Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/O5_OJhq7qGpysJkXM3_XKUD9np0.roa
File: O5_OJhq7qGpysJkXM3_XKUD9np0.roa (raw, json)
Hash identifier: vMS9TcU18DwfujzFww2AInSqyqrPH1L4qdRsFI9YPEs=
Subject key identifier: 3B:9F:CE:26:1A:BB:A8:6A:72:B0:99:17:33:7F:D7:29:40:FD:9E:9D
Certificate issuer: /CN=6d5f83ee02b173748be5de3b3b9c2531799268e8
Certificate serial: 018CC4245138C29E8E4823052CA403F724F7
Authority key identifier: 6D:5F:83:EE:02:B1:73:74:8B:E5:DE:3B:3B:9C:25:31:79:92:68:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bV-D7gKxc3SL5d47O5wlMXmSaOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/O5_OJhq7qGpysJkXM3_XKUD9np0.roa
Signing time: Mon 01 Jan 2024 08:29:23 +0000
ROA not before: Mon 01 Jan 2024 08:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50838
IP address blocks: 2001:67c:2ca6::/48 maxlen: 48
2001:67c:2ca1::/48 maxlen: 48
2001:67c:2ca4::/48 maxlen: 48
2001:67c:2c84::/48 maxlen: 48
2001:67c:2ca7::/48 maxlen: 48
2001:67c:2ca2::/48 maxlen: 48
2001:67c:2ca5::/48 maxlen: 48
2001:67c:2ca0::/48 maxlen: 48
2001:67c:2ca3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/bV-D7gKxc3SL5d47O5wlMXmSaOg.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/bV-D7gKxc3SL5d47O5wlMXmSaOg.mft
rsync://rpki.ripe.net/repository/DEFAULT/bV-D7gKxc3SL5d47O5wlMXmSaOg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 01:02:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:51:38:c2:9e:8e:48:23:05:2c:a4:03:f7:24:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d5f83ee02b173748be5de3b3b9c2531799268e8
Validity
Not Before: Jan 1 08:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3b9fce261abba86a72b09917337fd72940fd9e9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:97:02:0e:08:44:61:e4:ef:b1:5b:ad:9c:e0:
7a:c2:7d:dd:98:96:0b:76:05:e6:11:f5:25:a2:81:
72:f0:21:aa:b7:a2:94:d7:d9:f6:d1:f4:91:42:55:
55:e1:4a:f7:2b:84:9d:4e:7e:b4:f6:e4:97:b7:70:
ad:6c:93:a6:57:7f:38:91:aa:87:a9:8d:fd:04:50:
c5:99:84:49:f0:58:f8:04:a2:8f:ba:fe:8e:21:f3:
55:16:7f:9b:41:56:5b:91:7d:6b:3e:98:a3:5b:c7:
2e:cc:01:f2:71:b4:2d:4f:48:d8:42:5d:05:52:25:
d9:61:84:24:32:73:aa:69:c4:78:b4:5b:3b:39:74:
00:ec:34:11:26:de:dc:dc:db:ed:57:4a:34:84:7b:
32:a7:19:da:1d:41:f7:81:b0:16:e2:35:62:eb:87:
fc:38:64:67:79:aa:68:26:34:a1:81:e8:6e:7c:b8:
89:8d:ca:2f:a6:57:5d:70:d2:98:41:3c:b0:59:dc:
cd:42:fe:71:d1:98:f6:df:e4:92:9d:22:4a:7c:e1:
13:10:b3:79:b0:cf:aa:0a:80:de:ec:82:3b:ac:6e:
35:2f:f8:d7:f4:11:c6:d9:dc:c5:1b:d3:f9:10:a4:
c5:ae:0f:04:a7:4e:45:93:42:e5:41:cd:51:7c:76:
6c:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:9F:CE:26:1A:BB:A8:6A:72:B0:99:17:33:7F:D7:29:40:FD:9E:9D
X509v3 Authority Key Identifier:
