Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/foBqQehkyQCC8shds9tOYxURljE.roa
File: foBqQehkyQCC8shds9tOYxURljE.roa (raw, json)
Hash identifier: /bmIgfFkSGwGIsgw/Q/h4B8iTVHE1thKAgj1Fg/drq0=
Subject key identifier: 7E:80:6A:41:E8:64:C9:00:82:F2:C8:5D:B3:DB:4E:63:15:11:96:31
Certificate issuer: /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial: 018CC6B77F9E679E41479CBB19447BA7C469
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/foBqQehkyQCC8shds9tOYxURljE.roa
Signing time: Mon 01 Jan 2024 20:29:23 +0000
ROA not before: Mon 01 Jan 2024 20:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3301
IP address blocks: 192.157.11.0/24 maxlen: 24
192.157.9.0/24 maxlen: 24
192.157.8.0/24 maxlen: 24
192.157.10.0/24 maxlen: 24
153.112.240.0/24 maxlen: 24
153.112.241.0/24 maxlen: 24
153.112.160.0/24 maxlen: 24
153.112.166.0/24 maxlen: 24
153.112.165.0/24 maxlen: 24
153.112.162.0/24 maxlen: 24
153.112.161.0/24 maxlen: 24
153.112.164.0/24 maxlen: 24
153.112.163.0/24 maxlen: 24
153.112.167.0/24 maxlen: 24
153.112.173.0/24 maxlen: 24
153.112.179.0/24 maxlen: 24
153.112.176.0/24 maxlen: 24
153.112.178.0/24 maxlen: 24
153.112.177.0/24 maxlen: 24
153.112.186.0/24 maxlen: 24
153.112.183.0/24 maxlen: 24
153.112.182.0/24 maxlen: 24
153.112.185.0/24 maxlen: 24
153.112.184.0/24 maxlen: 24
153.112.181.0/24 maxlen: 24
153.112.180.0/24 maxlen: 24
153.112.190.0/24 maxlen: 24
153.112.189.0/24 maxlen: 24
153.112.191.0/24 maxlen: 24
153.112.188.0/24 maxlen: 24
153.112.187.0/24 maxlen: 24
79.170.17.0/24 maxlen: 24
79.170.16.0/24 maxlen: 24
153.112.209.0/24 maxlen: 24
153.112.208.0/24 maxlen: 24
79.170.22.0/24 maxlen: 24
79.170.21.0/24 maxlen: 24
79.170.23.0/24 maxlen: 24
79.170.19.0/24 maxlen: 24
79.170.18.0/24 maxlen: 24
79.170.20.0/24 maxlen: 24
153.112.132.0/24 maxlen: 24
153.112.139.0/24 maxlen: 24
153.112.134.0/24 maxlen: 24
153.112.135.0/24 maxlen: 24
153.112.133.0/24 maxlen: 24
153.112.151.0/24 maxlen: 24
153.112.150.0/24 maxlen: 24
153.112.149.0/24 maxlen: 24
192.138.109.0/24 maxlen: 24
192.138.111.0/24 maxlen: 24
192.138.110.0/24 maxlen: 24
192.138.116.0/24 maxlen: 24
192.138.117.0/24 maxlen: 24
2a02:f784:20::/48 maxlen: 48
2a02:f784:30::/48 maxlen: 48
2a02:f784:8001::/48 maxlen: 48
2a02:f784:8000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 17:02:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:7f:9e:67:9e:41:47:9c:bb:19:44:7b:a7:c4:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Validity
Not Before: Jan 1 20:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7e806a41e864c90082f2c85db3db4e6315119631
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:6f:ad:f7:89:b8:11:ca:ce:e4:17:f2:a5:9a:
12:40:00:ef:e0:fe:9d:4a:8f:4b:6c:31:5d:51:fe:
77:1c:05:7a:9e:1e:7e:7a:7a:d9:c7:e2:cb:74:1b:
8a:13:e9:aa:16:d0:a5:b2:7c:62:ee:3d:7d:43:ba:
bb:4d:b3:00:d1:08:4d:79:94:9d:2b:f4:a0:6e:7b:
cf:50:0a:54:58:25:81:1e:b3:1f:8c:95:b1:79:c4:
78:a9:cf:3c:ad:cd:d6:43:0b:03:cc:77:99:eb:a1:
5e:65:33:e2:3b:84:3c:e5:9c:f5:6a:fe:7c:e2:81:
1e:d7:52:e1:2f:6a:bd:21:cc:69:84:4b:b2:37:53:
7f:db:51:4a:54:2d:7e:ae:02:64:b0:60:e9:a4:29:
8d:93:ab:22:41:d5:fb:fb:35:13:d7:96:33:ea:fd:
14:42:db:62:7d:14:9d:49:36:47:11:e0:2f:e1:71:
07:1b:9b:ae:05:75:3c:69:1a:1d:7e:99:eb:70:82:
ab:e3:a6:e8:9f:47:0c:d5:b8:0d:e6:8f:50:93:b2:
0b:e5:7c:d8:5a:e5:91:53:e1:03:52:70:c4:f0:eb:
c9:f1:45:38:69:83:dc:ab:84:b0:9d:dc:92:4d:57:
9a:fa:65:1c:0a:c0:f2:e1:1c:a4:75:9d:02:14:3a:
07:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:80:6A:41:E8:64:C9:00:82:F2:C8:5D:B3:DB:4E:63:15:11:96:31
X509v3 Authority Key Identifier:
keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/foBqQehkyQCC8shds9tOYxURljE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.170.16.0/21
153.112.132.0/22
153.112.139.0/24
153.112.149.0-153.112.151.255
153.112.160.0/21
153.112.173.0/24
153.112.176.0/20
153.112.208.0/23
153.112.240.0/23
192.138.109.0-192.138.111.255
192.138.116.0/23
192.157.8.0/22
IPv6:
2a02:f784:20::/48
2a02:f784:30::/48
2a02:f784:8000::/47
Signature Algorithm: sha256WithRSAEncryption
72:0d:53:c7:93:e7:3b:41:38:31:16:7b:fe:c6:2d:44:14:d0:
5e:8f:7a:5c:a7:dc:08:8b:3c:0f:8c:8c:5d:ec:e7:66:c3:f8:
5b:dc:f8:f7:d9:44:b4:9a:05:f4:dc:8e:cf:4b:70:02:97:a4:
bf:8f:a2:6f:2b:c8:b6:c3:56:a5:24:8a:32:19:74:c5:2c:01:
e0:6f:e4:ad:54:02:7e:ce:43:12:29:e5:e9:5b:d6:42:d7:65:
a4:ba:ec:83:e6:a5:4f:f6:69:a2:66:ba:f4:ac:58:2f:b0:1b:
38:aa:cc:65:9c:47:4e:89:08:8b:7c:64:42:b7:5f:03:58:b2:
41:42:4f:9c:9f:a3:c4:0b:5f:6c:99:de:71:d2:7c:76:09:57:
a9:8a:7d:70:92:0f:a3:74:13:84:49:d6:4a:48:29:1b:3d:5d:
c6:49:22:11:ab:2d:73:3d:1f:7f:24:8a:20:f9:62:9c:37:1e:
cc:46:ad:ff:aa:85:f6:b2:86:b1:86:82:4b:ee:00:b5:dc:51:
be:a5:a4:81:4c:0e:b3:9d:c3:bb:26:21:d1:d1:39:ef:b0:89:
bc:28:5c:76:14:39:d0:2b:15:5b:77:6d:e1:c1:e9:8d:d4:2a:
8c:61:4c:cb:4d:84:b7:64:b2:1d:83:57:07:7c:c5:2a:b3:cc:
b3:13:79:27
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYzGt3+eZ55BR5y7GUR7p8RpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTgwNmE0MWU4NjRjOTAwODJmMmM4NWRiM2RiNGU2MzE1MTE5NjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW+t94m4EcrO5BfypZoSQADv4P6d
So9LbDFdUf53HAV6nh5+enrZx+LLdBuKE+mqFtClsnxi7j19Q7q7TbMA0QhNeZSd
K/SgbnvPUApUWCWBHrMfjJWxecR4qc88rc3WQwsDzHeZ66FeZTPiO4Q85Zz1av58
4oEe11LhL2q9IcxphEuyN1N/21FKVC1+rgJksGDppCmNk6siQdX7+zUT15Yz6v0U
QttifRSdSTZHEeAv4XEHG5uuBXU8aRodfpnrcIKr46bon0cM1bgN5o9Qk7IL5XzY
WuWRU+EDUnDE8OvJ8UU4aYPcq4SwndySTVea+mUcCsDy4RykdZ0CFDoHkQIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFH6AakHoZMkAgvLIXbPbTmMVEZYxMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvZm9CcVFlaGt5UUNDOHNoZHM5dE9ZeFVSbGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzBeBAIAATBYAwQDT6oQ
AwQCmXCEAwQAmXCLMAwDBACZcJUDBAOZcJADBAOZcKADBACZcK0DBASZcLADBAGZ
cNADBAGZcPAwDAMEAMCKbQMEBMCKYAMEAcCKdAMEAsCdCDAhBAIAAjAbAwcAKgL3
hAAgAwcAKgL3hAAwAwcBKgL3hIAAMA0GCSqGSIb3DQEBCwUAA4IBAQByDVPHk+c7
QTgxFnv+xi1EFNBej3pcp9wIizwPjIxd7Odmw/hb3Pj32US0mgX03I7PS3ACl6S/
j6JvK8i2w1alJIoyGXTFLAHgb+StVAJ+zkMSKeXpW9ZC12WkuuyD5qVP9mmiZrr0
rFgvsBs4qsxlnEdOiQiLfGRCt18DWLJBQk+cn6PEC19smd5x0nx2CVepin1wkg+j
dBOESdZKSCkbPV3GSSIRqy1zPR9/JIog+WKcNx7MRq3/qoX2soaxhoJL7gC13FG+
paSBTA6zncO7JiHR0TnvsIm8KFx2FDnQKxVbd23hwemN1CqMYUzLTYS3ZLIdg1cH
fMUqs8yzE3kn
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:12:15 2024 by rpki-client on console-ams.rpki-client.org