:9a:c6:49:7f:06:ad:1b:68:a1:07:16:
3b:3c:6a:28:5b:e4:df:23:71:ce:40:b4:0d:ec:09:8c:cb:bd:
5b:46:d2:6b:b1:10:41:fc:99:ef:7b:fb:d4:d6:3f:35:4e:04:
3d:8c:a6:83:67:2a:0f:4d:18:b8:5a:5e:34:40:c5:09:92:69:
3a:03:c9:1e:f4:56:9e:cb:f5:ea:0b:95:a1:72:f5:3d:92:71:
49:8f:01:06:dc:81:00:c3:f6:4a:0b:3e:0d:e2:ea:2f:d2:e3:
cd:df:85:e3:67:34:bd:40:9e:4d:4d:b3:29:2e:78:a0:23:6f:
1e:b5:80:12:0b:5a:84:7d:03:47:69:8a:3e:9f:79:a8:c9:62:
4c:d8:91:e9:b7:33:0a:5e:60:72:1b:07:48:05:99:8a:2c:e2:
4e:3b:27:05:cf:c7:3b:97:e3:e5:03:41:7f:67:11:ae:cd:b2:
9a:8f:4f:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb4Xs0F6I0jsi1AvlIu9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYjc1MzQxNTAwODA3YTk3NTBhOGNmNTViZjRlNDVmZjAz
ZjMxMmEwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNjYjVjMzk5ZjY4NmE0YzQ0MjY0NmQxODk4ODNlOWM5NmQ0NDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxC9vIemYdvT4WCP6zkGlf7kkBa8+
KemgCgx34QvR/LbPxVbAim3RhZS9zLU6NsUJK3i37DlFMnEMygQ9qcTnn7kgphYC
DFpRKTq+CM5mfVxhd6lEL/XXn2y9V5UzT2TE327sTtE5GWT/8XfvSu+meZ6NW7cG
+/t+9YqkzdDnILlykapXOSOJv08fX1ynNihUQMNr4KIRoMmUFHzRHdb/ImU7OOtT
bvt7YyWaCFoz8xNc88HmeWAHzQTBArJYSJAjEz5qJcSZ+hRS7zlgrKJl6VU/mZmm
MQzhGAlS6R6NKMQR9rQtCicz0JMHI/lYBYyT0KVbYxWxO/Lidc2eCMGDQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDM8tcOZ9oakxEJkbRiYg+nJbURmMB8GA1UdIwQY
MBaAFMy3U0FQCAepdQqM9Vv05F/wPzEqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekxkVFFWQUlCNmwxQ296MVdfVGtYX0FfTVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lZmZiMmYtOWZiZi00ODhiLTkzMTUt
YTk5YTIxMDE1OTM3LzEvTXp5MXc1bjJocVRFUW1SdEdKaUQ2Y2x0UkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lZmZiMmYtOWZiZi00ODhiLTkzMTUtYTk5YTIxMDE1OTM3
LzEvekxkVFFWQUlCNmwxQ296MVdfVGtYX0FfTVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnVQgAwQB
nVQoMA0GCSqGSIb3DQEBCwUAA4IBAQA9/LfqqyofMBYJGWmFkgpDh9ZxbU/kZoET
jFAhfrzqR50n4nfY6kFQeJKc8beG/sRr7tAmNypnyK8pp+0wZnCjs+LPWc4jsphL
j1QdZfmrmsZJfwatG2ihBxY7PGooW+TfI3HOQLQN7AmMy71bRtJrsRBB/Jnve/vU
1j81TgQ9jKaDZyoPTRi4Wl40QMUJkmk6A8ke9Faey/XqC5WhcvU9knFJjwEG3IEA
w/ZKCz4N4uov0uPN34XjZzS9QJ5NTbMpLnigI28etYASC1qEfQNHaYo+n3moyWJM
2JHptzMKXmByGwdIBZmKLOJOOycFz8c7l+PlA0F/ZxGuzbKaj084
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:34:56 2024 by rpki-client on console-ams.rpki-client.org