Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/3jG9HRoRvbOLLYE1do4KITuqMmI.roa
File: 3jG9HRoRvbOLLYE1do4KITuqMmI.roa (raw, json)
Hash identifier: xEUb0zjZDshjLFu2b3Rk2y9KyCJRqj3/QMMzAQN+a2Y=
Subject key identifier: DE:31:BD:1D:1A:11:BD:B3:8B:2D:81:35:76:8E:0A:21:3B:AA:32:62
Certificate issuer: /CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
Certificate serial: 018CC5DBFE5AAD99B60C043BE71E76AE725D
Authority key identifier: D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/3jG9HRoRvbOLLYE1do4KITuqMmI.roa
Signing time: Mon 01 Jan 2024 16:29:38 +0000
ROA not before: Mon 01 Jan 2024 16:29:38 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 33835
IP address blocks: 217.169.240.0/20 maxlen: 20
217.169.246.0/23 maxlen: 23
92.42.216.0/21 maxlen: 21
130.185.168.0/22 maxlen: 22
130.185.170.0/24 maxlen: 24
2a02:2440::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.mft
rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 May 2024 01:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:db:fe:5a:ad:99:b6:0c:04:3b:e7:1e:76:ae:72:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
Validity
Not Before: Jan 1 16:29:38 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=de31bd1d1a11bdb38b2d8135768e0a213baa3262
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ad:f8:f7:f3:7c:03:13:fb:89:b2:47:79:b0:
f6:99:9e:32:c4:ed:26:26:79:6a:85:c8:7f:fd:24:
d7:2d:3f:82:69:3d:27:e0:75:ce:e8:ad:1d:7a:30:
49:4c:98:78:ce:a1:66:3b:79:95:c3:ff:91:84:a9:
81:1c:ea:3f:5f:75:d8:9f:7d:f0:90:27:0b:eb:bf:
6d:e7:bf:2e:06:d1:e9:93:ec:ed:81:a5:50:d6:dc:
db:d8:c2:e3:cd:d3:b6:61:d4:76:fb:c2:2a:56:79:
cd:ce:70:ff:e6:1a:72:65:a8:96:ed:cb:0e:d0:ba:
f8:6f:52:a0:02:3f:66:43:76:1d:b6:b9:55:db:1b:
b2:73:ae:47:02:33:fa:27:fa:c1:64:5c:df:d3:9c:
61:76:15:4f:f6:e3:ef:b7:2c:e5:29:9a:03:c7:ae:
f6:2e:59:96:50:bb:fb:72:ba:e8:71:0a:a6:2d:ab:
23:02:e4:f6:3d:30:08:19:c1:1c:32:fd:ec:e8:c3:
fd:5d:3c:0f:aa:93:25:a2:a1:89:f7:89:d5:e0:45:
f5:5a:50:cd:7d:85:40:36:67:1b:28:4e:a3:5c:18:
cc:fa:1e:1c:ea:4c:c1:4a:59:f7:06:d6:12:be:21:
ba:30:41:ae:1d:33:e8:dc:8e:03:8c:a5:ff:7b:40:
2a:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:31:BD:1D:1A:11:BD:B3:8B:2D:81:35:76:8E:0A:21:3B:AA:32:62
X509v3 Authority Key Identifier:
keyid:D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/3jG9HRoRvbOLLYE1do4KITuqMmI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.42.216.0/21
130.185.168.0/22
217.169.240.0/20
IPv6:
2a02:2440::/32
Signature Algorithm: sha256WithRSAEncryption
