Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/CH1fl6WexykPoDayWvPmQ-sD1wc.roa
File: CH1fl6WexykPoDayWvPmQ-sD1wc.roa (raw, json)
Hash identifier: HbqT26ZpcMSbdvWRL+5JKal/TKMYKW/jjpuTSRHhXws=
Subject key identifier: 08:7D:5F:97:A5:9E:C7:29:0F:A0:36:B2:5A:F3:E6:43:EB:03:D7:07
Certificate issuer: /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial: 018CCA99DCA1F2E1FFF48EA179C941FE4E8F
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/CH1fl6WexykPoDayWvPmQ-sD1wc.roa
Signing time: Tue 02 Jan 2024 14:35:30 +0000
ROA not before: Tue 02 Jan 2024 14:35:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35577
IP address blocks: 193.33.33.0/24 maxlen: 24
194.117.234.0/24 maxlen: 24
194.117.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.mft
rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 06:00:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:99:dc:a1:f2:e1:ff:f4:8e:a1:79:c9:41:fe:4e:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Validity
Not Before: Jan 2 14:35:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=087d5f97a59ec7290fa036b25af3e643eb03d707
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:d6:16:eb:db:cf:bd:5f:8d:19:e9:d2:f2:18:
a3:9f:54:fa:ec:56:56:a6:2a:70:53:90:12:13:39:
5c:51:0d:73:b6:94:6f:8e:a2:ac:33:54:f4:86:82:
a2:6a:0f:1d:bd:b1:fd:ad:06:56:1c:89:92:fa:7c:
60:48:00:2f:b4:13:a4:39:30:dc:a8:7f:4f:f9:38:
68:d9:0d:c2:78:70:ee:ef:b0:74:10:1e:56:5c:92:
0c:dc:a7:a9:e1:f2:84:72:24:a6:03:99:7a:c6:0c:
f8:94:14:85:34:48:ce:f8:93:45:e9:cc:aa:54:f9:
8a:13:ba:dd:a8:2c:60:ac:1f:aa:58:23:85:08:a2:
90:5b:c7:e9:19:76:a0:10:7c:1a:55:20:a3:58:33:
18:3c:0c:0c:99:fe:27:6b:06:75:5b:6e:ae:bd:ca:
6c:ae:b5:b4:97:42:34:3a:2a:f7:28:2b:65:82:1f:
9f:0d:ac:c2:b3:79:18:e0:29:50:e4:a9:e6:af:b9:
58:3d:7b:72:6c:70:86:40:11:74:e0:dc:13:96:bb:
8d:15:0d:f5:a0:b1:cc:4c:c7:5a:18:7c:e9:ed:28:
a9:a8:5e:9e:37:f8:0d:2e:e7:ca:73:07:df:01:33:
0d:d0:36:23:db:c3:41:cc:ee:b2:a1:b6:d0:54:59:
d4:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:7D:5F:97:A5:9E:C7:29:0F:A0:36:B2:5A:F3:E6:43:EB:03:D7:07
X509v3 Authority Key Identifier:
keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/CH1fl6WexykPoDayWvPmQ-sD1wc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.33.33.0/24
194.117.234.0/23
Signature Algorithm: sha256WithRSAEncryption
7c:84:a5:4c:95:f0:22:ed:6c:48:87:b6:28:95:d7:14:1c:a5:
87:5f:7c:eb:0d:42:e1:d2:dc:ee:6a:86:4e:9a:84:8f:fa:8c:
fb:a8:19:12:50:42:0c:84:0a:cb:ff:dc:09:1a:3a:ef:64:2b:
90:5c:d6:3d:af:b0:b8:92:16:bd:1e:36:fe:48:87:cc:92:96:
0d:8c:cc:a3:ee:16:84:f2:b6:c8:1d:e6:06:ec:c4:bd:1e:97:
c7:c0:c2:fa:64:3f:61:8e:b0:55:d0:37:1f:2d:6b:4c:34:65:
31:72:b9:58:9d:c8:17:5f:29:66:18:b8:76:49:e0:75:15:4e:
67:8c:32:7e:90:aa:07:6c:8b:83:be:68:1d:9c:d6:71:7a:2e:
68:de:54:2d:df:be:0d:99:32:12:29:8a:68:22:91:da:44:e9:
ec:3e:82:9e:07:69:9f:a4:8a:78:77:6d:38:b3:5f:78:33:bd:
2e:cf:cc:20:74:04:7a:3f:6e:35:83:c2:75:ce:59:9e:d3:7f:
d5:d1:e5:1f:55:14:e1:31:3b:71:20:b5:cc:b3:0d:e6:00:c5:
a4:d6:75:63:bf:bb:e4:94:e6:f9:0d:5e:24:a6:84:2f:03:21:
63:8b:62:51:3b:9d:2d:20:5e:06:ad:4a:ef:f6:91:5f:d5:89:
25:11:1a:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmdyh8uH/9I6heclB/k6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjQwMTAyMTQzNTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODdkNWY5N2E1OWVjNzI5MGZhMDM2YjI1YWYzZTY0M2ViMDNkNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tYW69vPvV+NGenS8hijn1T67FZW
pipwU5ASEzlcUQ1ztpRvjqKsM1T0hoKiag8dvbH9rQZWHImS+nxgSAAvtBOkOTDc
qH9P+Tho2Q3CeHDu77B0EB5WXJIM3Kep4fKEciSmA5l6xgz4lBSFNEjO+JNF6cyq
VPmKE7rdqCxgrB+qWCOFCKKQW8fpGXagEHwaVSCjWDMYPAwMmf4nawZ1W26uvcps
rrW0l0I0Oir3KCtlgh+fDazCs3kY4ClQ5Knmr7lYPXtybHCGQBF04NwTlruNFQ31
oLHMTMdaGHzp7SipqF6eN/gNLufKcwffATMN0DYj28NBzO6yobbQVFnUYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAh9X5elnscpD6A2slrz5kPrA9cHMB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvQ0gxZmw2V2V4eWtQb0RheVd2UG1RLXNEMXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSEhAwQB
wnXqMA0GCSqGSIb3DQEBCwUAA4IBAQB8hKVMlfAi7WxIh7YoldcUHKWHX3zrDULh
0tzuaoZOmoSP+oz7qBkSUEIMhArL/9wJGjrvZCuQXNY9r7C4kha9Hjb+SIfMkpYN
jMyj7haE8rbIHeYG7MS9HpfHwML6ZD9hjrBV0DcfLWtMNGUxcrlYncgXXylmGLh2
SeB1FU5njDJ+kKoHbIuDvmgdnNZxei5o3lQt374NmTISKYpoIpHaROnsPoKeB2mf
pIp4d204s194M70uz8wgdAR6P241g8J1zlme03/V0eUfVRThMTtxILXMsw3mAMWk
1nVjv7vklOb5DV4kpoQvAyFji2JRO50tIF4GrUrv9pFf1YklERoe
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:57:07 2024 by rpki-client on console-ams.rpki-client.org