Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/60dc0f-0aed-4bee-90b7-367dc385261a/1/cL5rqWTJuXbqojs7a-H_wPc0hVQ.roa
File: cL5rqWTJuXbqojs7a-H_wPc0hVQ.roa (raw, json)
Hash identifier: vHBMA2C5dkk4W8b9ylrnUt8i90Tao9lgfWOH2Ch7jB4=
Subject key identifier: 70:BE:6B:A9:64:C9:B9:76:EA:A2:3B:3B:6B:E1:FF:C0:F7:34:85:54
Certificate issuer: /CN=1820f13139161384eaf13a1f7db60e2c68a43956
Certificate serial: 018CC492E5904127636BDEFB3BA03EF4713F
Authority key identifier: 18:20:F1:31:39:16:13:84:EA:F1:3A:1F:7D:B6:0E:2C:68:A4:39:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GCDxMTkWE4Tq8ToffbYOLGikOVY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/60dc0f-0aed-4bee-90b7-367dc385261a/1/cL5rqWTJuXbqojs7a-H_wPc0hVQ.roa
Signing time: Mon 01 Jan 2024 10:30:10 +0000
ROA not before: Mon 01 Jan 2024 10:30:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35433
IP address blocks: 84.18.224.0/19 maxlen: 24
85.208.12.0/22 maxlen: 24
91.193.8.0/22 maxlen: 22
2a09:8040::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/60dc0f-0aed-4bee-90b7-367dc385261a/1/GCDxMTkWE4Tq8ToffbYOLGikOVY.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/60dc0f-0aed-4bee-90b7-367dc385261a/1/GCDxMTkWE4Tq8ToffbYOLGikOVY.mft
rsync://rpki.ripe.net/repository/DEFAULT/GCDxMTkWE4Tq8ToffbYOLGikOVY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:92:e5:90:41:27:63:6b:de:fb:3b:a0:3e:f4:71:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1820f13139161384eaf13a1f7db60e2c68a43956
Validity
Not Before: Jan 1 10:30:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=70be6ba964c9b976eaa23b3b6be1ffc0f7348554
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:23:95:21:38:09:f3:c4:c8:0d:25:8b:3d:51:
d4:5c:9d:d3:ad:04:04:3a:8c:5e:99:2e:87:9b:c8:
0f:b6:74:83:ba:7b:4d:a6:23:db:48:3e:8b:04:aa:
bc:08:5e:f0:93:b8:af:54:e8:c0:33:db:79:7b:55:
da:c6:4e:4d:77:f0:98:fa:5a:3b:ef:3e:42:3f:f2:
51:d4:27:e2:56:87:a9:4b:92:db:b1:02:f6:b5:2a:
d5:c5:3f:61:dc:d9:6c:3b:1b:3d:d5:d2:68:7b:24:
57:34:1e:8a:52:b8:fa:f3:cf:d9:13:64:3e:49:20:
e5:1f:d4:c9:f1:38:fc:0f:17:4a:17:d2:a4:20:72:
4c:ac:78:11:40:eb:ba:eb:9e:05:20:ba:f3:b5:e6:
6c:a5:59:9d:ae:59:07:2a:a8:5b:d4:be:8b:57:79:
89:ef:60:40:37:7d:da:d9:f4:46:31:2c:92:e3:d0:
a9:1d:ae:7c:a3:13:56:bf:29:5c:56:88:b1:9e:c2:
d3:dc:b0:61:df:b9:95:cd:ef:db:e7:97:0b:87:c3:
7b:5c:76:84:ae:28:ac:39:e2:ef:9a:64:9f:50:65:
40:31:b9:59:90:be:87:b2:4d:89:20:e2:4c:3e:bf:
d2:d3:95:43:b4:3a:ac:07:bd:a3:f0:64:72:23:c7:
7d:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:BE:6B:A9:64:C9:B9:76:EA:A2:3B:3B:6B:E1:FF:C0:F7:34:85:54
X509v3 Authority Key Identifier:
keyid:18:20:F1:31:39:16:13:84:EA:F1:3A:1F:7D:B6:0E:2C:68:A4:39:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GCDxMTkWE4Tq8ToffbYOLGikOVY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/60dc0f-0aed-4bee-90b7-367dc385261a/1/cL5rqWTJuXbqojs7a-H_wPc0hVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/60dc0f-0aed-4bee-90b7-367dc385261a/1/GCDxMTkWE4Tq8ToffbYOLGikOVY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.18.224.0/19
