Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/5HLYGombSXu1TbsAZMChuHu8PkQ.roa
File: 5HLYGombSXu1TbsAZMChuHu8PkQ.roa (raw, json)
Hash identifier: zK2L9ewspjYTWwC64HvewG2kGVOHUK1t9HFdEAPX1vE=
Subject key identifier: E4:72:D8:1A:89:9B:49:7B:B5:4D:BB:00:64:C0:A1:B8:7B:BC:3E:44
Certificate issuer: /CN=f16b28416ddbf39fb24b0996686acface76c98d5
Certificate serial: 018CC801BD6AA18A1AFCFEA8600DA4B25C87
Authority key identifier: F1:6B:28:41:6D:DB:F3:9F:B2:4B:09:96:68:6A:CF:AC:E7:6C:98:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8WsoQW3b85-ySwmWaGrPrOdsmNU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/5HLYGombSXu1TbsAZMChuHu8PkQ.roa
Signing time: Tue 02 Jan 2024 02:30:06 +0000
ROA not before: Tue 02 Jan 2024 02:30:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209754
IP address blocks: 85.119.104.0/21 maxlen: 24
185.85.112.0/22 maxlen: 24
185.85.112.0/23 maxlen: 24
185.85.112.0/24 maxlen: 24
185.85.113.0/24 maxlen: 24
185.85.114.0/24 maxlen: 24
185.85.114.0/23 maxlen: 23
185.85.115.0/24 maxlen: 24
2a01:9780::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/8WsoQW3b85-ySwmWaGrPrOdsmNU.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/8WsoQW3b85-ySwmWaGrPrOdsmNU.mft
rsync://rpki.ripe.net/repository/DEFAULT/8WsoQW3b85-ySwmWaGrPrOdsmNU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Dec 2024 18:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:bd:6a:a1:8a:1a:fc:fe:a8:60:0d:a4:b2:5c:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f16b28416ddbf39fb24b0996686acface76c98d5
Validity
Not Before: Jan 2 02:30:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e472d81a899b497bb54dbb0064c0a1b87bbc3e44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:0e:15:be:c9:e3:09:7f:e8:da:15:a2:5f:fa:
f8:c3:e7:57:81:ea:ea:d7:76:64:ad:58:79:c4:b1:
d9:aa:3e:a1:5a:8e:06:2e:4d:74:81:55:bd:15:3b:
91:9f:0c:68:43:bd:12:ee:26:3b:73:70:14:4c:03:
16:9e:4e:88:1f:c5:86:45:3b:42:9d:b6:7f:7e:f2:
6c:4e:c6:8c:a6:98:33:9c:ec:78:4e:c3:6c:5c:52:
42:4a:27:9d:0f:89:90:e9:1a:90:4e:6e:02:fc:49:
ec:8c:f5:ed:ab:21:45:18:66:53:f4:89:22:3e:58:
6c:7b:d6:f8:96:64:20:da:a4:df:2f:21:ea:5f:22:
e5:38:6e:da:42:d8:b8:b4:1d:8f:36:d9:2d:93:d4:
73:83:aa:a9:bc:74:fa:05:9d:51:e3:08:16:52:55:
3e:3e:b3:e9:c1:45:e8:3e:46:68:e8:d1:c3:af:23:
75:16:0f:5f:f2:b1:62:da:90:3a:36:f2:98:a0:33:
0f:be:f4:66:20:31:2f:fe:e7:c0:ad:16:7e:50:1a:
b3:7f:93:b4:12:a1:5c:53:b3:c1:30:5a:89:04:68:
09:09:83:c1:79:9d:e2:d4:0f:03:d4:74:f9:bb:1b:
c7:f2:6f:77:31:a0:85:7f:0f:21:0a:9b:a7:28:f6:
0a:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:72:D8:1A:89:9B:49:7B:B5:4D:BB:00:64:C0:A1:B8:7B:BC:3E:44
X509v3 Authority Key Identifier:
keyid:F1:6B:28:41:6D:DB:F3:9F:B2:4B:09:96:68:6A:CF:AC:E7:6C:98:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8WsoQW3b85-ySwmWaGrPrOdsmNU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/5HLYGombSXu1TbsAZMChuHu8PkQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/8WsoQW3b85-ySwmWaGrPrOdsmNU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.119.104.0/21
185.85.112.0/22
IPv6:
2a01:9780::/32
Signature Algorithm: sha256WithRSAEncryption
51:db:fa:47:d5:02:3c:44:c2:c0:b8:fb:1b:3d:50:35:42:5f:
d1:ac:fb:79:d9:63:99:1b:a6:88:dd:d3:84:17:02:c7:ca:4a:
c6:6c:a3:3d:b1:f1:e4:5b:b2:65:5e:5e:cb:23:6a:9d:61:88:
8f:98:86:ad:f9:20:0c:94:aa:bc:7d:f5:59:f2:dc:79:9a:cc:
60:d2:4c:b7:ac:17:05:8b:b0:2c:86:b2:d9:be:e8:97:ff:db:
30:01:8c:1f:7e:79:d0:89:f1:b6:82:4e:dc:a2:f3:15:9c:8c:
c7:20:5e:a7:20:84:4a:90:c6:89:5b:36:13:ae:36:6f:e1:cd:
0a:be:f8:fb:85:c9:50:09:cd:71:e3:9e:7c:2c:49:56:ce:fe:
fa:a1:13:c2:81:0e:92:4b:bd:b9:a9:75:b9:9b:4b:17:76:d2:
89:aa:66:2a:0d:a5:b6:50:e4:ea:63:9a:f2:29:df:62:27:16:
b7:95:0e:26:fb:b6:37:ee:ca:52:78:92:f3:15:30:2b:a3:c2:
4c:f9:39:53:9f:46:4b:07:ef:84:74:cf:ae:24:fd:65:df:1e:
1b:f8:f2:12:0c:be:18:5c:7f:a9:a7:cb:59:78:e3:d1:f2:9e:
06:58:79:59:05:85:7c:7d:dc:ea:3e:11:7d:0a:a8:67:38:f8:
16:14:93:41
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAb1qoYoa/P6oYA2kslyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNmIyODQxNmRkYmYzOWZiMjRiMDk5NjY4NmFjZmFjZTc2
Yzk4ZDUwHhcNMjQwMTAyMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDcyZDgxYTg5OWI0OTdiYjU0ZGJiMDA2NGMwYTFiODdiYmMzZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA4VvsnjCX/o2hWiX/r4w+dXgerq
13ZkrVh5xLHZqj6hWo4GLk10gVW9FTuRnwxoQ70S7iY7c3AUTAMWnk6IH8WGRTtC
nbZ/fvJsTsaMppgznOx4TsNsXFJCSiedD4mQ6RqQTm4C/EnsjPXtqyFFGGZT9Iki
Plhse9b4lmQg2qTfLyHqXyLlOG7aQti4tB2PNtktk9Rzg6qpvHT6BZ1R4wgWUlU+
PrPpwUXoPkZo6NHDryN1Fg9f8rFi2pA6NvKYoDMPvvRmIDEv/ufArRZ+UBqzf5O0
EqFcU7PBMFqJBGgJCYPBeZ3i1A8D1HT5uxvH8m93MaCFfw8hCpunKPYKiQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFORy2BqJm0l7tU27AGTAobh7vD5EMB8GA1UdIwQY
MBaAFPFrKEFt2/OfsksJlmhqz6znbJjVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFdzb1FXM2I4NS15U3dtV2FHclByT2RzbU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9iMTY1Y2EtMmYzMy00ZThlLWE4OTYt
Y2RhYTU4MTUxOGYzLzEvNUhMWUdvbWJTWHUxVGJzQVpNQ2h1SHU4UGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9iMTY1Y2EtMmYzMy00ZThlLWE4OTYtY2RhYTU4MTUxOGYz
LzEvOFdzb1FXM2I4NS15U3dtV2FHclByT2RzbU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDVXdoAwQC
uVVwMA0EAgACMAcDBQAqAZeAMA0GCSqGSIb3DQEBCwUAA4IBAQBR2/pH1QI8RMLA
uPsbPVA1Ql/RrPt52WOZG6aI3dOEFwLHykrGbKM9sfHkW7JlXl7LI2qdYYiPmIat
+SAMlKq8ffVZ8tx5msxg0ky3rBcFi7AshrLZvuiX/9swAYwffnnQifG2gk7covMV
nIzHIF6nIIRKkMaJWzYTrjZv4c0Kvvj7hclQCc1x4558LElWzv76oRPCgQ6SS725
qXW5m0sXdtKJqmYqDaW2UOTqY5ryKd9iJxa3lQ4m+7Y37spSeJLzFTAro8JM+TlT
n0ZLB++EdM+uJP1l3x4b+PISDL4YXH+pp8tZeOPR8p4GWHlZBYV8fdzqPhF9Cqhn
OPgWFJNB
-----END CERTIFICATE-----
Generated at Fri Dec 27 23:54:07 2024 by rpki-client on console-fra.rpki-client.org