dd:7d:b1:f8:b7:e7:76:af:45:4e:b6:6d:b8:8d:2e:73:ed:f4:
ff:06:47:40:f2:86:32:a9:e8:95:a0:ab:97:e8:05:1c:7a:54:
a6:dd:c8:f9:a1:3a:a2:92:8f:47:7c:3e:63:e8:be:f7:cd:01:
cb:19:8e:c7:e7:76:45:50:2e:a9:2d:a7:2a:97:c0:1b:f7:85:
55:13:f8:db:33:3d:67:27:d0:33:bf:07:0f:8f:f3:3a:93:ac:
cd:15:11:cf:78:e5:9e:ef:69:34:a7:87:7a:7e:07:2a:fc:97:
36:e5:f0:bd:40:6b:02:15:68:c9:ef:16:00:bf:05:d7:76:b1:
42:61:56:78:75:b4:83:b4:8b:d2:ca:4d:cb:b6:42:17:d5:3c:
d8:d2:9c:c9:b3:ae:70:3e:31:17:ae:5f:51:63:0f:eb:86:ae:
de:16:16:94:39:86:f9:4a:bc:8e:c1:38:20:b8:cb:ed:a4:ea:
54:49:a3:85:1b:36:e3:f7:36:8e:0f:38:50:56:17:10:ea:64:
e4:e9:b1:51:6b:81:a4:ab:e5:49:5f:57:b0:7d:e8:f4:23:51:
8a:70:fa:e1:36:ce:92:dd:82:20:49:37:e5:0b:39:1a:72:76:
1c:e5:46:40:ca:8c:c7:53:ec:ec:19:9e:43:da:67:04:74:a3:
8b:72:a7:11
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzF2/5arZm2DAQ75x52rnJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODU1NWY5YTUyNzI3ZjZiY2Y3MTVjYjQ3NTBhMmE0YTZj
MzUxNjEwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTMxYmQxZDFhMTFiZGIzOGIyZDgxMzU3NjhlMGEyMTNiYWEzMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva349/N8AxP7ibJHebD2mZ4yxO0m
Jnlqhch//STXLT+CaT0n4HXO6K0dejBJTJh4zqFmO3mVw/+RhKmBHOo/X3XYn33w
kCcL679t578uBtHpk+ztgaVQ1tzb2MLjzdO2YdR2+8IqVnnNznD/5hpyZaiW7csO
0Lr4b1KgAj9mQ3YdtrlV2xuyc65HAjP6J/rBZFzf05xhdhVP9uPvtyzlKZoDx672
LlmWULv7crrocQqmLasjAuT2PTAIGcEcMv3s6MP9XTwPqpMloqGJ94nV4EX1WlDN
fYVANmcbKE6jXBjM+h4c6kzBSln3BtYSviG6MEGuHTPo3I4DjKX/e0AqRQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN4xvR0aEb2ziy2BNXaOCiE7qjJiMB8GA1UdIwQY
MBaAFNSFVfmlJyf2vPcVy0dQoqSmw1FhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlWVi1hVW5KX2E4OXhYTFIxQ2lwS2JEVVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9lNDU1NzctNjViMS00ZDQzLTg1M2Et
MDJhYmY4NTcyZmNiLzEvM2pHOUhSb1J2Yk9MTFlFMWRvNEtJVHVxTW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9lNDU1NzctNjViMS00ZDQzLTg1M2EtMDJhYmY4NTcyZmNi
LzEvMUlWVi1hVW5KX2E4OXhYTFIxQ2lwS2JEVVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDXCrYAwQC
grmoAwQE2anwMA0EAgACMAcDBQAqAiRAMA0GCSqGSIb3DQEBCwUAA4IBAQDdfbH4
t+d2r0VOtm24jS5z7fT/BkdA8oYyqeiVoKuX6AUcelSm3cj5oTqiko9HfD5j6L73
zQHLGY7H53ZFUC6pLacql8Ab94VVE/jbMz1nJ9AzvwcPj/M6k6zNFRHPeOWe72k0
p4d6fgcq/Jc25fC9QGsCFWjJ7xYAvwXXdrFCYVZ4dbSDtIvSyk3LtkIX1TzY0pzJ
s65wPjEXrl9RYw/rhq7eFhaUOYb5SryOwTgguMvtpOpUSaOFGzbj9zaODzhQVhcQ
6mTk6bFRa4Gkq+VJX1ewfej0I1GKcPrhNs6S3YIgSTflCzkacnYc5UZAyozHU+zs
GZ5D2mcEdKOLcqcR
-----END CERTIFICATE-----
Generated at Sun May 19 07:04:56 2024 by rpki-client on console-ams.rpki-client.org