Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/ocQhQAOzwquLn2u6aNKByDtPAvo.roa
File: ocQhQAOzwquLn2u6aNKByDtPAvo.roa (raw, json)
Hash identifier: Q59f/FnxYQT8dTD8yyT4m44d23F4QXEU/akMQwdZl2M=
Subject key identifier: A1:C4:21:40:03:B3:C2:AB:8B:9F:6B:BA:68:D2:81:C8:3B:4F:02:FA
Certificate issuer: /CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Certificate serial: 019034A97325DC395240CC46FCE760A85389
Authority key identifier: C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/ocQhQAOzwquLn2u6aNKByDtPAvo.roa
Signing time: Thu 20 Jun 2024 08:00:38 +0000
ROA not before: Thu 20 Jun 2024 08:00:38 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206610
IP address blocks: 78.111.128.0/20 maxlen: 24
92.119.100.0/24 maxlen: 24
92.119.101.0/24 maxlen: 24
92.119.102.0/24 maxlen: 24
92.119.103.0/24 maxlen: 24
185.104.168.0/22 maxlen: 24
185.173.180.0/22 maxlen: 24
2a0b:b880::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl
rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.mft
rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:34:a9:73:25:dc:39:52:40:cc:46:fc:e7:60:a8:53:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Validity
Not Before: Jun 20 08:00:38 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a1c4214003b3c2ab8b9f6bba68d281c83b4f02fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:49:c3:f7:a4:a7:cb:3c:24:c7:00:5d:4e:05:
1a:62:4a:eb:da:3d:49:41:bf:2b:54:53:e3:a6:4c:
32:13:5f:9c:ec:23:0e:27:4e:b0:cc:d7:2b:02:f3:
5a:1d:ea:25:3c:94:24:03:61:07:32:91:54:c4:c2:
85:20:bc:38:54:4e:0d:bd:ed:e9:d1:21:6f:e5:99:
05:29:3b:26:18:63:9b:54:f6:a3:8e:0a:09:e4:f6:
15:8d:00:0c:56:ec:a5:6a:3f:28:16:06:74:0e:f1:
bd:01:9a:b5:11:ab:92:5b:39:f9:85:3d:1e:83:e5:
a4:ae:f6:5f:59:62:f2:d7:49:20:d6:01:af:d8:97:
bb:02:09:16:4e:32:c9:1e:d1:ce:d1:10:69:52:ba:
8f:13:63:4b:d0:e1:63:02:66:bf:d2:d7:1e:93:a8:
78:5d:34:18:64:46:f6:3b:42:e9:00:b2:74:e4:17:
c5:da:5d:77:49:9b:bc:d8:88:65:ed:07:34:48:b0:
e3:3a:8c:ee:e9:37:97:9b:43:84:b4:37:d9:8d:6a:
d0:d2:a3:a1:0a:ff:36:0b:db:05:d4:d0:4a:97:76:
41:30:f6:09:2b:02:fe:c4:51:69:8d:e3:68:f6:4d:
f0:ea:46:a6:78:20:2d:f9:3e:0d:49:52:dc:6c:c9:
0c:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:C4:21:40:03:B3:C2:AB:8B:9F:6B:BA:68:D2:81:C8:3B:4F:02:FA
X509v3 Authority Key Identifier:
keyid:C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/ocQhQAOzwquLn2u6aNKByDtPAvo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.111.128.0/20
92.119.100.0/22
185.104.168.0/22
