Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/AbH39CNig5UUV469cMsRZcQqZIc.roa
File: AbH39CNig5UUV469cMsRZcQqZIc.roa (raw, json)
Hash identifier: C1KWBZj3xrQK+ETlQkvLNY6As+/1Q7IYpeaKv8R82Ik=
Subject key identifier: 01:B1:F7:F4:23:62:83:95:14:57:8E:BD:70:CB:11:65:C4:2A:64:87
Certificate issuer: /CN=72b8d533e2519b68adcb3b7be359b93357e2b1cb
Certificate serial: 018CC2DB20D4D103F68F40E0D86BA7F7FCC0
Authority key identifier: 72:B8:D5:33:E2:51:9B:68:AD:CB:3B:7B:E3:59:B9:33:57:E2:B1:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crjVM-JRm2ityzt741m5M1fiscs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/AbH39CNig5UUV469cMsRZcQqZIc.roa
Signing time: Mon 01 Jan 2024 02:29:49 +0000
ROA not before: Mon 01 Jan 2024 02:29:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48635
IP address blocks: 128.140.216.0/21 maxlen: 24
185.231.200.0/22 maxlen: 24
62.84.240.0/21 maxlen: 24
91.203.76.0/22 maxlen: 24
109.70.0.0/21 maxlen: 24
46.17.0.0/21 maxlen: 24
185.89.4.0/22 maxlen: 24
185.27.140.0/22 maxlen: 24
2a02:2968::/29 maxlen: 48
2a05:cfc0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/crjVM-JRm2ityzt741m5M1fiscs.crl
rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/crjVM-JRm2ityzt741m5M1fiscs.mft
rsync://rpki.ripe.net/repository/DEFAULT/crjVM-JRm2ityzt741m5M1fiscs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 14:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:20:d4:d1:03:f6:8f:40:e0:d8:6b:a7:f7:fc:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b8d533e2519b68adcb3b7be359b93357e2b1cb
Validity
Not Before: Jan 1 02:29:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=01b1f7f42362839514578ebd70cb1165c42a6487
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:57:71:f9:8a:7d:bb:75:6a:40:e6:49:54:b8:
5a:78:2b:96:54:c2:dc:2c:f1:f0:80:a1:91:74:bb:
28:9f:91:ee:2d:08:f7:ce:6a:4f:26:a8:37:22:1e:
36:e1:aa:ca:0e:9b:f1:f1:be:a8:5e:71:9a:80:1e:
97:e0:ae:75:65:0e:ea:ed:77:b5:19:cf:f5:af:45:
a2:f5:57:12:83:9c:11:14:42:ff:30:19:0a:e7:88:
b2:cd:7e:ad:08:04:2f:73:58:6d:82:b9:4a:95:c4:
18:c8:77:67:83:23:cd:27:52:36:09:97:ce:c9:bd:
aa:f5:17:3a:c6:c2:97:99:11:79:3e:aa:1d:ae:e6:
24:9e:93:fa:d0:e9:c3:92:65:42:c1:44:67:50:4f:
03:2b:07:79:c7:ff:bc:c0:3f:2b:f5:b9:e3:5e:c8:
ff:ff:e3:0e:fb:71:70:a2:a0:0d:a4:68:25:ed:dc:
1b:a8:25:9e:de:a4:4f:04:55:a7:08:98:ff:47:c9:
0d:d8:23:9b:44:6c:da:92:5e:7c:63:10:8f:f9:57:
65:0d:71:77:5e:4e:b2:cc:13:6e:81:d1:80:70:77:
7a:7f:7f:32:6d:6f:68:57:ae:a9:de:98:2b:3b:90:
4c:25:fe:01:dc:ef:f7:e7:9b:2a:d3:b9:38:e8:9d:
ed:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:B1:F7:F4:23:62:83:95:14:57:8E:BD:70:CB:11:65:C4:2A:64:87
X509v3 Authority Key Identifier:
keyid:72:B8:D5:33:E2:51:9B:68:AD:CB:3B:7B:E3:59:B9:33:57:E2:B1:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crjVM-JRm2ityzt741m5M1fiscs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/AbH39CNig5UUV469cMsRZcQqZIc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/crjVM-JRm2ityzt741m5M1fiscs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.17.0.0/21
