Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/heDjWEuHWNO2Grnk_3QQezwQObY.roa
File: heDjWEuHWNO2Grnk_3QQezwQObY.roa (raw, json)
Hash identifier: qVuQzHq2mulISpbigdL+ET5trhJ3UrAgDOuLfrRfYR0=
Subject key identifier: 85:E0:E3:58:4B:87:58:D3:B6:1A:B9:E4:FF:74:10:7B:3C:10:39:B6
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0191BB86DA43E114F651A8B84D171F0AA0FD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/heDjWEuHWNO2Grnk_3QQezwQObY.roa
Signing time: Wed 04 Sep 2024 05:34:22 +0000
ROA not before: Wed 04 Sep 2024 05:34:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42831
IP address blocks: 89.40.92.0/24 maxlen: 24
178.239.198.0/24 maxlen: 24
178.239.204.0/24 maxlen: 24
185.192.70.0/24 maxlen: 24
185.228.225.0/24 maxlen: 24
194.32.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 23:17:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:bb:86:da:43:e1:14:f6:51:a8:b8:4d:17:1f:0a:a0:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Sep 4 05:34:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85e0e3584b8758d3b61ab9e4ff74107b3c1039b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:77:50:0f:1c:42:7b:7e:fd:33:7e:0a:bd:c0:
ee:05:a9:b3:c5:19:c8:8d:9d:c9:ee:9f:2c:e1:81:
bc:bb:23:00:6d:c9:d6:ba:59:7f:29:0f:10:af:04:
d0:42:d4:b8:9d:71:84:e2:23:ae:54:d1:af:a0:6d:
5b:6c:7d:26:72:7d:14:b7:84:4f:5b:05:22:37:45:
a1:33:55:d3:e3:27:d0:57:65:7a:07:9e:92:ca:0a:
a9:02:65:dc:10:46:8a:8f:29:f1:0d:13:7e:48:a2:
e6:35:49:b2:a3:d5:3f:48:b0:17:8e:44:67:94:70:
09:b9:84:96:bf:35:27:45:4b:59:63:f2:8c:a4:07:
eb:de:b5:65:35:26:bb:54:e1:9a:0d:66:50:e6:73:
97:d9:51:83:35:f8:1b:ab:0a:15:91:f9:08:8c:d5:
4d:16:63:aa:17:a3:ef:36:55:ed:db:06:5d:25:22:
10:8a:09:78:2f:5f:17:a4:aa:57:8b:b0:7a:ad:1a:
cc:92:90:7d:63:92:b6:77:f1:b2:5e:ec:ba:a4:7b:
df:cf:aa:a2:97:1c:70:8b:0c:0c:af:39:0b:86:fd:
b7:fd:c2:79:02:0e:57:ed:20:5c:b3:c1:26:2e:9a:
83:f3:95:b1:67:d1:ba:b5:49:66:41:3c:88:19:21:
86:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:E0:E3:58:4B:87:58:D3:B6:1A:B9:E4:FF:74:10:7B:3C:10:39:B6
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/heDjWEuHWNO2Grnk_3QQezwQObY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.92.0/24
178.239.198.0/24
178.239.204.0/24
185.192.70.0/24
185.228.225.0/24
194.32.120.0/24
Signature Algorithm: sha256WithRSAEncryption
65:4e:c5:14:56:d1:d4:ed:19:d0:fb:0f:e5:d3:e3:bb:bf:3e:
2a:b7:a9:9f:5f:78:e6:40:06:07:9d:c6:81:f2:d5:cf:1e:4a:
0b:d6:a1:85:33:a8:90:e8:ce:ab:69:59:1f:4b:bc:50:1f:f7:
6f:0e:4b:c3:a3:98:c7:1d:ee:b9:da:01:81:78:74:33:e6:47:
6f:67:5d:6d:20:47:b1:81:f6:fc:cc:86:97:f7:5d:ab:ea:54:
1b:f0:42:9b:eb:2d:cd:79:a8:6d:7c:1c:2a:bd:ca:f9:76:a4:
a1:05:da:5e:99:07:fb:8b:99:db:7f:04:e0:cd:3f:d7:d9:a1:
1f:99:58:4f:b3:4e:8a:3e:8a:02:0c:e1:48:3f:c5:b7:d5:f1:
b5:eb:61:09:05:00:a8:96:e7:96:db:fe:ff:44:b5:94:04:84:
f7:9e:b6:30:68:41:36:46:e0:eb:3b:d6:7d:8b:ed:1d:ef:da:
5b:26:a6:7f:5f:fb:41:0d:41:a3:c4:9d:f0:c8:a5:67:3f:6d:
27:20:3c:5f:56:a0:41:92:53:f2:56:fe:ec:0f:b3:38:5a:a2:
c5:a3:5b:e8:67:78:ee:15:89:8e:5f:ea:30:9b:7f:f4:10:2e:
5a:52:f8:d6:b5:40:92:9b:33:a9:b3:02:a0:6a:13:10:66:82:
a0:37:73:04
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZG7htpD4RT2Uai4TRcfCqD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwOTA0MDUzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWUwZTM1ODRiODc1OGQzYjYxYWI5ZTRmZjc0MTA3YjNjMTAzOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6XdQDxxCe379M34KvcDuBamzxRnI
jZ3J7p8s4YG8uyMAbcnWull/KQ8QrwTQQtS4nXGE4iOuVNGvoG1bbH0mcn0Ut4RP
WwUiN0WhM1XT4yfQV2V6B56SygqpAmXcEEaKjynxDRN+SKLmNUmyo9U/SLAXjkRn
lHAJuYSWvzUnRUtZY/KMpAfr3rVlNSa7VOGaDWZQ5nOX2VGDNfgbqwoVkfkIjNVN
FmOqF6PvNlXt2wZdJSIQigl4L18XpKpXi7B6rRrMkpB9Y5K2d/GyXuy6pHvfz6qi
lxxwiwwMrzkLhv23/cJ5Ag5X7SBcs8EmLpqD85WxZ9G6tUlmQTyIGSGGCwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIXg41hLh1jTthq55P90EHs8EDm2MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaGVEaldFdUhXTk8yR3Jua18zUVFlendRT2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAWShcAwQA
su/GAwQAsu/MAwQAucBGAwQAueThAwQAwiB4MA0GCSqGSIb3DQEBCwUAA4IBAQBl
TsUUVtHU7RnQ+w/l0+O7vz4qt6mfX3jmQAYHncaB8tXPHkoL1qGFM6iQ6M6raVkf
S7xQH/dvDkvDo5jHHe652gGBeHQz5kdvZ11tIEexgfb8zIaX912r6lQb8EKb6y3N
eahtfBwqvcr5dqShBdpemQf7i5nbfwTgzT/X2aEfmVhPs06KPooCDOFIP8W31fG1
62EJBQColueW2/7/RLWUBIT3nrYwaEE2RuDrO9Z9i+0d79pbJqZ/X/tBDUGjxJ3w
yKVnP20nIDxfVqBBklPyVv7sD7M4WqLFo1voZ3juFYmOX+owm3/0EC5aUvjWtUCS
mzOpswKgahMQZoKgN3ME
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:57:05 2024 by rpki-client on console-ams.rpki-client.org