keyid:6D:5F:83:EE:02:B1:73:74:8B:E5:DE:3B:3B:9C:25:31:79:92:68:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bV-D7gKxc3SL5d47O5wlMXmSaOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/O5_OJhq7qGpysJkXM3_XKUD9np0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/bV-D7gKxc3SL5d47O5wlMXmSaOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:2c84::/48
2001:67c:2ca0::/45
Signature Algorithm: sha256WithRSAEncryption
23:b0:c3:17:96:06:77:9e:6b:c7:22:72:40:ab:37:ef:30:ef:
56:ae:1d:4d:32:4b:23:92:53:a4:9a:49:04:e5:d3:fd:21:d1:
ef:7c:f7:a2:8b:90:c0:72:ec:b4:ca:cf:42:14:2e:93:a7:2f:
92:e7:e7:8a:d9:2a:ec:a7:93:66:00:0f:f2:b2:60:a6:6b:52:
8a:f3:b2:7b:43:b6:27:bd:17:8c:02:d3:b2:bf:3d:6e:40:fb:
6d:ab:2e:fe:99:2e:0a:b3:ca:35:7e:14:20:b5:ff:a8:ba:22:
70:b5:ee:2b:fb:71:08:c3:ee:90:eb:5a:e7:d3:3b:bd:90:5d:
c6:f1:a1:67:cc:04:32:a5:82:bd:aa:3c:cc:82:f9:91:5f:4f:
57:f9:df:70:75:f0:e1:54:36:10:99:80:84:f8:74:9a:a4:f3:
ce:e6:2c:0d:35:b3:89:10:5a:1c:b8:a8:40:42:62:9b:51:37:
ef:e2:61:c0:bb:a4:ab:a8:6b:41:48:a9:f0:0f:a9:23:05:89:
9b:45:16:57:ae:4b:b4:18:5f:9b:b5:7a:0e:49:06:38:bf:ea:
d7:d2:5c:f8:1e:4b:1d:72:92:35:4e:e0:3a:35:c5:95:f8:4f:
51:9a:62:e1:60:68:d0:bb:57:35:2f:53:cb:6d:01:27:4a:4c:
9e:20:87:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJFE4wp6OSCMFLKQD9yT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNWY4M2VlMDJiMTczNzQ4YmU1ZGUzYjNiOWMyNTMxNzk5
MjY4ZTgwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjlmY2UyNjFhYmJhODZhNzJiMDk5MTczMzdmZDcyOTQwZmQ5ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZcCDghEYeTvsVutnOB6wn3dmJYL
dgXmEfUlooFy8CGqt6KU19n20fSRQlVV4Ur3K4SdTn609uSXt3CtbJOmV384kaqH
qY39BFDFmYRJ8Fj4BKKPuv6OIfNVFn+bQVZbkX1rPpijW8cuzAHycbQtT0jYQl0F
UiXZYYQkMnOqacR4tFs7OXQA7DQRJt7c3NvtV0o0hHsypxnaHUH3gbAW4jVi64f8
OGRneapoJjShgehufLiJjcovplddcNKYQTywWdzNQv5x0Zj23+SSnSJKfOETELN5
sM+qCoDe7II7rG41L/jX9BHG2dzFG9P5EKTFrg8Ep05Fk0LlQc1RfHZsmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDufziYau6hqcrCZFzN/1ylA/Z6dMB8GA1UdIwQY
MBaAFG1fg+4CsXN0i+XeOzucJTF5kmjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlYtRDdnS3hjM1NMNWQ0N081d2xNWG1TYU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9mOTUwM2UtZGE4NS00NWZjLWIwMzIt
YjJlN2ZlZmY0MDJmLzEvTzVfT0pocTdxR3B5c0prWE0zX1hLVUQ5bnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9mOTUwM2UtZGE4NS00NWZjLWIwMzItYjJlN2ZlZmY0MDJm
LzEvYlYtRDdnS3hjM1NMNWQ0N081d2xNWG1TYU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfCyE
AwcDIAEGfCygMA0GCSqGSIb3DQEBCwUAA4IBAQAjsMMXlgZ3nmvHInJAqzfvMO9W
rh1NMksjklOkmkkE5dP9IdHvfPeii5DAcuy0ys9CFC6Tpy+S5+eK2Srsp5NmAA/y
smCma1KK87J7Q7YnvReMAtOyvz1uQPttqy7+mS4Ks8o1fhQgtf+ouiJwte4r+3EI
w+6Q61rn0zu9kF3G8aFnzAQypYK9qjzMgvmRX09X+d9wdfDhVDYQmYCE+HSapPPO
5iwNNbOJEFocuKhAQmKbUTfv4mHAu6SrqGtBSKnwD6kjBYmbRRZXrku0GF+btXoO
SQY4v+rX0lz4HksdcpI1TuA6NcWV+E9RmmLhYGjQu1c1L1PLbQEnSkyeIIdc
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:12:27 2024 by rpki-client on console-fra.rpki-client.org