62.84.240.0/21
91.203.76.0/22
109.70.0.0/21
128.140.216.0/21
185.27.140.0/22
185.89.4.0/22
185.231.200.0/22
IPv6:
2a02:2968::/29
2a05:cfc0::/29
Signature Algorithm: sha256WithRSAEncryption
9b:ec:94:b3:df:9a:34:21:e3:a0:8f:9a:99:33:d6:d8:21:41:
da:a9:0d:4c:c4:e9:96:e2:99:5d:0b:86:62:11:df:38:0e:7f:
d0:b8:11:06:b0:e2:f3:bd:ac:eb:8d:c7:3b:ee:2d:c8:7d:af:
7a:6d:6e:c1:4d:98:ae:5e:63:28:71:8f:b6:51:ab:f4:f8:d9:
20:26:3e:50:db:d9:37:98:2a:03:e2:f6:6b:c7:49:31:ac:cb:
ad:4e:b6:b8:9f:ea:d0:50:8d:a4:6a:73:45:a0:5b:c3:f2:2e:
11:7b:05:9f:3e:4e:54:e3:36:4c:3f:94:78:cf:28:e5:da:b6:
1e:63:bf:19:e1:36:fb:d3:d8:a4:9c:a5:19:12:96:1e:88:59:
71:bf:5d:bc:b2:0a:59:f6:cc:6f:19:db:35:58:6d:92:12:b5:
12:c6:52:3b:ed:8f:cd:f1:4f:67:82:97:82:5e:9e:f0:45:0f:
74:3c:03:0d:90:ef:12:6a:c7:64:79:25:fb:9c:9a:c8:fc:2d:
00:7f:12:ef:76:14:e8:ab:d1:08:fc:36:39:32:3f:92:f0:62:
e5:78:ee:d8:44:76:1c:c8:06:78:85:52:fb:ea:6c:fc:36:72:
ad:dc:4f:33:31:19:21:5a:c2:aa:8b:a1:f5:b4:dc:2c:db:31:
da:04:c3:f1
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzC2yDU0QP2j0Dg2Gun9/zAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjhkNTMzZTI1MTliNjhhZGNiM2I3YmUzNTliOTMzNTdl
MmIxY2IwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWIxZjdmNDIzNjI4Mzk1MTQ1NzhlYmQ3MGNiMTE2NWM0MmE2NDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1dx+Yp9u3VqQOZJVLhaeCuWVMLc
LPHwgKGRdLson5HuLQj3zmpPJqg3Ih424arKDpvx8b6oXnGagB6X4K51ZQ7q7Xe1
Gc/1r0Wi9VcSg5wRFEL/MBkK54iyzX6tCAQvc1htgrlKlcQYyHdngyPNJ1I2CZfO
yb2q9Rc6xsKXmRF5PqodruYknpP60OnDkmVCwURnUE8DKwd5x/+8wD8r9bnjXsj/
/+MO+3FwoqANpGgl7dwbqCWe3qRPBFWnCJj/R8kN2CObRGzakl58YxCP+VdlDXF3
Xk6yzBNugdGAcHd6f38ybW9oV66p3pgrO5BMJf4B3O/355sq07k46J3tcwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAGx9/QjYoOVFFeOvXDLEWXEKmSHMB8GA1UdIwQY
MBaAFHK41TPiUZtorcs7e+NZuTNX4rHLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JqVk0tSlJtMml0eXp0NzQxbTVNMWZpc2NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83MjA3MjAtMjdiNy00NWNhLWE5Yzgt
ZTE1YmQ3OWMzOWMzLzEvQWJIMzlDTmlnNVVVVjQ2OWNNc1JaY1FxWkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83MjA3MjAtMjdiNy00NWNhLWE5YzgtZTE1YmQ3OWMzOWMz
LzEvY3JqVk0tSlJtMml0eXp0NzQxbTVNMWZpc2NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDLhEAAwQD
PlTwAwQCW8tMAwQDbUYAAwQDgIzYAwQCuRuMAwQCuVkEAwQCuefIMBQEAgACMA4D
BQMqAiloAwUDKgXPwDANBgkqhkiG9w0BAQsFAAOCAQEAm+yUs9+aNCHjoI+amTPW
2CFB2qkNTMTpluKZXQuGYhHfOA5/0LgRBrDi872s643HO+4tyH2vem1uwU2Yrl5j
KHGPtlGr9PjZICY+UNvZN5gqA+L2a8dJMazLrU62uJ/q0FCNpGpzRaBbw/IuEXsF
nz5OVOM2TD+UeM8o5dq2HmO/GeE2+9PYpJylGRKWHohZcb9dvLIKWfbMbxnbNVht
khK1EsZSO+2PzfFPZ4KXgl6e8EUPdDwDDZDvEmrHZHkl+5yayPwtAH8S73YU6KvR
CPw2OTI/kvBi5Xju2ER2HMgGeIVS++ps/DZyrdxPMzEZIVrCqouh9bTcLNsx2gTD
8Q==
-----END CERTIFICATE-----
Generated at Fri Jun 7 18:43:36 2024 by rpki-client on console-fra.rpki-client.org