Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/xP3Ekp7iuh7CEU4mY0UItPgXYsM.roa
File: xP3Ekp7iuh7CEU4mY0UItPgXYsM.roa (raw, json)
Hash identifier: /XKjvsHxJBS7+sgUeYPBqID/xLDCyR93mn+RHGeynGc=
Subject key identifier: C4:FD:C4:92:9E:E2:BA:1E:C2:11:4E:26:63:45:08:B4:F8:17:62:C3
Certificate issuer: /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial: 018CC86FD2E4776FBF2916A1038F833697FA
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/xP3Ekp7iuh7CEU4mY0UItPgXYsM.roa
Signing time: Tue 02 Jan 2024 04:30:20 +0000
ROA not before: Tue 02 Jan 2024 04:30:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41107
IP address blocks: 91.108.160.0/21 maxlen: 21
185.31.152.0/22 maxlen: 22
109.68.196.0/22 maxlen: 22
159.253.160.0/21 maxlen: 21
159.253.160.0/22 maxlen: 22
159.253.164.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.mft
rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:d2:e4:77:6f:bf:29:16:a1:03:8f:83:36:97:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d894365b28a082834a751a97771b791124524dec
Validity
Not Before: Jan 2 04:30:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c4fdc4929ee2ba1ec2114e26634508b4f81762c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:22:14:b6:ea:f2:d3:2d:d2:8e:f7:0c:d8:68:
86:61:88:1c:b4:b0:70:ea:7c:4b:50:47:d4:10:ef:
be:75:0b:3c:6b:2e:42:12:53:32:f4:2c:4d:e6:d8:
83:e5:e1:6b:4e:a5:ca:9e:f1:44:62:35:4a:37:9a:
4e:2a:08:81:79:8f:02:f4:8b:d1:68:f0:f1:30:1d:
ab:b6:58:62:6e:fa:0b:24:37:bc:bd:a9:c8:53:bd:
8f:44:61:9f:5d:a9:cf:91:38:fc:9b:4f:57:fb:16:
b5:02:00:55:61:84:46:76:88:bf:39:0d:dd:5c:ec:
1c:df:ec:da:a7:c1:61:95:f9:c4:06:9f:43:9f:e8:
33:84:ab:a3:5a:7a:4b:a1:a9:56:9d:a6:a6:49:13:
24:ba:7b:25:8b:3d:2e:a6:6e:79:eb:6e:16:9c:9a:
02:ed:86:d5:4a:1e:40:cc:88:b3:cf:a0:61:1b:67:
34:dd:cd:79:e4:85:6f:b0:b7:f4:2a:67:46:2e:41:
92:f4:f5:4b:8b:34:df:2d:86:df:07:c8:74:fd:88:
e9:1e:42:a1:42:3f:74:5a:a0:1a:3d:6a:00:c6:3d:
e5:90:8f:00:97:16:db:a1:71:11:65:6c:32:b4:d1:
b2:3b:30:12:40:d1:57:31:68:5d:ec:14:3e:90:62:
49:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:FD:C4:92:9E:E2:BA:1E:C2:11:4E:26:63:45:08:B4:F8:17:62:C3
X509v3 Authority Key Identifier:
keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/xP3Ekp7iuh7CEU4mY0UItPgXYsM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.160.0/21
109.68.196.0/22
159.253.160.0/21
185.31.152.0/22
Signature Algorithm: sha256WithRSAEncryption
15:88:75:56:3a:33:f1:a6:63:9e:68:d1:b2:54:3d:71:ac:4e:
46:5a:f7:e5:bb:e1:d3:26:68:8b:db:83:9d:06:3f:44:93:d4:
e8:f7:1b:8f:9a:ba:4d:2f:d0:6d:d2:80:20:72:16:c2:3c:91:
56:14:71:84:10:26:cb:7d:32:a2:f2:ae:d7:a7:97:d8:c7:0c:
09:2c:2d:a3:a4:84:00:b2:8c:71:a0:5c:b9:e4:05:a1:05:cc:
b3:5e:4c:4c:b0:50:f6:88:c1:15:6d:55:d4:2d:f9:df:2e:98:
4f:f0:79:ad:9d:fd:2a:e2:ba:b6:6a:39:8a:c1:9c:94:e9:41:
15:48:e7:47:81:9f:de:8d:d7:c5:87:82:7a:97:4b:19:09:91:
6e:cf:d8:db:c8:3a:d2:05:be:66:af:46:29:a5:10:dc:3b:da:
ac:f3:60:53:2c:bf:51:8f:e8:54:6d:a4:02:39:83:16:a5:87:
8e:48:ee:48:b8:db:8e:38:f3:aa:3a:01:49:e8:6e:47:1e:17:
b4:f1:31:74:52:b3:1d:9c:80:9d:76:7b:f7:52:f7:6d:74:d5:
a6:ba:8d:c1:cd:3d:0d:41:51:bc:a7:de:80:0c:27:57:ba:33:
dd:b2:b1:02:7c:18:20:cf:3e:a8:c6:d7:fb:b6:cd:b1:69:2b:
ac:43:cd:32
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzIb9Lkd2+/KRahA4+DNpf6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjQwMTAyMDQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGZkYzQ5MjllZTJiYTFlYzIxMTRlMjY2MzQ1MDhiNGY4MTc2MmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliIUtury0y3SjvcM2GiGYYgctLBw
6nxLUEfUEO++dQs8ay5CElMy9CxN5tiD5eFrTqXKnvFEYjVKN5pOKgiBeY8C9IvR
aPDxMB2rtlhibvoLJDe8vanIU72PRGGfXanPkTj8m09X+xa1AgBVYYRGdoi/OQ3d
XOwc3+zap8FhlfnEBp9Dn+gzhKujWnpLoalWnaamSRMkunsliz0upm55624WnJoC
7YbVSh5AzIizz6BhG2c03c155IVvsLf0KmdGLkGS9PVLizTfLYbfB8h0/YjpHkKh
Qj90WqAaPWoAxj3lkI8AlxbboXERZWwytNGyOzASQNFXMWhd7BQ+kGJJwwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMT9xJKe4roewhFOJmNFCLT4F2LDMB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEveFAzRWtwN2l1aDdDRVU0bVkwVUl0UGdYWXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDW2ygAwQC
bUTEAwQDn/2gAwQCuR+YMA0GCSqGSIb3DQEBCwUAA4IBAQAViHVWOjPxpmOeaNGy
VD1xrE5GWvflu+HTJmiL24OdBj9Ek9To9xuPmrpNL9Bt0oAgchbCPJFWFHGEECbL
fTKi8q7Xp5fYxwwJLC2jpIQAsoxxoFy55AWhBcyzXkxMsFD2iMEVbVXULfnfLphP
8Hmtnf0q4rq2ajmKwZyU6UEVSOdHgZ/ejdfFh4J6l0sZCZFuz9jbyDrSBb5mr0Yp
pRDcO9qs82BTLL9Rj+hUbaQCOYMWpYeOSO5IuNuOOPOqOgFJ6G5HHhe08TF0UrMd
nICddnv3UvdtdNWmuo3BzT0NQVG8p96ADCdXujPdsrECfBggzz6oxtf7ts2xaSus
Q80y
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:13:01 2024 by rpki-client on console-ams.rpki-client.org