85.208.12.0/22
91.193.8.0/22
IPv6:
2a09:8040::/29
Signature Algorithm: sha256WithRSAEncryption
8d:fc:b0:73:a1:86:fa:39:80:06:53:9a:d0:85:c0:22:df:73:
f4:16:51:ca:63:9b:20:ab:6a:13:91:57:da:0c:cc:ce:05:26:
73:6b:28:4e:ac:ef:e5:57:94:f1:6b:f9:d8:ec:8a:d6:16:a6:
8d:8f:d6:37:c9:56:f6:32:c2:25:8b:68:26:8c:7b:b7:e5:0e:
e8:35:79:8d:b8:e9:fb:75:2c:89:2d:16:8b:c1:cd:9e:8f:15:
6c:24:8e:96:ee:93:d0:0f:f9:be:f1:7e:66:57:13:f9:fd:e6:
d7:df:a2:94:5c:10:ee:70:de:c8:5a:d5:07:79:cb:cd:a9:13:
e0:1b:80:ad:9d:97:f8:10:07:18:a5:74:5e:88:1c:1a:4c:f4:
9b:67:44:24:bc:36:8c:0b:a5:49:85:5b:6d:83:a8:8b:48:c1:
6a:ae:48:42:f1:cd:88:d4:aa:8d:b9:30:64:87:4e:17:21:14:
a9:7f:d9:61:2d:ab:59:6e:1b:de:bf:f5:86:65:a2:19:d7:a6:
02:25:33:c4:20:fe:56:1b:47:3c:7b:de:e7:29:e3:db:ae:e1:
bb:ea:38:9b:bd:68:ff:de:a4:61:e8:a2:29:6e:a4:56:3b:bb:
39:fe:a0:52:9b:71:19:36:d4:9b:f5:0e:cb:1c:95:9b:89:0d:
2a:9d:0c:52
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzEkuWQQSdja977O6A+9HE/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MjBmMTMxMzkxNjEzODRlYWYxM2ExZjdkYjYwZTJjNjhh
NDM5NTYwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGJlNmJhOTY0YzliOTc2ZWFhMjNiM2I2YmUxZmZjMGY3MzQ4NTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCOVITgJ88TIDSWLPVHUXJ3TrQQE
OoxemS6Hm8gPtnSDuntNpiPbSD6LBKq8CF7wk7ivVOjAM9t5e1Xaxk5Nd/CY+lo7
7z5CP/JR1CfiVoepS5LbsQL2tSrVxT9h3NlsOxs91dJoeyRXNB6KUrj688/ZE2Q+
SSDlH9TJ8Tj8DxdKF9KkIHJMrHgRQOu6654FILrzteZspVmdrlkHKqhb1L6LV3mJ
72BAN33a2fRGMSyS49CpHa58oxNWvylcVoixnsLT3LBh37mVze/b55cLh8N7XHaE
riisOeLvmmSfUGVAMblZkL6Hsk2JIOJMPr/S05VDtDqsB72j8GRyI8d9NwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHC+a6lkybl26qI7O2vh/8D3NIVUMB8GA1UdIwQY
MBaAFBgg8TE5FhOE6vE6H322DixopDlWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0NEeE1Ua1dFNFRxOFRvZmZiWU9MR2lrT1ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82MGRjMGYtMGFlZC00YmVlLTkwYjct
MzY3ZGMzODUyNjFhLzEvY0w1cnFXVEp1WGJxb2pzN2EtSF93UGMwaFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82MGRjMGYtMGFlZC00YmVlLTkwYjctMzY3ZGMzODUyNjFh
LzEvR0NEeE1Ua1dFNFRxOFRvZmZiWU9MR2lrT1ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFVBLgAwQC
VdAMAwQCW8EIMA0EAgACMAcDBQMqCYBAMA0GCSqGSIb3DQEBCwUAA4IBAQCN/LBz
oYb6OYAGU5rQhcAi33P0FlHKY5sgq2oTkVfaDMzOBSZzayhOrO/lV5Txa/nY7IrW
FqaNj9Y3yVb2MsIli2gmjHu35Q7oNXmNuOn7dSyJLRaLwc2ejxVsJI6W7pPQD/m+
8X5mVxP5/ebX36KUXBDucN7IWtUHecvNqRPgG4CtnZf4EAcYpXReiBwaTPSbZ0Qk
vDaMC6VJhVttg6iLSMFqrkhC8c2I1KqNuTBkh04XIRSpf9lhLatZbhvev/WGZaIZ
16YCJTPEIP5WG0c8e97nKePbruG76jibvWj/3qRh6KIpbqRWO7s5/qBSm3EZNtSb
9Q7LHJWbiQ0qnQxS
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:32:32 2024 by rpki-client on console-ams.rpki-client.org