Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/1kFyUEkNaNG0UBbGGLXaU69gpIQ.roa
File: 1kFyUEkNaNG0UBbGGLXaU69gpIQ.roa (raw, json)
Hash identifier: sDBBSedfhyunOA+vkb8h0iBmPQE5aRKNTqQB6nYU1fM=
Subject key identifier: D6:41:72:50:49:0D:68:D1:B4:50:16:C6:18:B5:DA:53:AF:60:A4:84
Certificate issuer: /CN=f1dd795be36e4b5b309ebc8e04ea7394135c714c
Certificate serial: 018CC86F4BCD0E8C525B7AE88B9726B5F845
Authority key identifier: F1:DD:79:5B:E3:6E:4B:5B:30:9E:BC:8E:04:EA:73:94:13:5C:71:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8d15W-NuS1swnryOBOpzlBNccUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/1kFyUEkNaNG0UBbGGLXaU69gpIQ.roa
Signing time: Tue 02 Jan 2024 04:29:46 +0000
ROA not before: Tue 02 Jan 2024 04:29:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209979
IP address blocks: 194.35.103.0/24 maxlen: 24
194.35.100.0/22 maxlen: 22
194.35.100.0/24 maxlen: 24
194.35.101.0/24 maxlen: 24
194.35.102.0/24 maxlen: 24
2a09:c580::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/8d15W-NuS1swnryOBOpzlBNccUw.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/8d15W-NuS1swnryOBOpzlBNccUw.mft
rsync://rpki.ripe.net/repository/DEFAULT/8d15W-NuS1swnryOBOpzlBNccUw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 May 2024 22:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:4b:cd:0e:8c:52:5b:7a:e8:8b:97:26:b5:f8:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1dd795be36e4b5b309ebc8e04ea7394135c714c
Validity
Not Before: Jan 2 04:29:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d6417250490d68d1b45016c618b5da53af60a484
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:85:4b:38:8f:53:c9:40:ab:95:cb:e6:42:52:
da:7d:2c:fd:b6:48:47:e2:37:89:0d:b4:23:b1:14:
2b:ab:cc:88:59:4d:47:0c:16:9a:1e:20:b9:a6:ed:
0f:bf:04:ec:54:90:3d:87:16:03:90:03:fe:47:9d:
cc:3b:b3:37:eb:8c:98:60:1a:8c:51:69:2a:30:3c:
31:0b:4b:66:22:6e:a7:6d:41:b7:31:8c:4c:e7:bb:
a3:85:0b:69:fc:e2:3e:1a:c0:e7:c6:9c:3e:c5:a7:
65:8d:89:b7:9b:a4:f2:e0:8a:3a:d6:e5:b5:7e:ce:
f6:5e:b6:94:d7:3d:42:18:83:7d:dd:85:ed:0e:fd:
d4:41:90:27:34:0f:10:75:ef:ae:4a:f7:1e:11:16:
4d:94:44:b9:4d:f7:1c:3f:09:01:33:d4:6c:aa:ed:
93:ce:c4:a8:d5:16:db:91:f8:cb:10:17:91:08:87:
ae:61:3a:11:55:65:38:3c:fe:fd:d2:d0:63:f0:cb:
33:ff:0a:e3:01:f0:e2:47:25:8a:7e:de:56:8c:2c:
e8:16:f9:b6:a0:95:3a:d3:39:70:4d:73:74:42:9f:
87:c2:82:5f:1a:aa:23:4e:c9:7a:14:0c:ab:62:6f:
16:88:a1:17:21:da:9e:0c:5c:74:f6:b0:f0:b0:68:
c0:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:41:72:50:49:0D:68:D1:B4:50:16:C6:18:B5:DA:53:AF:60:A4:84
X509v3 Authority Key Identifier:
keyid:F1:DD:79:5B:E3:6E:4B:5B:30:9E:BC:8E:04:EA:73:94:13:5C:71:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d15W-NuS1swnryOBOpzlBNccUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/1kFyUEkNaNG0UBbGGLXaU69gpIQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/8d15W-NuS1swnryOBOpzlBNccUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.35.100.0/22