185.173.180.0/22
IPv6:
2a0b:b880::/29
Signature Algorithm: sha256WithRSAEncryption
1c:d2:41:35:91:7f:53:bc:c2:36:8c:62:7e:93:14:a6:67:39:
15:76:73:67:50:9a:78:1f:78:c9:18:3f:29:be:97:4e:2a:b2:
ca:30:68:58:83:f9:0f:fc:8e:24:60:cf:39:4c:30:74:65:37:
95:e0:52:21:03:58:cd:bb:50:a1:52:20:60:d8:ec:8b:5c:4c:
92:7b:93:60:3d:28:3b:78:2a:3d:4f:62:30:75:7e:70:9e:1d:
ad:59:72:75:db:9f:58:4e:86:4f:37:d4:9e:f7:4c:5e:6f:b9:
f0:7c:72:fe:ca:4a:00:82:fe:28:0c:36:e7:86:28:14:20:50:
88:92:18:54:e5:f2:bd:70:13:eb:d1:26:c0:a4:3f:97:1d:ca:
2a:4a:fd:86:35:92:08:b1:1c:e3:84:ba:64:50:bf:2d:a0:1d:
e8:0d:b3:8f:92:24:e5:40:10:7f:aa:06:12:62:f9:03:c9:23:
44:4a:74:5f:c7:aa:0f:d6:e8:37:e6:ef:42:58:8a:b8:87:82:
4c:3c:28:34:06:a7:6b:32:00:3e:5f:51:dc:84:39:d2:b6:ac:
c6:b4:1b:87:b6:04:48:a6:25:2b:c5:3f:2a:13:7d:77:f7:dc:
38:09:9a:0a:1b:2a:cb:66:ca:d4:e5:d4:1d:b5:16:0b:27:6e:
48:09:18:8c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZA0qXMl3DlSQMxG/OdgqFOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NTNmNWUyMzA0MjBiYzRhNzBkMGE2MWRlM2I0N2RjZGEx
YThkMGUwHhcNMjQwNjIwMDgwMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWM0MjE0MDAzYjNjMmFiOGI5ZjZiYmE2OGQyODFjODNiNGYwMmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EnD96SnyzwkxwBdTgUaYkrr2j1J
Qb8rVFPjpkwyE1+c7CMOJ06wzNcrAvNaHeolPJQkA2EHMpFUxMKFILw4VE4Nve3p
0SFv5ZkFKTsmGGObVPajjgoJ5PYVjQAMVuylaj8oFgZ0DvG9AZq1EauSWzn5hT0e
g+WkrvZfWWLy10kg1gGv2Je7AgkWTjLJHtHO0RBpUrqPE2NL0OFjAma/0tcek6h4
XTQYZEb2O0LpALJ05BfF2l13SZu82Ihl7Qc0SLDjOozu6TeXm0OEtDfZjWrQ0qOh
Cv82C9sF1NBKl3ZBMPYJKwL+xFFpjeNo9k3w6kameCAt+T4NSVLcbMkMmQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKHEIUADs8Kri59rumjSgcg7TwL6MB8GA1UdIwQY
MBaAFMRT9eIwQgvEpw0KYd47R9zaGo0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1Njkt
ZTZjZjE3Y2RkYTRmLzEvb2NRaFFBT3p3cXVMbjJ1NmFOS0J5RHRQQXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1NjktZTZjZjE3Y2RkYTRm
LzEveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQETm+AAwQC
XHdkAwQCuWioAwQCua20MA0EAgACMAcDBQMqC7iAMA0GCSqGSIb3DQEBCwUAA4IB
AQAc0kE1kX9TvMI2jGJ+kxSmZzkVdnNnUJp4H3jJGD8pvpdOKrLKMGhYg/kP/I4k
YM85TDB0ZTeV4FIhA1jNu1ChUiBg2OyLXEySe5NgPSg7eCo9T2IwdX5wnh2tWXJ1
259YToZPN9Se90xeb7nwfHL+ykoAgv4oDDbnhigUIFCIkhhU5fK9cBPr0SbApD+X
HcoqSv2GNZIIsRzjhLpkUL8toB3oDbOPkiTlQBB/qgYSYvkDySNESnRfx6oP1ug3
5u9CWIq4h4JMPCg0BqdrMgA+X1HchDnStqzGtBuHtgRIpiUrxT8qE31399w4CZoK
GyrLZsrU5dQdtRYLJ25ICRiM
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:55:52 2024 by rpki-client on console-ams.rpki-client.org