IPv6:
2a09:c580::/32
Signature Algorithm: sha256WithRSAEncryption
90:c2:75:8b:9b:ef:07:0a:86:28:c8:af:8a:1f:43:6c:51:42:
8c:0a:09:20:58:3b:e8:b0:9b:4a:02:b0:ac:80:2c:a9:cb:7a:
f5:21:30:5d:52:03:28:26:f6:00:e5:c4:96:da:27:68:c9:f2:
a8:18:67:ad:23:2a:0e:1c:11:03:38:b0:5e:5d:6a:fb:70:52:
e4:3d:36:b8:ad:d8:76:4d:78:6d:a1:22:73:12:62:48:23:9b:
67:04:07:89:45:1a:25:bb:62:f5:cf:bc:7b:3d:fd:95:b0:d7:
d7:7b:df:5c:82:20:c5:d8:a9:33:fd:9d:ca:fa:43:65:96:1d:
84:f9:e9:48:16:b0:8f:ed:93:92:90:e8:e4:50:a7:ea:f6:49:
3e:cf:0e:3d:cb:4d:2c:16:41:24:15:84:1d:19:be:f5:0b:44:
21:86:45:7e:a5:ea:43:23:30:8c:09:a3:c7:35:d9:07:ed:43:
30:fb:16:82:71:92:04:ca:bf:5b:e6:4f:80:8d:c7:73:04:aa:
64:35:b2:91:55:35:25:e4:eb:56:07:63:7a:d0:df:e3:80:6f:
50:bc:a6:be:5b:10:87:e2:8b:fd:f9:99:37:4a:e3:f8:ec:f6:
f4:57:aa:20:b6:1e:6c:40:ad:ee:08:e9:36:78:bf:4f:83:41:
45:5f:de:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb0vNDoxSW3roi5cmtfhFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZGQ3OTViZTM2ZTRiNWIzMDllYmM4ZTA0ZWE3Mzk0MTM1
YzcxNGMwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQxNzI1MDQ5MGQ2OGQxYjQ1MDE2YzYxOGI1ZGE1M2FmNjBhNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIVLOI9TyUCrlcvmQlLafSz9tkhH
4jeJDbQjsRQrq8yIWU1HDBaaHiC5pu0PvwTsVJA9hxYDkAP+R53MO7M364yYYBqM
UWkqMDwxC0tmIm6nbUG3MYxM57ujhQtp/OI+GsDnxpw+xadljYm3m6Ty4Io61uW1
fs72XraU1z1CGIN93YXtDv3UQZAnNA8Qde+uSvceERZNlES5TfccPwkBM9Rsqu2T
zsSo1RbbkfjLEBeRCIeuYToRVWU4PP790tBj8Msz/wrjAfDiRyWKft5WjCzoFvm2
oJU60zlwTXN0Qp+HwoJfGqojTsl6FAyrYm8WiKEXIdqeDFx09rDwsGjAjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNZBclBJDWjRtFAWxhi12lOvYKSEMB8GA1UdIwQY
MBaAFPHdeVvjbktbMJ68jgTqc5QTXHFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGQxNVctTnVTMXN3bnJ5T0JPcHpsQk5jY1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85NzliZGItMDFhMy00ZDE3LTg3NDYt
ZmU0NDc3MmQ1YWUxLzEvMWtGeVVFa05hTkcwVUJiR0dMWGFVNjlncElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85NzliZGItMDFhMy00ZDE3LTg3NDYtZmU0NDc3MmQ1YWUx
LzEvOGQxNVctTnVTMXN3bnJ5T0JPcHpsQk5jY1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwiNkMA0E
AgACMAcDBQAqCcWAMA0GCSqGSIb3DQEBCwUAA4IBAQCQwnWLm+8HCoYoyK+KH0Ns
UUKMCgkgWDvosJtKArCsgCypy3r1ITBdUgMoJvYA5cSW2idoyfKoGGetIyoOHBED
OLBeXWr7cFLkPTa4rdh2TXhtoSJzEmJII5tnBAeJRRolu2L1z7x7Pf2VsNfXe99c
giDF2Kkz/Z3K+kNllh2E+elIFrCP7ZOSkOjkUKfq9kk+zw49y00sFkEkFYQdGb71
C0QhhkV+pepDIzCMCaPHNdkH7UMw+xaCcZIEyr9b5k+AjcdzBKpkNbKRVTUl5OtW
B2N60N/jgG9QvKa+WxCH4ov9+Zk3SuP47Pb0V6ogth5sQK3uCOk2eL9Pg0FFX96P
-----END CERTIFICATE-----
Generated at Wed May 29 01:42:38 2024 by rpki-client on console-fra.rpki-client.org